docker常用命令总结
1.1 docker 命令帮助
docker 命令是最常使用的docker 客户端命令,其后面可以加不同的参数以实现不同的功能
docker 命令格式docker 命令有很多子命令,可以用下面方法查看帮助1.2 查看 Docker 相关信息
1.2.1 查看 docker 版本
1.2.2 查看 docker 详解信息
范例: 解决上述SWAP报警提示
官方文档: https://docs.docker.com/install/linux/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities1.3 镜像管理命令
1.3.1 搜索镜像
官网: http://hub.docker.com
在官方的docker 仓库中搜索指定名称的docker镜像,也会有很多三方镜像。
执行docker search命令进行搜索
格式如下:范例: 选择性的查找镜像1.3.2 下载镜像
从 docker 仓库将镜像下载到本地,命令格式如下:镜像下载保存的路径: /var/lib/docker/overlay2/镜像ID
注意: 镜像下载完成后,会自动解压缩,比官网显示的可能会大很多1.3.3 查看本地镜像
docker images 可以查看下载至本地的镜像
格式:执行结果的显示信息说明:Repository仓库
利用docker save命令可以将从本地镜像导出为一个打包 tar文件,然后复制到其他服务器进行导入使用
格式:常见用法:范例: 导出指定镜像范例: 导出所有镜像至不同的文件中范例:导出所有镜像到一个打包文件1.3.5 镜像导入
利用docker load命令可以将镜像导出的打包或压缩文件再导入
格式:常见用法:范例: 镜像导入面试题: 将一台主机的所有镜像传到另一台主机1.3.6 删除镜像
docker rmi 命令可以删除本地镜像
格式范例:强制删除正在使用的镜像,也会删除对应的容器
范例: 删除所有镜像1.3.7 镜像打标签
docker tag 可以给镜像打标签,类似于起别名,但通常要遵守一定的命名规范,才可以上传到指定的仓库
格式TAG默认为latest
范例总结: 企业使用镜像及常见操作: 搜索、下载、导出、导入、删除
命令总结:1.4 容器操作基础命令
容器相关命令1.4.1 启动容器
docker run 可以启动容器,进入到容器,并随机生成容器ID和名称。docker run等价于docker pull + docker start
帮助: man docker run
命令格式:--restart 可以指定四种不同的policy
注意: 容器启动后,如果容器内没有前台运行的进程,将自动退出停止
从容器内退出,并停止容器:从容器内退出,且容器不停止:范例:启动后台守护并指定运行容器的名字范例: 一次性运行容器中命令范例: 运行交互式容器并退出
退出两种方式:
1.4.2 查看容器信息
1.4.2.1 显示当前存在容器
格式:范例:范例:显示指定状态的容器1.4.2.2 查看容器内的进程
范例:1.4.2.3 查看容器资源使用情况
范例:范例:限制内存使用大小1.4.2.4 查看容器的详细信息
docker inspect 可以查看docker各种对象的详细信息,包括:镜像,容器,网络等范例:范例:选择性查看1.4.3 删除容器
docker rm 可以删除容器,即使容器正在运行当中,也可以被强制删除掉
格式范例:范例: 删除指定状态的容器1.4.4 容器的启动和停止
格式批量正常启动或关闭所有容器范例范例: 启动并进入容器范例: 暂停和恢复容器1.4.5 给正在运行的容器发信号
docker kill 可以给容器发信号,默认号SIGKILL,即9信号
格式范例:1.4.6 进入正在运行的容器
1.4.6.1 使用attach命令
docker attach 容器名,attach 类似于vnc,操作会在同一个容器的多个会话界面同步显示,所有使用此方式进入容器的操作都是同步显示的,且使用exit退出后容器自动关闭,不推荐使用,需要进入到有shell环境的容器
格式:1.4.6.2 使用exec命令
在运行中的容器启动新进程,可以执行单次命令,以及进入容器
测试环境使用此方式,使用exit退出,但容器还在运行,此为推荐方式
格式:范例:1.4.7 暴露所有容器端口
容器启动后,默认处于预定义的NAT网络中,所以外部网络的主机无法直接访问容器中网络服务
docker run -P 可以将事先容器预定义的所有端口映射宿主机的网卡的随机端口,默认从32768开始
使用随机端口 时,当停止容器后再启动可能会导致端口发生变化范例docker port 可以查看容器的端口映射关系
格式范例端口映射的本质就是利用NAT技术实现的
1.4.8 指定端口映射
docker run -p 可以将容器的预定义的指定端口映射到宿主机的相应端口
注意: 多个容器映射到宿主机的端口不能冲突,但容器内使用的端口可以相同
方式1: 容器80端口映射宿主机本地随机端口方式2: 容器80端口映射到宿主机本地端口81方式3: 宿主机本地IP:宿主机本地端口:容器端口方式4: 宿主机本地IP:宿主机本地随机端口:容器端口,默认从32768开始方式5: 宿主机本机ip:宿主机本地端口:容器端口/协议,默认为tcp协议方式6: 一次性映射多个端口+协议范例:实战案例: 修改已经创建的容器的端口映射关系范例:实现wordpress应用
1.4.9 查看容器的日志
docker logs 可以查看容器中运行的进程在控制台输出的日志信息
格式范例:1.4.10 传递运行命令
容器需要有一个前台运行的进程才能保持容器的运行,通过传递运行参数是一种方式,另外也可以在构
建镜像的时候指定容器启动时运行的前台命令
容器里的PID为1的守护进程的实现方式
1.4.11 容器内和宿主机之间复制文件
范例:1.5 Docker镜像制作和管理命令
Docker的镜像制作分为手动制作(基于容器)和自动制作(基于DockerFile),企业通常都是基于Dockerfile制作镜像1.5.1 docker commit 手动构建镜像
1.5.1.1 基于容器手动制作镜像步骤
docker commit 格式基于容器手动制作镜像步骤具体如下:
1.5.2 利用 DockerFile 文件执行 docker build 自动构建镜像
1.5.2.1 Dockerfile 文件格式
Dockerfile 是一个有特定语法格式的文本文件
dockerfile 官方说明: https://docs.docker.com/engine/reference/builder/
帮助: man 5 dockerfile
Dockerfile 文件说明
dockerfile 文件中的常见指令:
docker 命令是最常使用的docker 客户端命令,其后面可以加不同的参数以实现不同的功能
docker 命令格式
- docker [OPTIONS] COMMAND
- COMMAND分为
- Management Commands #指定管理的资源对象类型,较新的命令用法,将命令按资源类型进行分类,方便使用
- Commands #对不同资源操作的命令不分类,使用容易产生混乱
- #docker 命令帮助
- man docker
- docker
- docker --help
- #docker 子命令帮助
- man docker-COMMAND
- docker COMMAND --help
1.2.1 查看 docker 版本
- root@rocky8 ~]$ docker version
- Client: Docker Engine - Community
- Version: 19.03.15
- API version: 1.40
- Go version: go1.13.15
- Git commit: 99e3ed8919
- Built: Sat Jan 30 03:16:44 2021
- OS/Arch: linux/amd64
- Experimental: false
- Server: Docker Engine - Community
- Engine:
- Version: 19.03.15
- API version: 1.40 (minimum version 1.12)
- Go version: go1.13.15
- Git commit: 99e3ed8919
- Built: Sat Jan 30 03:15:19 2021
- OS/Arch: linux/amd64
- Experimental: false
- containerd:
- Version: 1.6.15
- GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
- runc:
- Version: 1.1.4
- GitCommit: v1.1.4-0-g5fd4c4d
- docker-init:
- Version: 0.18.0
- GitCommit: fec3683
- [root@ubuntu1804 ~]$ docker info
- Client:
- Debug Mode: false #client 端是否开启 debug
- Server:
- Containers: 2 #当前主机运行的容器总数
- Running: 0 #有几个容器是正在运行的
