| 知乎专栏 | 多维度架构 |
TCP 2375
Neo-iMac:~ neo$ docker -H 192.168.30.10:2375 info
SSH 方式
Neo-iMac:~ neo$ docker -H ssh://root@192.168.30.13 info Client: Context: default Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.6.3) compose: Docker Compose (Docker Inc., v2.1.1) scan: Docker Scan (Docker Inc., 0.9.0) Server: Containers: 3 Running: 2 Paused: 0 Stopped: 1 Images: 178 Server Version: 20.10.11 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2 Default Runtime: runc Init Binary: docker-init containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-338.el8.x86_64 Operating System: CentOS Stream 8 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.514GiB Name: localhost.localdomain ID: XGEY:2L25:2GTC:LGK5:3D7D:TC5B:EBBU:5GZJ:VDZ2:S67Z:T7VK:O7WD Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: registry.netkiller.cn 127.0.0.0/8 Registry Mirrors: https://registry.cn-hangzhou.aliyuncs.com/ https://docker.mirrors.ustc.edu.cn/ https://registry.docker-cn.com/ http://hub-mirror.c.163.com/ Live Restore Enabled: false
设置 DOCKER_HOST 环境变量
Neo-iMac:~ neo$ export DOCKER_HOST=tcp://192.168.30.10:2375 Neo-iMac:~ neo$ docker info Client: Context: default Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.6.3) compose: Docker Compose (Docker Inc., v2.1.1) scan: Docker Scan (Docker Inc., 0.9.0) Server: Containers: 11 Running: 11 Paused: 0 Stopped: 0 Images: 11 Server Version: 20.10.10 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8 runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-348.el8.x86_64 Operating System: CentOS Stream 8 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.39GiB Name: testing ID: 5GBU:CMWS:VIVP:TREZ:Y5AP:OGOW:EABK:NP4R:AWUA:S4J2:2YQ2:U7MT Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://hub-mirror.c.163.com/ https://mirror.baidubce.com/ https://docker.mirrors.ustc.edu.cn/ Live Restore Enabled: false
neo@MacBook-Pro ~ % docker info Containers: 9 Running: 8 Paused: 0 Stopped: 1 Images: 5 Server Version: 18.09.2 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.9.125-linuxkit Operating System: Docker for Mac OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 1.952GiB Name: linuxkit-025000000001 ID: IT7A:OHXM:XG4E:HX53:ZMA3:GIRA:CYMP:6IJF:QKZ5:MQI4:6LU2:ZD7Z Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): true File Descriptors: 70 Goroutines: 88 System Time: 2019-03-31T04:23:51.43837431Z EventsListeners: 2 HTTP Proxy: gateway.docker.internal:3128 HTTPS Proxy: gateway.docker.internal:3129 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Product License: Community Engine
iMac
