知乎专栏 |
TCP 2375
Neo-iMac:~ neo$ docker -H 192.168.30.10:2375 info
SSH 方式
Neo-iMac:~ neo$ docker -H ssh://root@192.168.30.13 info Client: Context: default Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.6.3) compose: Docker Compose (Docker Inc., v2.1.1) scan: Docker Scan (Docker Inc., 0.9.0) Server: Containers: 3 Running: 2 Paused: 0 Stopped: 1 Images: 178 Server Version: 20.10.11 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2 Default Runtime: runc Init Binary: docker-init containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-338.el8.x86_64 Operating System: CentOS Stream 8 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.514GiB Name: localhost.localdomain ID: XGEY:2L25:2GTC:LGK5:3D7D:TC5B:EBBU:5GZJ:VDZ2:S67Z:T7VK:O7WD Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: registry.netkiller.cn 127.0.0.0/8 Registry Mirrors: https://registry.cn-hangzhou.aliyuncs.com/ https://docker.mirrors.ustc.edu.cn/ https://registry.docker-cn.com/ http://hub-mirror.c.163.com/ Live Restore Enabled: false
设置 DOCKER_HOST 环境变量
Neo-iMac:~ neo$ export DOCKER_HOST=tcp://192.168.30.10:2375 Neo-iMac:~ neo$ docker info Client: Context: default Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.6.3) compose: Docker Compose (Docker Inc., v2.1.1) scan: Docker Scan (Docker Inc., 0.9.0) Server: Containers: 11 Running: 11 Paused: 0 Stopped: 0 Images: 11 Server Version: 20.10.10 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8 runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-348.el8.x86_64 Operating System: CentOS Stream 8 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.39GiB Name: testing ID: 5GBU:CMWS:VIVP:TREZ:Y5AP:OGOW:EABK:NP4R:AWUA:S4J2:2YQ2:U7MT Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://hub-mirror.c.163.com/ https://mirror.baidubce.com/ https://docker.mirrors.ustc.edu.cn/ Live Restore Enabled: false
neo@MacBook-Pro ~ % docker info Containers: 9 Running: 8 Paused: 0 Stopped: 1 Images: 5 Server Version: 18.09.2 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.9.125-linuxkit Operating System: Docker for Mac OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 1.952GiB Name: linuxkit-025000000001 ID: IT7A:OHXM:XG4E:HX53:ZMA3:GIRA:CYMP:6IJF:QKZ5:MQI4:6LU2:ZD7Z Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): true File Descriptors: 70 Goroutines: 88 System Time: 2019-03-31T04:23:51.43837431Z EventsListeners: 2 HTTP Proxy: gateway.docker.internal:3128 HTTPS Proxy: gateway.docker.internal:3129 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Product License: Community Engine
iMac
iMac:~ neo$ docker info Client: Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.3.1-tp-docker) scan: Docker Scan (Docker Inc., v0.3.3) app: Docker Application (Docker Inc., v0.8.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.13-beta2 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.19.76-linuxkit Operating System: Docker Desktop OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.848GiB Name: docker-desktop ID: LWQ5:KBRL:SE7U:SJZ4:ANS2:JEQD:5YJO:MVRG:HIEA:XDWD:LQIZ:EJPX Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: gateway.docker.internal:3128 HTTPS Proxy: gateway.docker.internal:3129 Registry: https://index.docker.io/v1/ Labels: Experimental: true Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://registry.docker-cn.com/ Live Restore Enabled: false Product License: Community Engine