- Paused: 0 #有几个容器是暂停的
- Stopped: 2 #有几个容器是停止的
- Images: 4 #当前服务器的镜像数
- Server Version: 19.03.5 #服务端版本
- Storage Driver: overlay2 #正在使用的存储引擎
- Backing Filesystem: extfs #后端文件系统,即服务器的磁盘文件系统
- Supports d_type: true #是否支持 d_type
- Native Overlay Diff: true #是否支持差异数据存储
- Logging Driver: json-file #日志类型
- Cgroup Driver: cgroupfs #Cgroups 类型
- Plugins: #插件
- Volume: local #卷
- Network: bridge host ipvlan macvlan null overlay # overlay 跨主机通信
- Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog # 日志类型
- Swarm: inactive #是否支持 swarm
- Runtimes: runc #已安装的容器运行时
- Default Runtime: runc #默认使用的容器运行时
- Init Binary: docker-init #初始化容器的守护进程,即 pid 为 1 的进程
- containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 #版本
- runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 #runc 版本
- init version: fec3683 #init 版本
- Security Options: #安全选项
- apparmor #安全模块,https://docs.docker.com/engine/security/apparmor/
- seccomp #安全计算模块,即制容器操作,https://docs.docker.com/engine/security/seccomp/
- Profile: default #默认的配置文件
- Kernel Version: 4.15.0-29-generic #宿主机内核版本
- Operating System: Ubuntu 18.04.1 LTS #宿主机操作系统
- OSType: linux #宿主机操作系统类型
- Architecture: x86_64 #宿主机架构
- CPUs: 1 #宿主机 CPU 数量
- Total Memory: 962MiB #宿主机总内存
- Name: ubuntu1804.wang.org #宿主机 hostname
- ID: IZHJ:WPIN:BRMC:XQUI:VVVR:UVGK:NZBM:YQXT:JDWB:33RS:45V7:SQWJ #宿主机 ID
- Docker Root Dir: /var/lib/docker #宿主机关于docker数据的保存目录
- Debug Mode: false #server 端是否开启 debug
- Registry: https://index.docker.io/v1/ #仓库路径
- Labels:
- Experimental: false #是否测试版
- Insecure Registries:
- 127.0.0.0/8 : #非安全的镜像仓库
- Registry Mirrors:
- https://si7y70hh.mirror.aliyuncs.com/ #镜像仓库
- Live Restore Enabled: false #是否开启活动重启 (重启docker-daemon 不关闭容器 )
- WARNING: No swap limit support #系统警告信息 (没有开启 swap 资源限制 )
官方文档: https://docs.docker.com/install/linux/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities
- [root@ubuntu1804 ~]# vim /etc/default/grub
- GRUB_DEFAULT=0
- GRUB_TIMEOUT_| echo Debian`
- GRUB_CMDLINE_LINUX_DEFAULT=""
- GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 swapaccount=1" #修改此行
- [root@ubuntu1804 ~]# update-grub
- [root@ubuntu1804 ~]# reboot
1.3.1 搜索镜像
官网: http://hub.docker.com
在官方的docker 仓库中搜索指定名称的docker镜像,也会有很多三方镜像。
执行docker search命令进行搜索
格式如下:
- Usage: docker search [OPTIONS] TERM
- Options:
- -f, --filter filter Filter output based on conditions provided
- --format string Pretty-print search using a Go template
- --limit int Max number of search results (default 25)
- --no-trunc Don't truncate output
- 说明:
- OFFICIAL: 官方
- AUTOMATED: 使用第三方docker服务来帮助编译镜像,可以在互联网上面直接拉取到镜像,减少了繁琐的编译过程
- #搜索点赞100个以上的镜像
- root@rocky8 ~]$ docker search --filter=stars=100 centos
- NAME DESCRIPTION STARS OFFICIAL AUTOMATED
- centos DEPRECATED; The official build of CentOS. 7461 [OK]
从 docker 仓库将镜像下载到本地,命令格式如下:
- docker pull [OPTIONS] NAME[:TAG|@DIGEST]
- Options:
- -a, --all-tags Download all tagged images in the repository
- --disable-content-trust Skip image verification (default true)
- --platform string Set platform if server is multi-platform capable
- -q, --quiet Suppress verbose output
- NAME: 是镜像名,一般的形式 仓库服务器:端口/项目名称/镜像名称
- :TAG: 即版本号,如果不指定:TAG,则下载最新版镜像
注意: 镜像下载完成后,会自动解压缩,比官网显示的可能会大很多
- docker pull rockylinux:9-minimal
- docker pull ubuntu:focal-20221130
docker images 可以查看下载至本地的镜像
格式:
- docker images [OPTIONS] [REPOSITORY[:TAG]]
- docker image ls [OPTIONS] [REPOSITORY[:TAG]]
- #常用选项:
- -q, --quiet Only show numeric IDs
- -a, --all Show all images (default hides intermediate images)
- --digests Show digests
- --no-trunc Don't truncate output
- -f, --filter filter Filter output based on conditions provided
- --format string Pretty-print images using a Go template
- REPOSITORY #镜像所属的仓库名称
- TAG #镜像版本号(标识符),默认为latest
- IMAGE ID #镜像唯一ID标识,如果ID相同,说明是同一个镜像有多个名称
- CREATED #镜像在仓库中被创建时间
- SIZE #镜像的大小
- 由某特定的docker镜像的所有迭代版本组成的镜像仓库一个Registry中可以存在多个RepositoryRepository可分为“顶层仓库”和“用户仓库”Repository用户仓库名称一般格式为“用户名/仓库名”每个Repository仓库可以包含多个Tag(标签),每个标签对应一个镜像
利用docker save命令可以将从本地镜像导出为一个打包 tar文件,然后复制到其他服务器进行导入使用
格式:
- docker save [OPTIONS] IMAGE [IMAGE...]