iMac:~ neo$ docker info Client: Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.3.1-tp-docker) scan: Docker Scan (Docker Inc., v0.3.3) app: Docker Application (Docker Inc., v0.8.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.13-beta2 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.19.76-linuxkit Operating System: Docker Desktop OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.848GiB Name: docker-desktop ID: LWQ5:KBRL:SE7U:SJZ4:ANS2:JEQD:5YJO:MVRG:HIEA:XDWD:LQIZ:EJPX Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: gateway.docker.internal:3128 HTTPS Proxy: gateway.docker.internal:3129 Registry: https://index.docker.io/v1/ Labels: Experimental: true Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://registry.docker-cn.com/ Live Restore Enabled: false Product License: Community Engine
run
$ sudo docker run ubuntu:14.04 /bin/echo 'Hello world' Hello world
该参数用于指定自动重启docker容器策略,包含3个选项:no,on-failure[:times],always,unless-stopped
no 默认值,表示容器退出时,docker不自动重启容器 docker run --restart=no [容器名] on-failure 若容器的退出状态非0,则docker自动重启容器,还可以指定重启次数,若超过指定次数未能启动容器则放弃 docker run --restart=on-failure:3 [容器名] always 容器退出时总是重启 docker run --restart=always [容器名] unless-stopped 容器退出时总是重启,但不考虑Docker守护进程启动时就已经停止的容器 docker run --restart=unless-stopped [容器名]
[root@localhost ~]# docker run -t -i centos:latest bash [root@test /]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 254:0 0 59.6G 0 disk |-vda1 254:1 0 59.6G 0 part /etc/hosts `-vda2 252:1 0 1G 0 part [root@test /]# mount /dev/vda2 /mnt/ mount: permission denied
加入 --privileged 选项后
[root@netkiller ~]# docker run -t -i --privileged centos:latest bash [root@test /]# mount /dev/vda2 /mnt/
docker run -e VAR1=value1 --env VAR2=value2 ubuntu docker run --env VAR1=value1 --env VAR2=value2 ubuntu
docker run -p 80:80 ubuntu bash docker run -p 127.0.0.1:80:80 ubuntu bash docker run -p 127.0.0.1:80:80/tcp ubuntu bash
sudo docker start silly_bohr silly_bohr $ sudo docker stop silly_bohr silly_bohr $ sudo docker restart silly_bohr silly_bohr
为容器增加 --restart 参数
如果容器启动时没有设置–restart参数,则通过下面命令进行更新: docker update --restart=always [容器名]
OPTIONS说明: -a :显示所有的容器,包括未运行的。 -f :根据条件过滤显示的内容。 --format :指定返回值的模板文件。 -l :显示最近创建的容器。 -n :列出最近创建的n个容器。 --no-trunc :不截断输出。 -q :静默模式,只显示容器编号。 -s :显示总的文件大小。
sudo docker ps
$ sudo docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 84391d1de0fc ubuntu:14.04 /bin/echo Hello worl 31 minutes ago Exit 0 romantic_ritchie
正常情况下无法显示完整的 COMMAND 信息
neo@MacBook-Pro-Neo ~ % docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 08252e252e11 eb705d309426 "redis-server /etc/r…" About a minute ago Up About a minute 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis
使用 --no-trunc 参数可以显示完整信息
neo@MacBook-Pro-Neo ~ % docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 08252e252e113105568f8b60b7bcee2f47978938402e440ba6874221a1621220 sha256:eb705d3094264a13130234869af89b635138f3d05b964ffdf6b3ee961f44a664 "redis-server /etc/redis.conf --requirepass yourpassword" About a minute ago Up About a minute 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis
格式化选项(--format)
.ID 容器ID
.Image 镜像ID
.Command Quoted command
.CreatedAt 创建容器的时间点.
.RunningFor 从容器创建到现在过去的时间.
.Ports 暴露的端口.
.Status 容器状态.
.Size 容器占用硬盘大小.
.Names 容器名称.
.Labels 容器所有的标签.