run
$ sudo docker run ubuntu:14.04 /bin/echo 'Hello world' Hello world
该参数用于指定自动重启docker容器策略,包含3个选项:no,on-failure[:times],always,unless-stopped
no 默认值,表示容器退出时,docker不自动重启容器 docker run --restart=no [容器名] on-failure 若容器的退出状态非0,则docker自动重启容器,还可以指定重启次数,若超过指定次数未能启动容器则放弃 docker run --restart=on-failure:3 [容器名] always 容器退出时总是重启 docker run --restart=always [容器名] unless-stopped 容器退出时总是重启,但不考虑Docker守护进程启动时就已经停止的容器 docker run --restart=unless-stopped [容器名]
[root@localhost ~]# docker run -t -i centos:latest bash [root@test /]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 254:0 0 59.6G 0 disk |-vda1 254:1 0 59.6G 0 part /etc/hosts `-vda2 252:1 0 1G 0 part [root@test /]# mount /dev/vda2 /mnt/ mount: permission denied
加入 --privileged 选项后
[root@netkiller ~]# docker run -t -i --privileged centos:latest bash [root@test /]# mount /dev/vda2 /mnt/
docker run -e VAR1=value1 --env VAR2=value2 ubuntu docker run --env VAR1=value1 --env VAR2=value2 ubuntu
docker run -p 80:80 ubuntu bash docker run -p 127.0.0.1:80:80 ubuntu bash docker run -p 127.0.0.1:80:80/tcp ubuntu bash
sudo docker start silly_bohr silly_bohr $ sudo docker stop silly_bohr silly_bohr $ sudo docker restart silly_bohr silly_bohr
为容器增加 --restart 参数
如果容器启动时没有设置–restart参数,则通过下面命令进行更新: docker update --restart=always [容器名]
docker update --restart=unless-stopped chatgpt
root@homeassistant:~# docker inspect homeassistant | grep -i -A 5 RestartPolicy "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 }, root@homeassistant:~# docker update homeassistant --restart=always homeassistant root@homeassistant:~# docker inspect homeassistant | grep -i -A 3 RestartPolicy "RestartPolicy": { "Name": "always", "MaximumRetryCount": 0 },
OPTIONS说明: -a :显示所有的容器,包括未运行的。 -f :根据条件过滤显示的内容。 --format :指定返回值的模板文件。 -l :显示最近创建的容器。 -n :列出最近创建的n个容器。 --no-trunc :不截断输出。 -q :静默模式,只显示容器编号。 -s :显示总的文件大小。
sudo docker ps
$ sudo docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 84391d1de0fc ubuntu:14.04 /bin/echo Hello worl 31 minutes ago Exit 0 romantic_ritchie
正常情况下无法显示完整的 COMMAND 信息
neo@MacBook-Pro-Neo ~ % docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 08252e252e11 eb705d309426 "redis-server /etc/r…" About a minute ago Up About a minute 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis
使用 --no-trunc 参数可以显示完整信息
neo@MacBook-Pro-Neo ~ % docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 08252e252e113105568f8b60b7bcee2f47978938402e440ba6874221a1621220 sha256:eb705d3094264a13130234869af89b635138f3d05b964ffdf6b3ee961f44a664 "redis-server /etc/redis.conf --requirepass yourpassword" About a minute ago Up About a minute 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis
格式化选项(--format)
.ID 容器ID .Image 镜像ID .Command Quoted command .CreatedAt 创建容器的时间点. .RunningFor 从容器创建到现在过去的时间. .Ports 暴露的端口. .Status 容器状态. .Size 容器占用硬盘大小. .Names 容器名称. .Labels 容器所有的标签. .Label 指定label的值 例如'{{.Label “com.docker.swarm.cpu”}}’ .Mounts 挂载到这个容器的数据卷名称
$ docker ps --format "{{.Names}}={{.ID}}" portal=04b421501ab7 price=098f85c3c916 admin=8617cb486566
$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 13b2a4a31455 ubuntu:14.04 /bin/bash 3 hours ago Up 3 hours silly_bohr $ sudo docker top silly_bohr UID PID PPID C STIME TTY TIME CMD root 23225 22908 0 12:17 pts/14 00:00:00 /bin/bash