- Options:
- -o, --output string Write to a file, instead of STDOUT
- #说明:
- Docker save 使用IMAGE ID导出,在导入后的镜像没有REPOSITORY和TAG,显示为<none>
- docker save -o /path/file.tar IMAGE1 IMAGE2 ...
- docker save IMAGE1 IMAGE2 ... > /path/file.tar
- [root@rocky8 ~]$ docker save alpine:latest -o alpine.tar
- [root@rocky8 ~]$ scp alpine.tar 10.0.0.100:
- [root@rocky8 ~]$ docker images | awk 'NR!=1{print $1,$2}'|while read repo tag;do docker save $repo:$tag -o /opt/$repo-$tag.tar;done
- [root@rocky8 ~]$ ll /opt/*.tar
- -rw------- 1 root root 7347200 Jan 13 20:04 /opt/alpine-latest.tar
- -rw------- 1 root root 24064 Jan 13 20:04 /opt/hello-world-latest.tar
- -rw------- 1 root root 145905152 Jan 13 20:04 /opt/nginx-latest.tar
- -rw------- 1 root root 121435136 Jan 13 20:04 /opt/rockylinux-9-minimal.tar
- -rw------- 1 root root 75167744 Jan 13 20:04 /opt/ubuntu-focal-20221130.tar
- #方法1: 使用image ID导出镜像,在导入后的镜像没有REPOSITORY和TAG,显示为<none>
- docker save `docker images -qa` -o /opt/all.tar
- #方法2:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
- docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
- #方法3:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
- docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
利用docker load命令可以将镜像导出的打包或压缩文件再导入
格式:
- docker load [OPTIONS]
- #选项
- -i, --input string Read from tar archive file, instead of STDIN
- -q, --quiet Suppress the load output
- docker load -i /path/file.tar
- docker load < /path/file.tar
- [root@ubuntu2004 ~]$ docker load -i alpine.tar
- 8e012198eea1: Loading layer 7.338MB/7.338MB
- Loaded image: alpine:latest
- [root@ubuntu2004 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- #方法1:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
- [root@rocky8 ~]$ docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
- [root@ubuntu2004 ~]$ docker load < all-tags.tar
- [root@ubuntu2004 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
- ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
- nginx latest 605c77e624dd 12 months ago 141MB
- hello-world latest feb5d9fea6a5 15 months ago 13.3kB
- #方法2:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
- [root@rocky8 ~]$ docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
- [root@ubuntu2004 ~]$ docker load < all-tags.tar
- [root@ubuntu2004 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
- ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
- nginx latest 605c77e624dd 12 months ago 141MB
- hello-world latest feb5d9fea6a5 15 months ago 13.3kB
docker rmi 命令可以删除本地镜像
格式
- docker rmi [OPTIONS] IMAGE [IMAGE...]
- docker image rm [OPTIONS] IMAGE [IMAGE...]
