docker的常用操作

发表于 2018/08/08

作者 Hang

7 分钟阅读

docker的常用操作

介绍

一个开源的应用容器引擎，让开发者可以打包他们的应用以及依赖包到一个可移植的容器中，然后发布到任何流行的 Linux 机器上，也可以实现虚拟化。容器是完全使用沙箱机制，相互之间不会有任何接口。

概念

image(镜像，相当于java类)
container(容器，相当于java实例)
daemon(守护进程，管理容器)

需求

linux kernel 3.8 以上

安装

  
yum -y install docker # 1.7.x
# 或
cat > /etc/yum.repos.d/docker.repo << EOF
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpgcheck
EOF
yum -y install docker-engine # 1.8.x

设置开机启动daemon进程

  
systemctl start docker.service
systemctl enable docker.service
systemctl grep docker # 查看docker状态

安装iptables防火墙

  
systemctl disable firewalld
yum -y install iptables-services
systemctl enable iptables
systemctl start iptables

常用命令

  
docker version # 查看docker客户端、服务端版本
ip addr # docker虚拟网桥
docker search java # 查找镜像
docker pull java # 拉取镜像
docker images # 查看本地镜像
docker rmi java# 删除镜像
docker run -it java java -version # 运行镜像 -it 交互模式 运行java -version命令
docker run -it java ps # 运行镜像 -it 交互模式 运行ps命令
docker run -it java uname # 运行镜像 -it 交互模式 运行uname命令
docker run java ip addr # 容器内IP地址
docker run java env # 容器内环境变量
docker create/start/stop/pause/unpause # docker生命周期相关命令
  docker create -it --name=myjava java java -version
  docker ps -a #所有docker容器
  docker start myjava
  docker ps # 正在运行的docker
  docker create --name mysqlsrv1 -e MYSQL_ROOT_PASSWORD=123456 -p 3306:3306 mysql
  docker start mysqlsrv1
  docker ps
  netstat -tlp
  docker exec mysqlsrv1 env
  docker exec -it mysqlsrv1 /bin/bash

配置

配置文件

/etc/sysconfig/docker # 1.7
/usr/lib/systemd/system/docker.service # 1.8

日志

/var/log/message

镜像制作

buildfile

  
vi Dockerfile
  FROM nimmis/ubuntu:14.04
  MAINTAINER nimmis <kjell.havneskold@gmail.com>
  # disable interactive functions
  ENV DEBIAN_FRONTEND noninteractive
  # set default java environment variable
  ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
  RUN apt-get install -y software-properties-common && \
  add-apt-repository ppa:openjdk-r/ppa -y && \
  apt-get update && \
  apt-get install -y --no-install-recommends openjdk-8-jre && \
  rm -rf /var/lib/apt/lists/*
docker build -t leader/java

容器互联

基于Volume的互联

  
docker run --rm=true -it -v /leader java /bin/bash
:/# ls
:/# ls /leader/

docker run --rm=true -it -v /storage /leader java /bin/bash

基于link的互联

--link=myjavaserver:serverM1

基于网络的互联

数据目录

  
/var/lib/docker/graph # 本地镜像元数据
/var/lib/docker/devicemapper/devicemapper/data # 镜像和容器的二进制数据文件
/var/lib/docker/devicemapper/devicemapper/metadata # 相关元数据

选项

  
--api-cors-header=					Set CORS headers in the remote API
-b, --bridge=						Attach containers to a network bridge
--bip=								Specify network bridge IP
-D, --debug=false					Enable debug mode
-d, --daemon=false					Enable daemon mode
--default-gateway=					Container default gateway IPv4 address
--default-gateway-v6=				Container default gateway IPv6 address
--default-ulimit=[]					Set default ulimits for containers
--dns=[]							DNS server to use
--dns-search=[]						DNS search domains to use
-e, --exec-driver=native			Exec driver to use
--exec-opt=[]						Set exec driver options
--exec-root=/var/run/docker			Root of the Docker execdriver
--fixed-cidr=						IPv4 subnet for fixed IPs
--fixed-cidr-v6=					IPv6 subnet for fixed IPs
-G, --group=docker					Group for the unix socket
-g, --graph=/var/lib/docker			Root of the Docker runtime
-H, --host=[]						Daemon socket(s) to connect to
-h, --help=false					Print usage
--icc=true							Enable inter-container communication
--insecure-registry=[]				Enable insecure registry communication
--ip=0.0.0.0						Default IP when binding container ports
--ip-forward=true					Enable net.ipv4.ip_forward
--ip-masq=true						Enable IP masquerading
--iptables=true						Enable addition of iptables rules
--ipv6=false						Enable IPv6 networking
-l, --log-level=info				Set the logging level
--label=[]							Set key=value labels to the daemon
--log-driver=json-file				Default driver for container logs
--log-opt=map[]						Set log driver options
--mtu=0								Set the containers network MTU
-p, --pidfile=/var/run/docker.pid	Path to use for daemon PID file
--registry-mirror=[]				Preferred Docker registry mirror
-s, --storage-driver=				Storage driver to use
--selinux-enabled=false				Enable selinux support
--storage-opt=[]					Set storage driver options
--tls=false							Use TLS; implied by --tlsverify
--tlscacert=~/.docker/ca.pem		Trust certs signed only by this CA
--tlscert=~/.docker/cert.pem		Path to TLS certificate file
--tlskey=~/.docker/key.pem			Path to TLS key file
--tlsverify=false					Use TLS and verify the remote
--userland-proxy=true				Use userland proxy for loopback traffic
-v, --version=false					Print version information and quit

命令

  
attach	Attach to a running container
build	Build an image from a Dockerfile
commit	Create a new image from a container's changes
cp		Copy files/folders from a container's filesystem to the host path
create	Create a new container
diff	Inspect changes on a container's filesystem
events	Get real time events from the server
exec	Run a command in a running container
export	Stream the contents of a container as a tar archive
history	Show the history of an image
images	List images
import	Create a new filesystem image from the contents of a tarball
info	Display system-wide information
inspect	Return low-level information on a container or image
kill	Kill a running container
load	Load an image from a tar archive
login	Register or log in to a Docker registry server
logout	Log out from a Docker registry server
logs	Fetch the logs of a container
pause	Pause all processes within a container
port	Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
ps		List containers
pull	Pull an image or a repository from a Docker registry server
push	Push an image or a repository to a Docker registry server
rename	Rename an existing container
restart	Restart a running container
rm		Remove one or more containers
rmi		Remove one or more images
run		Run a command in a new container
save	Save an image to a tar archive
search	Search for an image on the Docker Hub
start	Start a stopped container
stats	Display a stream of a containers' resource usage statistics
stop	Stop a running container
tag		Tag an image into a repository
top		Lookup the running processes of a container
unpause	Unpause a paused container
version	Show the Docker version information
wait	Block until a container stops, then print its exit code

常见问题

问题

FATA[0000] Get http:///var/run/docker.sock/v1.18/images/json: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?

解决：

yum -y install apparmor
service docker restart

运维

docker

本文由作者按照 CC BY 4.0 进行授权