$ sudo docker inspect silly_bohr [{ "ID": "13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a", "Created": "2014-07-17T04:17:45.262480632Z", "Path": "/bin/bash", "Args": [], "Config": { "Hostname": "13b2a4a31455", "Domainname": "", "User": "", "Memory": 0, "MemorySwap": 0, "CpuShares": 0, "AttachStdin": true, "AttachStdout": true, "AttachStderr": true, "PortSpecs": null, "ExposedPorts": null, "Tty": true, "OpenStdin": true, "StdinOnce": true, "Env": [ "HOME=/", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "Dns": [ "8.8.8.8", "8.8.4.4" ], "Image": "ubuntu", "Volumes": null, "VolumesFrom": "", "WorkingDir": "", "Entrypoint": null, "NetworkDisabled": false, "OnBuild": null }, "State": { "Running": true, "Pid": 23225, "ExitCode": 0, "StartedAt": "2014-07-17T04:17:45.672269614Z", "FinishedAt": "0001-01-01T00:00:00Z", "Ghost": false }, "Image": "e54ca5efa2e962582a223ca9810f7f1b62ea9b5c3975d14a5da79d3bf6020f37", "NetworkSettings": { "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "Gateway": "172.17.42.1", "Bridge": "docker0", "PortMapping": null, "Ports": {} }, "ResolvConfPath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/resolv.conf", "HostnamePath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/hostname", "HostsPath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/hosts", "Name": "/silly_bohr", "Driver": "aufs", "ExecDriver": "native-0.1", "Volumes": {}, "VolumesRW": {}, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LxcConf": [], "Privileged": false, "PortBindings": {}, "Links": null, "PublishAllPorts": false } }]
neo@MacBook-Pro ~ % docker inspect --format='{{.Name}}' $(docker ps -aq) /redis-cli /cluster_redisslave3_1 /cluster_redismaster3_1 /cluster_redismaster2_1 /cluster_redisslave2_1 /cluster_redismaster1_1 /cluster_redisslave1_1 /cluster_redis-image_1 /devel_eureka_1 /devel_config_1 /quizzical_heisenberg neo@MacBook-Pro ~ % docker inspect --format='{{.Name}}' $(docker ps -aq)|cut -d"/" -f2 redis-cli cluster_redisslave3_1 cluster_redismaster3_1 cluster_redismaster2_1 cluster_redisslave2_1 cluster_redismaster1_1 cluster_redisslave1_1 cluster_redis-image_1 devel_eureka_1 devel_config_1 quizzical_heisenberg
neo@MacBook-Pro ~ % docker inspect --format='{{.Config.Image}}' `docker ps -a -q` netkiller/redis:latest netkiller/redis netkiller/redis netkiller/redis netkiller/redis netkiller/redis netkiller/redis netkiller/redis:latest netkiller/eureka:latest netkiller/config:latest netkiller/eureka
neo@MacBook-Pro ~ % docker inspect --format '{{ .Config.Hostname }}' $(docker ps -q) dbea51159085 79126b58e92a 5d1fff33a3e1 42a58cb957d9 68904b82d071 70a20dd0396d 742313f2af46
$ sudo docker inspect -f '{{ .NetworkSettings.IPAddress }}' silly_bohr
[root@development ~]# docker ps | grep mysql 84639b1810a1 mysql:5.7 "docker-entrypoint.s…" 2 weeks ago Up 22 hours 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@development ~]# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql 172.21.0.4
neo@MacBook-Pro ~ % docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q) 172.24.0.7 172.24.0.6 172.24.0.5 172.24.0.4 172.24.0.3 172.24.0.2
获取容器的MAC地址