- #选项:
- -f, --force Force removal of the image
- --no-prune Do not delete untagged parents
- [root@ubuntu2004 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
- ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
- nginx latest 605c77e624dd 12 months ago 141MB
- hello-world latest feb5d9fea6a5 15 months ago 13.3kB
- #删除镜像
- [root@ubuntu2004 ~]$ docker rmi ubuntu:focal-20221130
- Untagged: ubuntu:focal-20221130
- Deleted: sha256:d5447fc01ae62c20beffbfa50bc51b2797f9d7ebae031b8c2245b5be8ff1c75b
- Deleted: sha256:0002c93bdb3704dd9e36ce5153ef637f84de253015f3ee330468dccdeacad60b
- [root@ubuntu2004 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
- nginx latest 605c77e624dd 12 months ago 141MB
- hello-world latest feb5d9fea6a5 15 months ago 13.3kB
范例: 删除所有镜像
- [root@ubuntu2004 ~]$ docker rmi $(docker images -q)
docker tag 可以给镜像打标签,类似于起别名,但通常要遵守一定的命名规范,才可以上传到指定的仓库
格式
- docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
- #TARGET_IMAGE[:TAG]格式一般形式
- 仓库主机FQDN或IP[:端口]/项目名(或用户名)/image名字:版本
范例
- [root@rocky8 ~]$ docker tag rockylinux:9-minimal harbor.yanlinux.org:80/k8s/rockylinux:9
- [root@rocky8 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- alpine latest 042a816809aa 3 days ago 7.05MB
- harbor.yanlinux.org:80/k8s/rockylinux 9 c50e7a3e6f7f 3 weeks ago 118MB
- rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
- ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
- nginx latest 605c77e624dd 12 months ago 141MB
- hello-world latest feb5d9fea6a5 15 months ago 13.3kB
- #然后就可以将镜像传到仓库中
- [root@rocky8 ~]$ docker push harbor.yanlinux.org:80/k8s/rockylinux:9
命令总结:
- docker search centos #搜索镜像
- docker pull alpine #拉取镜像
- docker images #查看本地所有镜像
- docker save > /opt/centos.tar #导出镜像
- docker load -i /opt/centos.tar #导入本地镜像
- docker rmi 镜像ID/镜像名称 #删除指定ID的镜像,此镜像对应容器正启动镜像不能被删除,除非将容器全部关闭
容器相关命令
- [root@rocky8 ~]$ docker container
- Usage: docker container COMMAND
- Manage containers
- Commands:
- attach Attach local standard input, output, and error streams to a running container
- commit Create a new image from a container's changes
- cp Copy files/folders between a container and the local filesystem
- create Create a new container
- diff Inspect changes to files or directories on a container's filesystem
- exec Run a command in a running container
- export Export a container's filesystem as a tar archive
- inspect Display detailed information on one or more containers
- kill Kill one or more running containers
- logs Fetch the logs of a container
- ls List containers
- pause Pause all processes within one or more containers
- port List port mappings or a specific mapping for the container
- prune Remove all stopped containers
- rename Rename a container
- restart Restart one or more containers
- rm Remove one or more containers
- run Run a command in a new container
- start Start one or more stopped containers
- stats Display a live stream of container(s) resource usage statistics
- stop Stop one or more running containers
- top Display the running processes of a container
- unpause Unpause all processes within one or more containers
- update Update configuration of one or more containers
- wait Block until one or more containers stop, then print their exit codes
docker run 可以启动容器,进入到容器,并随机生成容器ID和名称。docker run等价于docker pull + docker start
帮助: man docker run
命令格式:
- docker run [选项] [镜像名] [shell命令] [参数]
- #选项:
- -i, --interactive Keep STDIN open even if not attached,通常和-t一起使用
- -t, --tty 分配pseudo-TTY,通常和-i一起使用,注意对应的容器必须运行shell才支持进入
- -d, --detach Run container in background and print container ID,台后运行,默认前台
- --name string Assign a name to the container
- --h, --hostname string Container host name
- --rm Automatically remove the container when it exits
- -p, --publish list Publish a container's port(s) to the host
- -P, --publish-all Publish all exposed ports to random ports
- --dns list Set custom DNS servers
- --entrypoint string Overwrite the default ENTRYPOINT of the image
- --restart policy
- --privileged Give extended privileges to container
- -e, --env=[] Set environment variables
- --env-file=[] Read in a line delimited file of environment variables
POLICY | 说明 |
no | 默认no,容器退出后不自动重启 |
on-failure[:max-retries] | 仅当容器以非零退出状态退出时,才重新启动。(可选)限制 Docker 守护程序尝试的重新启动重试次数。 |
always | 无论退出状态如何,始终重新启动容器。如果指定始终,Docker 守护程序将无限期地尝试重新启动容器。容器也将始终在守护程序启动时启动,无论容器的当前状态如何。利用此选项可以实现自动启动容器 |
unless-stopped | 无论退出状态如何,始终重新启动容器,但如果容器之前已进入停止状态,则不要在守护程序启动时启动它。 |
从容器内退出,并停止容器:
- exit
- ctrl+p+q
- [root@rocky8 ~]$ docker run -d --name web01 nginx
- [root@rocky8 ~]$ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- b0b9221c09a9 nginx "/docker-entrypoint.…" 5 seconds ago Up 5 seconds 80/tcp web01
- [root@rocky8 ~]$ docker run alpine cat /etc/issue
- Welcome to Alpine Linux 3.17
- Kernel \r on an \m (\l)
- [root@rocky8 ~]$ docker run alpine du -sh /
- 7.0M /
退出两种方式:
- exit 容器也停止按ctrl+p+q 容器不停止
- [root@rocky8 ~]$ docker run -it alpine sh
- / # ls
- bin etc lib mnt proc run srv tmp var
- dev home media opt root sbin sys usr
- / # cat /etc/issue
- Welcome to Alpine Linux 3.17
- Kernel \r on an \m (\l)
- #查看容器是在运行
- [root@rocky8 ~]$ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- bad7e7c5ef39 alpine "sh" 7 seconds ago Up 7 seconds angry_knuth
- #现在在容器中执行退出
- / # exit
- #查看容器是否运行
- [root@rocky8 ~]$ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- ##另外一种退出容器的方法
- ##ctrl+p+q
- / # [22:13:43 root@rocky8 ~]$ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 2bae444f9796 alpine "sh" 51 seconds ago Up 51 seconds nifty_davinci
- #这种情况相当于临时从容器中出来,还可以利用以下命令进入进去
- [root@rocky8 ~]$ docker exec -it 2bae444f9796 sh
- / #
1.4.2.1 显示当前存在容器
格式:
- docker ps [OPTIONS]
- docker container ls [OPTIONS]
- 选项:
- -a, --all Show all containers (default shows just running)
- -q, --quiet Only display numeric IDs
- -s, --size Display total file sizes
- -f, --filter filter Filter output based on conditions provided
- -l, --latest Show the latest created container (includes all states)
- -n, --last int Show n last created containers (includes all states)(default -1)
- #显示正在运行的容器
- [root@rocky8 ~]$ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
- #显示全部容器,包括退出状态的容器
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
- 69cb07c29477 nginx "/docker-entrypoint.…" 4 minutes ago Exited (0) 4 minutes ago web01
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
- #只显示容器ID
- [root@rocky8 ~]$ docker ps -aq
- d5bc9651615e
- 69cb07c29477
- 3d9a0cbfa238
- #显示容器大小
- [root@rocky8 ~]$ docker ps -s
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
- d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02 1.09kB (virtual 141MB)
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie 2B (virtual 1GB)
- #显示最新创建的容器
- root@rocky8 ~]$ docker ps -l
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02
- [root@rocky8 ~]$ docker ps -f "status=exited"
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 69cb07c29477 nginx "/docker-entrypoint.…" 9 minutes ago Exited (0) 9 minutes ago web01
- docker top CONTAINER [ps OPTIONS]
- root@rocky8 ~]$ docker top web02
- UID PID PPID C STIME TTY TIME CMD
- root 2483 2468 0 12:42 ? 00:00:00 nginx: master process nginx -g daemon off;
- 101 2534 2483 0 12:42 ? 00:00:00 nginx: worker process
- 101 2535 2483 0 12:42 ? 00:00:00 nginx: worker process
- docker stats [OPTIONS] [CONTAINER...]