.Label 指定label的值 例如'{{.Label “com.docker.swarm.cpu”}}’
.Mounts 挂载到这个容器的数据卷名称
$ docker ps --format "{{.Names}}={{.ID}}"
portal=04b421501ab7
price=098f85c3c916
admin=8617cb486566
$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 13b2a4a31455 ubuntu:14.04 /bin/bash 3 hours ago Up 3 hours silly_bohr $ sudo docker top silly_bohr UID PID PPID C STIME TTY TIME CMD root 23225 22908 0 12:17 pts/14 00:00:00 /bin/bash
$ sudo docker inspect silly_bohr
[{
"ID": "13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a",
"Created": "2014-07-17T04:17:45.262480632Z",
"Path": "/bin/bash",
"Args": [],
"Config": {
"Hostname": "13b2a4a31455",
"Domainname": "",
"User": "",
"Memory": 0,
"MemorySwap": 0,
"CpuShares": 0,
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"PortSpecs": null,
"ExposedPorts": null,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Dns": [
"8.8.8.8",
"8.8.4.4"
],
"Image": "ubuntu",
"Volumes": null,
"VolumesFrom": "",
"WorkingDir": "",
"Entrypoint": null,
"NetworkDisabled": false,
"OnBuild": null
},
"State": {
"Running": true,
"Pid": 23225,
"ExitCode": 0,
"StartedAt": "2014-07-17T04:17:45.672269614Z",
"FinishedAt": "0001-01-01T00:00:00Z",
"Ghost": false
},
"Image": "e54ca5efa2e962582a223ca9810f7f1b62ea9b5c3975d14a5da79d3bf6020f37",
"NetworkSettings": {
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"Gateway": "172.17.42.1",
"Bridge": "docker0",
"PortMapping": null,
"Ports": {}
},
"ResolvConfPath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/hostname",
"HostsPath": "/var/lib/docker/containers/13b2a4a3145528d087c9d1580fa78aaa52e8a9bb973c9da923bceb9f9b9e7e5a/hosts",
"Name": "/silly_bohr",
"Driver": "aufs",
"ExecDriver": "native-0.1",
"Volumes": {},
"VolumesRW": {},
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LxcConf": [],
"Privileged": false,
"PortBindings": {},
"Links": null,
"PublishAllPorts": false
}
}]
neo@MacBook-Pro ~ % docker inspect --format='{{.Name}}' $(docker ps -aq)
/redis-cli
/cluster_redisslave3_1
/cluster_redismaster3_1
/cluster_redismaster2_1
/cluster_redisslave2_1
/cluster_redismaster1_1
/cluster_redisslave1_1
/cluster_redis-image_1
/devel_eureka_1
/devel_config_1
/quizzical_heisenberg
neo@MacBook-Pro ~ % docker inspect --format='{{.Name}}' $(docker ps -aq)|cut -d"/" -f2
redis-cli
cluster_redisslave3_1
cluster_redismaster3_1
cluster_redismaster2_1
cluster_redisslave2_1
cluster_redismaster1_1
cluster_redisslave1_1
cluster_redis-image_1
devel_eureka_1
devel_config_1
quizzical_heisenberg
neo@MacBook-Pro ~ % docker inspect --format='{{.Config.Image}}' `docker ps -a -q`
netkiller/redis:latest
netkiller/redis
netkiller/redis
netkiller/redis
netkiller/redis
netkiller/redis
netkiller/redis
netkiller/redis:latest
netkiller/eureka:latest
netkiller/config:latest
netkiller/eureka
neo@MacBook-Pro ~ % docker inspect --format '{{ .Config.Hostname }}' $(docker ps -q)
dbea51159085
79126b58e92a
5d1fff33a3e1
42a58cb957d9
68904b82d071
70a20dd0396d
742313f2af46
$ sudo docker inspect -f '{{ .NetworkSettings.IPAddress }}' silly_bohr
[root@development ~]# docker ps | grep mysql
84639b1810a1 mysql:5.7 "docker-entrypoint.s…" 2 weeks ago Up 22 hours 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql
[root@development ~]# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql
172.21.0.4
neo@MacBook-Pro ~ % docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)
172.24.0.7
172.24.0.6
172.24.0.5