neo@MacBook-Pro ~ % docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $(docker ps -a -q) 02:42:ac:18:00:07 02:42:ac:18:00:06 02:42:ac:18:00:05 02:42:ac:18:00:04 02:42:ac:18:00:03 02:42:ac:18:00:02
[root@development ~]# docker network ls | grep nginx a82ea0e05c7b nginx_default bridge local [root@development ~]# docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' nginx_default 172.26.0.0/16
neo@MacBook-Pro ~ % docker inspect --format='{{.LogPath}}' `docker ps -a -q` /var/lib/docker/containers/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168-json.log /var/lib/docker/containers/79126b58e92adbe933d8e39966af1e19cd867afe509deca2689fd27e5d25dce7/79126b58e92adbe933d8e39966af1e19cd867afe509deca2689fd27e5d25dce7-json.log /var/lib/docker/containers/5d1fff33a3e14d409e2ef675820d68af0fdd6d512a7db06540b02b612eb889cc/5d1fff33a3e14d409e2ef675820d68af0fdd6d512a7db06540b02b612eb889cc-json.log /var/lib/docker/containers/42a58cb957d965d5ac0aa5d329c6b68aa7f62cae096f974df99281f50c4819ab/42a58cb957d965d5ac0aa5d329c6b68aa7f62cae096f974df99281f50c4819ab-json.log /var/lib/docker/containers/68904b82d071b956757a54c50d95122210e84012542ec3cbe354b72601bf62ba/68904b82d071b956757a54c50d95122210e84012542ec3cbe354b72601bf62ba-json.log /var/lib/docker/containers/70a20dd0396d4b48314bfe119d71fc810fe17fcb174d0bfb116bb8da53bff677/70a20dd0396d4b48314bfe119d71fc810fe17fcb174d0bfb116bb8da53bff677-json.log /var/lib/docker/containers/742313f2af466b7b932f8562e0dc75a228c7f815b4eb5a35dd1618d94c88bf7e/742313f2af466b7b932f8562e0dc75a228c7f815b4eb5a35dd1618d94c88bf7e-json.log /var/lib/docker/containers/d60dcf49c5d4c78904c442f8fb09e5d3d57a9a2d21f6abaae7ee2d36bcc3e4a2/d60dcf49c5d4c78904c442f8fb09e5d3d57a9a2d21f6abaae7ee2d36bcc3e4a2-json.log /var/lib/docker/containers/44c7ea7593838db1cea824862ee9708c77143d0e07d12cae0116cd8231eb2d1c/44c7ea7593838db1cea824862ee9708c77143d0e07d12cae0116cd8231eb2d1c-json.log /var/lib/docker/containers/ae3c930f6eca854c9dc1c2ae84b7c870d63f3731290d347dc27fcf85c36821e5/ae3c930f6eca854c9dc1c2ae84b7c870d63f3731290d347dc27fcf85c36821e5-json.log /var/lib/docker/containers/9beae3d5f5132e5f733e044d634b1e8b2650c30151db1a8468109bbf891be674/9beae3d5f5132e5f733e044d634b1e8b2650c30151db1a8468109bbf891be674-json.log
neo@MacBook-Pro ~ % docker inspect --format='{{json .Config}}' dbea51159085 | jq { "Hostname": "dbea51159085", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GOSU_VERSION=1.10", "REDIS_VERSION=5.0.4", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-5.0.4.tar.gz", "REDIS_DOWNLOAD_SHA=3ce9ceff5a23f60913e1573f6dfcd4aa53b42d4a2789e28fa53ec2bd28c987dd", "REDIS_PORT=6379" ], "Cmd": [ "redis-cli" ], "Image": "netkiller/redis:latest", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "/docker-entrypoint.sh" ], "OnBuild": null, "Labels": { "com.docker.compose.config-hash": "f2e8434ec82c796bceac48461d71d487ff3fb53f711220a1efb976c59bd4d68c", "com.docker.compose.container-number": "1", "com.docker.compose.oneoff": "False", "com.docker.compose.project": "cluster", "com.docker.compose.service": "redis-cli", "com.docker.compose.version": "1.23.2" } }
拆分和组合
neo@MacBook-Pro ~ % docker inspect --format '{{join .Config.Entrypoint " , "}}' dbea51159085 /docker-entrypoint.sh neo@MacBook-Pro ~ % docker inspect --format '{{.HostsPath}}' dbea51159085 /var/lib/docker/containers/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168/hosts neo@MacBook-Pro ~ % docker inspect --format '{{split .HostsPath "/"}}' dbea51159085 [ var lib docker containers dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168 hosts]