- Display a live stream of container(s) resource usage statistics
- Options:
- -a, --all Show all containers (default shows just running)
- --format string Pretty-print images using a Go template
- --no-stream Disable streaming stats and only pull the first result
- --no-trunc Do not truncate output
- root@rocky8 ~]$ docker stats web02
- CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
- d5bc9651615e web02 0.00% 3.434MiB / 1.748GiB 0.19% 1.01kB / 0B 410kB / 25.6kB 3
- [root@ubuntu1804 ~]#docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx128m" elasticsearch:7.6.2
- [root@ubuntu1804 ~]#docker stats
- CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK PIDS
- 29282e91d773 elasti254.23310.5MiB / 1.924GiB 15.76% 766B / 0B 766kB /46kB 22
docker inspect 可以查看docker各种对象的详细信息,包括:镜像,容器,网络等
- docker inspect [OPTIONS] NAME|ID [NAME|ID...]
- Options:
- -f, --format string Format the output using the given Go template
- -s, --size Display total file sizes if the type is container
- root@rocky8 ~]$ docker inspect web02
- [
- {
- "Id": "d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6",
- "Created": "2023-01-16T04:42:40.652945855Z",
- "Path": "/docker-entrypoint.sh",
- "Args": [
- "nginx",
- "-g",
- "daemon off;"
- ],
- "State": {
- "Status": "running",
- "Running": true,
- "Paused": false,
- "Restarting": false,
- "OOMKilled": false,
- "Dead": false,
- "Pid": 2483,
- "ExitCode": 0,
- "Error": "",
- "StartedAt": "2023-01-16T04:42:40.939507921Z",
- "FinishedAt": "0001-01-01T00:00:00Z"
- },
- "Image": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
- "ResolvConfPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/resolv.conf",
- "HostnamePath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hostname",
- "HostsPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hosts",
- "LogPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6-json.log",
- "Name": "/web02",
- "RestartCount": 0,
- "Driver": "overlay2",
- "Platform": "linux",
- "MountLabel": "",
- "ProcessLabel": "",
- "AppArmorProfile": "",
- "ExecIDs": null,
- "HostConfig": {
- "Binds": null,
- "ContainerIDFile": "",
- "LogConfig": {
- "Type": "json-file",
- "Config": {}
- },
- "NetworkMode": "default",
- "PortBindings": {},
- "RestartPolicy": {
- "Name": "no",
- "MaximumRetryCount": 0
- },
- "AutoRemove": false,
- "VolumeDriver": "",
- "VolumesFrom": null,
- "CapAdd": null,
- "CapDrop": null,
- "Capabilities": null,
- "Dns": [],
- "DnsOptions": [],
- "DnsSearch": [],
- "ExtraHosts": null,
- "GroupAdd": null,
- "IpcMode": "private",
- "Cgroup": "",
- "Links": null,
- "OomScoreAdj": 0,
- "PidMode": "",
- "Privileged": false,
- "PublishAllPorts": false,
- "ReadonlyRootfs": false,
- "SecurityOpt": null,
- "UTSMode": "",
- "UsernsMode": "",
- "ShmSize": 67108864,
- "Runtime": "runc",
- "ConsoleSize": [
- 0,
- 0
- ],
- "Isolation": "",
- "CpuShares": 0,
- "Memory": 0,
- "NanoCpus": 0,
- "CgroupParent": "",
- "BlkioWeight": 0,
- "BlkioWeightDevice": [],
- "BlkioDeviceReadBps": null,
- "BlkioDeviceWriteBps": null,
- "BlkioDeviceReadIOps": null,
- "BlkioDeviceWriteIOps": null,
- "CpuPeriod": 0,
- "CpuQuota": 0,
- "CpuRealtimePeriod": 0,
- "CpuRealtimeRuntime": 0,
- "CpusetCpus": "",
- "CpusetMems": "",
- "Devices": [],
- "DeviceCgroupRules": null,
- "DeviceRequests": null,
- "KernelMemory": 0,
- "KernelMemoryTCP": 0,
- "MemoryReservation": 0,
- "MemorySwap": 0,
- "MemorySwappiness": null,
- "OomKillDisable": false,
- "PidsLimit": null,
- "Ulimits": null,
- "CpuCount": 0,
- "CpuPercent": 0,
- "IOMaximumIOps": 0,
- "IOMaximumBandwidth": 0,
- "MaskedPaths": [
- "/proc/asound",
- "/proc/acpi",
- "/proc/kcore",
- "/proc/keys",
- "/proc/latency_stats",
- "/proc/timer_list",
- "/proc/timer_stats",
- "/proc/sched_debug",
- "/proc/scsi",
- "/sys/firmware"
- ],
- "ReadonlyPaths": [
- "/proc/bus",
- "/proc/fs",
- "/proc/irq",
- "/proc/sys",
- "/proc/sysrq-trigger"
- ]
- },
- "GraphDriver": {
- "Data": {
- "LowerDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a-init/diff:/var/lib/docker/overlay2/ac2a6764ef29d802f6d57c03311285e004854c1125392c571a54a0e51e7aa770/diff:/var/lib/docker/overlay2/00498af85ccf1634977fabaa1e8bc0347de69aa93c9a498932291ef6cc66ad2d/diff:/var/lib/docker/overlay2/e85525a30c0dc487cfe1bfed9931cc85994a3655f1194d5e357c9f52a29eb0c7/diff:/var/lib/docker/overlay2/616978347c6243ee5a035fb5dcd055a5bb72052fbc54e7da735babeef558d2aa/diff:/var/lib/docker/overlay2/6c5ffca8e721e566c9f03345b9bedc31db36328a5ec6a78c828d0b2ca4b21d89/diff:/var/lib/docker/overlay2/1dde0f444f04a43847d956a6cea24ce25fcc74c784086fe0f51ed17bb75e9ae8/diff",
- "MergedDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/merged",
- "UpperDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/diff",
- "WorkDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/work"
- },
- "Name": "overlay2"
- },
- "Mounts": [],
- "Config": {
- "Hostname": "d5bc9651615e",
- "Domainname": "",
- "User": "",
- "AttachStdin": false,
- "AttachStdout": false,
- "AttachStderr": false,
- "ExposedPorts": {
- "80/tcp": {}
- },
- "Tty": false,
- "OpenStdin": false,
- "StdinOnce": false,
- "Env": [
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
- "NGINX_VERSION=1.21.5",
- "NJS_VERSION=0.7.1",
- "PKG_RELEASE=1~bullseye"
- ],
- "Cmd": [
- "nginx",
- "-g",
- "daemon off;"
- ],
- "Image": "nginx",
- "Volumes": null,
- "WorkingDir": "",
- "Entrypoint": [
- "/docker-entrypoint.sh"