大小写转换
neo@MacBook-Pro ~ % docker inspect --format "{{lower .Name}}" dbea51159085 /redis-cli neo@MacBook-Pro ~ % docker inspect --format "{{upper .Name}}" dbea51159085 /REDIS-CLI
首字母大写
neo@MacBook-Pro ~ % docker inspect --format "{{title .State.Status}}" dbea51159085 Restarting
长度计算
neo@MacBook-Pro ~ % docker inspect --format '{{len .Name}}' dbea51159085 10
打印字符串
neo@MacBook-Pro ~ % INSTANCE_ID=42a58cb957d9 neo@MacBook-Pro ~ % docker inspect --format '{{.State.Pid}}{{.State.ExitCode}}' $INSTANCE_ID 745770 neo@MacBook-Pro ~ % docker inspect --format '{{print .State.Pid .State.ExitCode}}' $INSTANCE_ID 74577 0 neo@MacBook-Pro ~ % docker inspect --format '{{printf "Pid:%d ExitCode:%d" .State.Pid .State.ExitCode}}' $INSTANCE_ID Pid:74577 ExitCode:0 neo@MacBook-Pro ~ % docker inspect --format '{{.State.Pid}}{{print "|"}}{{.State.ExitCode}}' $INSTANCE_ID 74577|0
neo@MacBook-Pro ~ % docker inspect --format 'Hostname:{{ .Config.Hostname }} Name:{{.Name}} IP:{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q) Hostname:dbea51159085 Name:/redis-cli IP: Hostname:79126b58e92a Name:/cluster_redisslave3_1 IP:172.24.0.7 Hostname:5d1fff33a3e1 Name:/cluster_redismaster3_1 IP:172.24.0.6 Hostname:42a58cb957d9 Name:/cluster_redismaster2_1 IP:172.24.0.5 Hostname:68904b82d071 Name:/cluster_redisslave2_1 IP:172.24.0.4 Hostname:70a20dd0396d Name:/cluster_redismaster1_1 IP:172.24.0.3 Hostname:742313f2af46 Name:/cluster_redisslave1_1 IP:172.24.0.2
docker inspect --format '{{ .Config.Hostname }}:{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)
[root@netkiller ~]# docker inspect gitlab | grep Mounts -A 20 "Mounts": [ { "Source": "/srv/gitlab/config", "Destination": "/etc/gitlab", "Mode": "", "RW": true, "Propagation": "rprivate" }, { "Source": "/srv/gitlab/logs", "Destination": "/var/log/gitlab", "Mode": "", "RW": true, "Propagation": "rprivate" }, { "Source": "/srv/gitlab/data", "Destination": "/var/opt/gitlab", "Mode": "", "RW": true, "Propagation": "rprivate"
$ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 14.10 58faa899733f 2 weeks ago 196 MB ubuntu utopic 58faa899733f 2 weeks ago 196 MB ubuntu precise ea7d6801c538 3 weeks ago 127.5 MB ubuntu 12.04 ea7d6801c538 3 weeks ago 127.5 MB ubuntu 12.10 c5881f11ded9 4 weeks ago 172.2 MB ubuntu quantal c5881f11ded9 4 weeks ago 172.2 MB ubuntu 13.04 463ff6be4238 4 weeks ago 169.4 MB ubuntu raring 463ff6be4238 4 weeks ago 169.4 MB ubuntu 13.10 195eb90b5349 4 weeks ago 184.7 MB ubuntu saucy 195eb90b5349 4 weeks ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu latest e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu trusty e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu 10.04 3db9c44f4520 12 weeks ago 183 MB ubuntu lucid 3db9c44f4520 12 weeks ago 183 MB
格式化
[root@production watch]# docker images --format "{{.Repository}}:{{.Tag}}" nginx:latest redis:latest eclipse-mosquitto:latest openjdk:22 openjdk:17
$ sudo docker pull centos Pulling repository centos b7de3133ff98: Pulling dependent layers 5cc9e91966f7: Pulling fs layer 511136ea3c5a: Download complete ef52fb1fe610: Download complete
neo@MacBook-Pro ~/git/springcloud/webflux % docker images | grep none | cut -f2 <none> <none> 0fe48d3d68c6 About an hour ago 487MB <none> <none> 8372211e8f27 About an hour ago 487MB <none> <none> 10e486f8b7e0 About an hour ago 487MB <none> <none> 4e741a99e2f7 About an hour ago 487MB <none> <none> ecb48c238139 About an hour ago 487MB <none> <none> 5fb2543fe938 About an hour ago 487MB <none> <none> 2638e33e8168 About an hour ago 487MB <none> <none> 447651629be0 About an hour ago 470MB <none> <none> f66e1450b24b About an hour ago 487MB <none> <none> 90e5e4ccedb1 2 hours ago 486MB <none> <none> 4de93b767f79 3 hours ago 486MB <none> <none> 746b7846eb74 3 hours ago 470MB <none> <none> cb45a33c957a 3 hours ago 470MB <none> <none> 7a1e07e37dc6 3 hours ago 105MB neo@MacBook-Pro ~/git/springcloud/webflux % docker rmi -f $(docker images | grep none | awk '{print $3}') Deleted: sha256:0fe48d3d68c6e6784b6080a14a0f06eec55a29f2593b601579ffa3e34e0de6fe Deleted: sha256:14a1b072ff90eeccd14530b60576fe488917df6bf4e1e369dfc841adf8827e72 Deleted: sha256:08f9d5b08dca78932767195c9188f6c32fccf6a8394ce0955ae280ca785187c2 Deleted: sha256:8372211e8f27dd23093b151a157b990b2d96feec2d3dd9ab38acbd6645c423c9 Deleted: sha256:d47c4aec3dec6beae787a1e1ab0245e69ca0e0aeaca76db2decaee3c5be13c5c Deleted: sha256:e791fe1e86eeb86c4195d3558bb67025deaee36c5430fb83c60ab8c188774667 Deleted: sha256:10e486f8b7e000f5deb920cdd7db4d56fceab689747eda8ba365419d7abb7461 Deleted: sha256:eaccd2521fab18511d5aa1e51184f25442c3e717e29e85ff255c1f4f031ea572 Deleted: sha256:3af7330310b481636cdf756208cac87de4704612f95af2d309aa327b5d1fd30b Deleted: sha256:4e741a99e2f707b6957be436d384d087200ebd11c8673b2c0c1e8baef304fbfb
显示容器运行日志,用于排查异常情况
$ docker logs [OPTIONS] CONTAINER Options: --details 显示更多的信息 -f, --follow 跟踪实时日志 --since string 显示自某个timestamp之后的日志,或相对时间,如42m(即42分钟) --tail string 从日志末尾显示多少行日志, 默认是all -t, --timestamps 显示时间戳 --until string 显示自某个timestamp之前的日志,或相对时间,如42m(即42分钟)
例如下面是nginx容易启动出错日志
[root@netkiller]# docker logs my-nginx-container nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80
https://docs.docker.com/engine/reference/commandline/login/
登陆到一个Docker镜像仓库,如果未指定镜像仓库地址,默认为官方仓库 Docker Hub
docker login -u 用户名 -p 密码
登陆到私有仓库
$ docker login localhost:8080
从标准输出传递密码
$ cat ~/my_password.txt | docker login --username foo --password-stdin
docker network create -d bridge --subnet 172.25.0.0/16 private_network docker run -d -v /usr/local/etc/redis/redis.conf:/usr/local/etc/redis/redis.conf -p 6379:6379 --network=private_network --name redis redis redis-server /usr/local/etc/redis/redis.conf
neo@MacBook-Pro-Neo ~ % docker events 2020-10-22T21:29:44.289075472+08:00 network create 8eab34642596e253eb51aa40cc4f5c4c14fb88f1bad7c8cbdeacc2ad411cdb44 (name=search_elastic, type=bridge) 2020-10-22T21:29:44.304732058+08:00 volume create search_data01 (driver=local) 2020-10-22T21:29:44.319023013+08:00 volume create search_data02 (driver=local) 2020-10-22T21:29:44.331507541+08:00 volume create search_data03 (driver=local) 2020-10-22T21:29:44.584989392+08:00 volume create search_data01 (driver=local)
neo@MacBook-Pro-Neo ~ % docker cp 13acbc98fb35:/etc/nginx/nginx.conf nginx/conf
复制文件和目录
[root@localhost nginx]# docker cp nginx:/etc/nginx/nginx.conf . [root@localhost nginx]# docker cp nginx:/etc/nginx/conf.d .