- ],
- "OnBuild": null,
- "Labels": {
- "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
- },
- "StopSignal": "SIGQUIT"
- },
- "NetworkSettings": {
- "Bridge": "",
- "SandboxID": "83b75e77e1d7de17af47765c03f4c9e3aba0f93a615542e9e385fd97f29f961c",
- "HairpinMode": false,
- "LinkLocalIPv6Address": "",
- "LinkLocalIPv6PrefixLen": 0,
- "Ports": {
- "80/tcp": null
- },
- "SandboxKey": "/var/run/docker/netns/83b75e77e1d7",
- "SecondaryIPAddresses": null,
- "SecondaryIPv6Addresses": null,
- "EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
- "Gateway": "172.17.0.1",
- "GlobalIPv6Address": "",
- "GlobalIPv6PrefixLen": 0,
- "IPAddress": "172.17.0.3",
- "IPPrefixLen": 16,
- "IPv6Gateway": "",
- "MacAddress": "02:42:ac:11:00:03",
- "Networks": {
- "bridge": {
- "IPAMConfig": null,
- "Links": null,
- "Aliases": null,
- "NetworkID": "745daa224c76c2091d6852549ffaaa346bae3a7a2128186e5bbf40cbddf416a3",
- "EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
- "Gateway": "172.17.0.1",
- "IPAddress": "172.17.0.3",
- "IPPrefixLen": 16,
- "IPv6Gateway": "",
- "GlobalIPv6Address": "",
- "GlobalIPv6PrefixLen": 0,
- "MacAddress": "02:42:ac:11:00:03",
- "DriverOpts": null
- }
- }
- }
- }
- ]
- root@rocky8 ~]$ docker inspect -f "{{.State.Status}}" web02
- running
- root@rocky8 ~]$ docker inspect --format="{{.State.Status}}" web02
- running
docker rm 可以删除容器,即使容器正在运行当中,也可以被强制删除掉
格式
- docker rm [OPTIONS] CONTAINER [CONTAINER...]
- docker container rm [OPTIONS] CONTAINER [CONTAINER...]
- #选项:
- -f, --force Force the removal of a running container (uses SIGKILL)
- -v, --volumes Remove the volumes associated with the container
- #删除停止的容器
- docker container prune [OPTIONS]
- Options:
- --filter filter Provide filter values (e.g. 'until=<timestamp>')
- -f, --force Do not prompt for confirmation
- root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- ceb134349daf alpine "/bin/sh" 50 seconds ago Exited (0) 50 seconds ago sharp_swanson
- d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
- 69cb07c29477 nginx "/docker-entrypoint.…" 25 minutes ago Exited (0) 25 minutes ago web01
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 30 minutes ago Up 30 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
- #删除web01容器
- root@rocky8 ~]$ docker rm web01
- web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- ceb134349daf alpine "/bin/sh" About a minute ago Exited (0) About a minute ago sharp_swanson
- d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 31 minutes ago Up 31 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
- [root@rocky8 ~]$ docker rm $(docker ps -qf status=exited)
- ceb134349daf
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d5bc9651615e nginx "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 80/tcp web02
- 3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 32 minutes ago Up 32 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
格式
- docker start|stop|restart|pause|unpause 容器ID
- docker start $(docker ps -a -q)
- docker stop $(docker ps -a -q)
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- e4af980c1bff nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp web01
- #停止容器
- [root@rocky8 ~]$ docker stop web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- e4af980c1bff nginx "/docker-entrypoint.…" 2 minutes ago Exited (0) 4 seconds ago web01
- #启动nginx容器
- [root@rocky8 ~]$ docker start web01
- web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- e4af980c1bff nginx "/docker-entrypoint.…" 3 minutes ago Up 2 seconds 80/tcp web01
- #重启nginx容器
- [root@rocky8 ~]$ docker restart web01
- [10:05:45 root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- e4af980c1bff nginx "/docker-entrypoint.…" 4 minutes ago Up 4 seconds 80/tcp web01
- root@rocky8 ~]$ docker run --name=rocky -it rockylinux:9-minimal bash
- bash-5.1# ls
- afs dev home lib64 media opt root sbin sys usr
- bin etc lib lost+found mnt proc run srv tmp var
- bash-5.1# cat /etc/os-release
- NAME="Rocky Linux"
- VERSION="9.1 (Blue Onyx)"
- ID="rocky"
- ID_LIKE="rhel centos fedora"
- VERSION_ID="9.1"
- PLATFORM_ID="platform:el9"
- PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
- ANSI_COLOR="0;32"
- LOGO="fedora-logo-icon"
- CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
- HOME_URL="https://rockylinux.org/"
- BUG_REPORT_URL="https://bugs.rockylinux.org/"
- ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
- ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
- REDHAT_SUPPORT_PRODUCT="Rocky Linux"
- REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
- bash-5.1# exit
- exit
- #启动并进入rocky容器
- [root@rocky8 ~]$ docker start -i rocky
- bash-5.1# cat etc/issue
- \S
- Kernel \r on an \m
- bash-5.1#
- #暂停web01容器
- [root@rocky8 ~]$ docker pause web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 03357d030c20 rockylinux:9-minimal "bash" 6 minutes ago Exited (0) 2 minutes ago rocky
- e4af980c1bff nginx "/docker-entrypoint.…" 11 minutes ago Up 7 minutes (Paused) 80/tcp web01 #状态中加上了paused标志
- #恢复容器
- [root@rocky8 ~]$ docker unpause web01
- web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 03357d030c20 rockylinux:9-minimal "bash" 7 minutes ago Exited (0) 3 minutes ago rocky
- e4af980c1bff nginx "/docker-entrypoint.…" 12 minutes ago Up 8 minutes 80/tcp web01
docker kill 可以给容器发信号,默认号SIGKILL,即9信号
格式
- docker kill [OPTIONS] CONTAINER [CONTAINER...]
- #选项:
- -s, --signal string Signal to send to the container (default "KILL")
- [root@rocky8 ~]$ docker kill web01
- web01
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 03357d030c20 rockylinux:9-minimal "bash" 9 minutes ago Exited (0) 6 minutes ago rocky
- e4af980c1bff nginx "/docker-entrypoint.…" 15 minutes ago Exited (137) 1 second ago web01
1.4.6.1 使用attach命令
docker attach 容器名,attach 类似于vnc,操作会在同一个容器的多个会话界面同步显示,所有使用此方式进入容器的操作都是同步显示的,且使用exit退出后容器自动关闭,不推荐使用,需要进入到有shell环境的容器
格式:
- docker attach [OPTIONS] CONTAINER
在运行中的容器启动新进程,可以执行单次命令,以及进入容器
测试环境使用此方式,使用exit退出,但容器还在运行,此为推荐方式
格式:
- docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
- 常用选项:
- -d, --detach Detached mode: run command in the background
- -e, --env list Set environment variables
- -i, --interactive Keep STDIN open even if not attached
- -t, --tty Allocate a pseudo-TTY
- #常见用法
- docker exec -it 容器ID sh|bash
- #执行一次性命令
- [root@rocky8 ~]$ docker exec rocky cat /etc/redhat-release
- Rocky Linux release 9.1 (Blue Onyx)
- #进入容器,执行命令,exit退出容器不停止
- [root@rocky8 ~]$ docker exec -it rocky bash
- bash-5.1# cat /etc/redhat-release
- Rocky Linux release 9.1 (Blue Onyx)
容器启动后,默认处于预定义的NAT网络中,所以外部网络的主机无法直接访问容器中网络服务
docker run -P 可以将事先容器预定义的所有端口映射宿主机的网卡的随机端口,默认从32768开始
使用随机端口 时,当停止容器后再启动可能会导致端口发生变化
- -P , --publish-all= true | false默认为false
- #示例:
- docker run -P docker.io/nginx #映射容器所有暴露端口至随机本地端口
- [root@rocky8 ~]$ docker run -d --name web01 -P nginx
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 46b790b7393a nginx "/docker-entrypoint.…" 4 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp web01
格式
- docker port CONTAINER [PRIVATE_PORT[/PROTO]]
- [root@rocky8 ~]$ docker port web01
- 80/tcp -> 0.0.0.0:32768
1.4.8 指定端口映射
docker run -p 可以将容器的预定义的指定端口映射到宿主机的相应端口
注意: 多个容器映射到宿主机的端口不能冲突,但容器内使用的端口可以相同
方式1: 容器80端口映射宿主机本地随机端口
- docker run -p 80 --name nginx-test-port1 nginx
- docker run -p 81:80 --name nginx-test-port2 nginx
- docker run -p 10.0.0.100:82:80 --name nginx-test-port3 docker.io/nginx
- docker run -p 10.0.0.100::80 --name nginx-test-port4 docker.io/nginx
- docker run -p 10.0.0.100:83:80/udp --name nginx-test-port5 docker.io/nginx
- docker run -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port6 nginx
- [root@rocky8 ~]$ docker run -d -p 8080:80 --name web02 nginx
- 846ca3aa883687906cbc14884d2fc2c89d47884a1f3236c3f73bab628f18a121
- [root@rocky8 ~]$ docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 846ca3aa8836 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp web02
- 46b790b7393a nginx "/docker-entrypoint.…" 20 minutes ago Up 20 minutes 0.0.0.0:32768->80/tcp web01
- [root@rocky8 ~]$ ss -ntl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
- LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
- LISTEN 0 128 [::]:22 [::]:*
- LISTEN 0 128 *:32768 *:*
- LISTEN 0 128 *:8080 *:*
- [root@ubuntu1804 ~]#docker run -d -p 80:80 --name nginx01 nginx
- dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24
- [root@ubuntu1804 ~]#docker port nginx01
- 80/tcp -> 0.0.0.0:80
- [root@ubuntu1804 ~]#lsof -i:80
- COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
- docker-pr 2364 root 4u IPv6 35929 0t0 TCP *:http (LISTEN)
- [root@ubuntu1804 ~]#ls
- /var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/
- checkpoints
- hostconfig.json mounts
- config.v2.json
- hostname resolv.conf
- dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24-json.log hosts
- resolv.conf.hash
- [root@ubuntu1804 ~]#systemctl stop docker
- [root@ubuntu1804 ~]#vim
- /var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/hostconfig.json
- "PortBindings":{"80/tcp":[{"HostIp":"","HostPort":"80"}]}
- #PortBindings后80/tcp对应的是容器内部的80端口,HostPort对应的是映射到宿主机的端口80 修改此处为8000
- [root@ubuntu1804 ~]#systemctl start docker
- [root@ubuntu1804 ~]#docker start nginx01
- [root@ubuntu1804 ~]#docker port nginx01
- 80/tcp -> 0.0.0.0:8000
- #部署mysql
- [root@rocky8 ~]$ docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=123456 --name mysql mysql:8.0.31-oracle
- #下载wordpress
- [root@rocky8 ~]$ docker run -d -p 80:80 --name wordpress wordpress:php7.4-apache
1.4.9 查看容器的日志
docker logs 可以查看容器中运行的进程在控制台输出的日志信息
格式
- docker logs [OPTIONS] CONTAINER
- 选项:
- --details Show extra details provided to logs
- -f, --follow Follow log output
- --since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
- --tail string Number of lines to show from the end of the logs (default "all")
- -t, --timestamps Show timestamps
- --until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
- [root@rocky8 ~]$ docker logs wordpress
- WordPress not found in /var/www/html - copying now...