neo@MacBook-Pro-Neo ~/workspace/Linux % docker history prom/prometheus:latest IMAGE CREATED CREATED BY SIZE COMMENT 267e73020447 9 days ago /bin/sh -c #(nop) CMD ["--config.file=/etc/… 0B <missing> 9 days ago /bin/sh -c #(nop) ENTRYPOINT ["/bin/prometh… 0B <missing> 9 days ago /bin/sh -c #(nop) WORKDIR /prometheus 0B <missing> 9 days ago /bin/sh -c #(nop) VOLUME [/prometheus] 0B <missing> 9 days ago /bin/sh -c #(nop) EXPOSE 9090 0B <missing> 9 days ago /bin/sh -c #(nop) USER nobody 0B <missing> 9 days ago |2 ARCH=amd64 OS=linux /bin/sh -c mkdir -p /… 1kB <missing> 9 days ago |2 ARCH=amd64 OS=linux /bin/sh -c ln -s /usr… 70B <missing> 9 days ago /bin/sh -c #(nop) COPY file:ccd2272d74b950d3… 129kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:e56be853b56584e3… 3.65kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:141c5dcfe0148c05… 11.4kB <missing> 9 days ago /bin/sh -c #(nop) COPY dir:fb3645c7e168b5a4c… 19.5kB <missing> 9 days ago /bin/sh -c #(nop) COPY dir:6111a57e3d623c34c… 9.04kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:a1aaf2bddcc0da1d… 934B <missing> 9 days ago /bin/sh -c #(nop) COPY file:32c8fb6cc8e0278c… 91.1MB <missing> 9 days ago /bin/sh -c #(nop) COPY file:a9b6183415409ccb… 102MB <missing> 9 days ago /bin/sh -c #(nop) ARG OS=linux 0B <missing> 9 days ago /bin/sh -c #(nop) ARG ARCH=amd64 0B <missing> 9 days ago /bin/sh -c #(nop) LABEL maintainer=The Prom… 0B <missing> 3 months ago /bin/sh -c #(nop) COPY dir:bb5589ed25434b0b5… 1.44MB <missing> 3 months ago /bin/sh -c #(nop) MAINTAINER The Prometheus… 0B <missing> 3 months ago /bin/sh -c #(nop) CMD ["sh"] 0B <missing> 3 months ago /bin/sh -c #(nop) ADD file:dc794c2febce9ec5b… 1.24MB
使用 --no-trunc 可以查看被隐藏的部分
neo@MacBook-Pro-Neo ~/workspace/Linux % docker history --no-trunc docker.io/mysql:latest
Neo-iMac:nginx neo$ docker scan Usage: docker scan [OPTIONS] IMAGE A tool to scan your images Options: --accept-license Accept using a third party scanning provider --dependency-tree Show dependency tree with scan results --exclude-base Exclude base image from vulnerability scanning (requires --file) -f, --file string Dockerfile associated with image, provides more detailed results --group-issues Aggregate duplicated vulnerabilities and group them to a single one (requires --json) --json Output results in JSON format --login Authenticate to the scan provider using an optional token (with --token), or web base token if empty --reject-license Reject using a third party scanning provider --severity string Only report vulnerabilities of provided level or higher (low|medium|high) --token string Authentication token to login to the third party scanning provider --version Display version of the scan plugin "docker scan" requires exactly 1 argument
Neo-iMac:nginx neo$ docker scan redis:latest Neo-iMac:nginx neo$ docker scan 192.168.30.5/netkiller.cn/java
Neo-iMac:~ neo$ docker context Manage contexts Usage: docker context [command] Available Commands: create Create new context export Export a context to a tar or kubeconfig file import Import a context from a tar or zip file inspect Display detailed information on one or more contexts list List available contexts rm Remove one or more contexts show Print the current context update Update a context use Set the default context Flags: -h, --help Help for context Use "docker context [command] --help" for more information about a command.