- Complete! WordPress has been successfully copied to /var/www/html
- AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
- AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
- [Tue Jan 17 04:10:22.767095 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
- ......
容器需要有一个前台运行的进程才能保持容器的运行,通过传递运行参数是一种方式,另外也可以在构
建镜像的时候指定容器启动时运行的前台命令
容器里的PID为1的守护进程的实现方式
- 服务类: 如: Nginx,Tomcat,Apache ,但服务不能停命令类: 如: tail -f /etc/hosts ,主要用于测试环境,注意: 不要tail -f <服务访问日志> 会产生不必要的磁盘IO
- [root@rocky8 ~]$ docker run --name rocky rockylinux:9-minimal cat /etc/os-release
- NAME="Rocky Linux"
- VERSION="9.1 (Blue Onyx)"
- ID="rocky"
- ID_LIKE="rhel centos fedora"
- VERSION_ID="9.1"
- PLATFORM_ID="platform:el9"
- PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
- ANSI_COLOR="0;32"
- LOGO="fedora-logo-icon"
- CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
- HOME_URL="https://rockylinux.org/"
- BUG_REPORT_URL="https://bugs.rockylinux.org/"
- ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
- ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
- REDHAT_SUPPORT_PRODUCT="Rocky Linux"
- REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
- docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
- docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
- Options:
- -a, --archive Archive mode (copy all uid/gid information)
- -L, --follow-link Always follow symbol link in SRC_PATH
- [root@rocky8 ~]$ docker run -itd --rm alpine
- #将宿主机文件复制到容器中
- [root@rocky8 ~]$ docker cp /etc/hosts 2b91caf6ba44:/
- [root@rocky8 ~]$ docker exec -it 2b91caf6ba44 sh
- / # cat hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- #将容器内的文件复制到宿主机
- [root@rocky8 ~]$ docker cp 2b91caf6ba44:/bin/busybox /usr/local/bin/
- [root@rocky8 ~]$ ls /usr/local/bin/
- busybox
Docker的镜像制作分为手动制作(基于容器)和自动制作(基于DockerFile),企业通常都是基于Dockerfile制作镜像
- docker commit #通过修改现有容器,将之手动构建为镜像
- docker build #通过Dockerfile文件,批量构建为镜像
1.5.1.1 基于容器手动制作镜像步骤
docker commit 格式
- docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
- #选项
- -a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
- -c, --change list Apply Dockerfile instruction to the created image
- -m, --message string Commit message
- -p, --pause Pause container during commit (default true)
- #说明:
- 制作镜像和CONTAINER状态无关,停止状态也可以制作镜像
- 如果没有指定[REPOSITORY[:TAG]],REPOSITORY和TAG都为<none>
- 提交的时候标记TAG号: 生产当中常用,后期可以根据TAG标记创建不同版本的镜像以及创建不同版本的容器
- 下载一个系统的官方基础镜像,如: CentOS 或 Ubuntu基于基础镜像启动一个容器,并进入到容器
- 在容器里面做配置操作
- 安装基础命令配置运行环境安装服务和配置服务放业务程序代码
- #运行容器
- [root@rocky8 ~]$ docker run -it rockylinux:9-minimal sh
- #安装基础包
- [root@c85d96e2158a ~]# yum -y install bash-completion psmisc tree vim lsof iproute git net-tools
- #创建组和用户
- [root@c85d96e2158a ~]# groupadd -g 88 www
- [root@c85d96e2158a ~]# useradd -g www -u 88 -r -s /sbin/nologin -M -d /home/www www
- [root@c85d96e2158a ~]# id www
- uid=88(www) gid=88(www) groups=88(www)
- #清楚yum缓存,减少制作的镜像的大小
- [root@rocky8 ~]$ docker commit rocky9 rockylinux:v8.5-2023-01-17
- sha256:1af952b962d9501a4249c69132baa733e384933c6db76d0794a40998c38af588
- [root@rocky8 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- rockylinux v8.5-2023-01-17 1af952b962d9 3 seconds ago 327MB
1.5.2.1 Dockerfile 文件格式
Dockerfile 是一个有特定语法格式的文本文件
dockerfile 官方说明: https://docs.docker.com/engine/reference/builder/
帮助: man 5 dockerfile
Dockerfile 文件说明
- 每一行以Dockerfile的指令开头,指令不区分大小写,但是惯例使用大写使用 # 开始作为注释每一行只支持一条指令,每条指令可以携带多个参数指令按文件的顺序从上至下进行执行每个指令的执行会生成一个新的镜像层,为了减少分层和镜像大小,尽可能将多条指令合并成一条指令制作镜像一般可能需要反复多次,每次执行dockfile都按顺序执行,从头开始,已经执行过的指令已经缓存,不需要再执行,如果后续有一行新的指令没执行过,其往后的指令将会重新执行,所以为加速镜像制作,将最常变化的内容放下dockerfile的文件的后面
dockerfile 文件中的常见指令:
- ADD
- COPY
- ENV
- EXPOSE
- FROM
- LABEL
- STOPSIGNAL
- USER
- VOLUME
- WORKDIR