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock
localhost default unix:///var/run/docker.sock Remote host remote ssh://user@remotemachine docker-in-docker dind tcp://127.0.0.1:2375
Neo-iMac:~ neo$ docker context create development --docker "host=ssh://root@192.168.30.11" development Successfully created context "development" Neo-iMac:~ neo$ docker context create testing --docker "host=tcp://192.168.30.11:2376" testing Successfully created context "testing"
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock development moby ssh://root@192.168.30.11 testing moby tcp://192.168.30.11:2376
Neo-iMac:~ neo$ docker context inspect [ { "Name": "default", "Metadata": { "StackOrchestrator": "swarm" }, "Endpoints": { "docker": { "Host": "unix:///var/run/docker.sock", "SkipTLSVerify": false } }, "TLSMaterial": {}, "Storage": { "MetadataPath": "\u003cIN MEMORY\u003e", "TLSPath": "\u003cIN MEMORY\u003e" } } ]
切换默认为 development
Neo-iMac:~ neo$ docker context use development development
查看,注意 * 指标
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock development * moby ssh://root@192.168.30.11 testing moby tcp://192.168.30.11:2376
连接到 development 查看 ps
Neo-iMac:~ neo$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be36eb55d2a7 openjdk:8 "java -jar /app/neo…" 6 days ago Up 40 hours 0.0.0.0:8088->8080/tcp, :::8088->8080/tcp api 5c6892c6d488 redis:alpine "docker-entrypoint.s…" 2 months ago Up 2 weeks 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis 9ee2a3aab354 portainer/agent "./agent" 3 months ago Up 2 weeks 0.0.0.0:9001->9001/tcp, :::9001->9001/tcp portainer-agent 84639b1810a1 mysql:5.7 "docker-entrypoint.s…" 3 months ago Up 2 weeks 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql
Neo-iMac:~ neo$ docker --context default ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES Neo-iMac:~ neo$ docker --context development ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be36eb55d2a7 openjdk:8 "java -jar /app/neo…" 6 days ago Up 41 hours 0.0.0.0:8088->8080/tcp, :::8088->8080/tcp api
[root@localhost ~]# docker-compose version docker-compose version 1.29.2, build 5becea4c docker-py version: 5.0.0 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
[root@localhost tmp]# cat app.py import time import redis from flask import Flask app = Flask(__name__) cache = redis.Redis(host='redis', port=6379) def get_hit_count(): retries = 5 while True: try: return cache.incr('hits') except redis.exceptions.ConnectionError as exc: if retries == 0: raise exc retries -= 1 time.sleep(0.5) @app.route('/') def hello(): count = get_hit_count() return 'Hello World! I have been seen {} times.\n'.format(count) if __name__ == "__main__": app.run(host="0.0.0.0", debug=True)
[root@localhost tmp]# cat requirements.txt flask redis
[root@localhost tmp]# cat Dockerfile FROM python:3.4-alpine ADD . /code WORKDIR /code RUN pip install -r requirements.txt CMD ["python", "app.py"]
[root@localhost tmp]# cat docker-compose.yml version: '2' services: web: build: . ports: - "5000:5000" redis: image: "redis:alpine"
docker-compose up
[root@localhost docker]# docker-compose up
守护进程
docker-compose up -d
启动指定服务
[root@localhost docker]# docker-compose up mysql [root@localhost docker]# docker-compose up -d mysql
指定 yml 文件
$ docker-compose -f docker-compose.yml up -d
docker-compose down
[root@localhost docker]# docker-compose down Removing docker_membersrvc_1 ... done
docker-compose ps
[root@localhost docker]# docker-compose ps Name Command State Ports ----------------------------------------------------------------------------------------------------------------------------------- test_membersrvc_1 membersrvc Up 0.0.0.0:7054->7054/tcp test_vp0_1 sh -c sleep 5; peer node s ... Up 0.0.0.0:7050->7050/tcp, 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp
docker-compose logs -f vp0
查看最后100行日志
[www@testing api.netkiller.cn]$ sudo docker-compose logs -f --tail=100