172.24.0.4
172.24.0.3
172.24.0.2
获取容器的MAC地址
neo@MacBook-Pro ~ % docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $(docker ps -a -q)
02:42:ac:18:00:07
02:42:ac:18:00:06
02:42:ac:18:00:05
02:42:ac:18:00:04
02:42:ac:18:00:03
02:42:ac:18:00:02
[root@development ~]# docker network ls | grep nginx
a82ea0e05c7b nginx_default bridge local
[root@development ~]# docker network inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' nginx_default
172.26.0.0/16
neo@MacBook-Pro ~ % docker inspect --format='{{.LogPath}}' `docker ps -a -q`
/var/lib/docker/containers/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168-json.log
/var/lib/docker/containers/79126b58e92adbe933d8e39966af1e19cd867afe509deca2689fd27e5d25dce7/79126b58e92adbe933d8e39966af1e19cd867afe509deca2689fd27e5d25dce7-json.log
/var/lib/docker/containers/5d1fff33a3e14d409e2ef675820d68af0fdd6d512a7db06540b02b612eb889cc/5d1fff33a3e14d409e2ef675820d68af0fdd6d512a7db06540b02b612eb889cc-json.log
/var/lib/docker/containers/42a58cb957d965d5ac0aa5d329c6b68aa7f62cae096f974df99281f50c4819ab/42a58cb957d965d5ac0aa5d329c6b68aa7f62cae096f974df99281f50c4819ab-json.log
/var/lib/docker/containers/68904b82d071b956757a54c50d95122210e84012542ec3cbe354b72601bf62ba/68904b82d071b956757a54c50d95122210e84012542ec3cbe354b72601bf62ba-json.log
/var/lib/docker/containers/70a20dd0396d4b48314bfe119d71fc810fe17fcb174d0bfb116bb8da53bff677/70a20dd0396d4b48314bfe119d71fc810fe17fcb174d0bfb116bb8da53bff677-json.log
/var/lib/docker/containers/742313f2af466b7b932f8562e0dc75a228c7f815b4eb5a35dd1618d94c88bf7e/742313f2af466b7b932f8562e0dc75a228c7f815b4eb5a35dd1618d94c88bf7e-json.log
/var/lib/docker/containers/d60dcf49c5d4c78904c442f8fb09e5d3d57a9a2d21f6abaae7ee2d36bcc3e4a2/d60dcf49c5d4c78904c442f8fb09e5d3d57a9a2d21f6abaae7ee2d36bcc3e4a2-json.log
/var/lib/docker/containers/44c7ea7593838db1cea824862ee9708c77143d0e07d12cae0116cd8231eb2d1c/44c7ea7593838db1cea824862ee9708c77143d0e07d12cae0116cd8231eb2d1c-json.log
/var/lib/docker/containers/ae3c930f6eca854c9dc1c2ae84b7c870d63f3731290d347dc27fcf85c36821e5/ae3c930f6eca854c9dc1c2ae84b7c870d63f3731290d347dc27fcf85c36821e5-json.log
/var/lib/docker/containers/9beae3d5f5132e5f733e044d634b1e8b2650c30151db1a8468109bbf891be674/9beae3d5f5132e5f733e044d634b1e8b2650c30151db1a8468109bbf891be674-json.log
neo@MacBook-Pro ~ % docker inspect --format='{{json .Config}}' dbea51159085 | jq
{
"Hostname": "dbea51159085",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.10",
"REDIS_VERSION=5.0.4",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-5.0.4.tar.gz",
"REDIS_DOWNLOAD_SHA=3ce9ceff5a23f60913e1573f6dfcd4aa53b42d4a2789e28fa53ec2bd28c987dd",
"REDIS_PORT=6379"
],
"Cmd": [
"redis-cli"
],
"Image": "netkiller/redis:latest",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "f2e8434ec82c796bceac48461d71d487ff3fb53f711220a1efb976c59bd4d68c",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "cluster",
"com.docker.compose.service": "redis-cli",
"com.docker.compose.version": "1.23.2"
}
}
拆分和组合
neo@MacBook-Pro ~ % docker inspect --format '{{join .Config.Entrypoint " , "}}' dbea51159085
/docker-entrypoint.sh
neo@MacBook-Pro ~ % docker inspect --format '{{.HostsPath}}' dbea51159085
/var/lib/docker/containers/dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168/hosts
neo@MacBook-Pro ~ % docker inspect --format '{{split .HostsPath "/"}}' dbea51159085
[ var lib docker containers dbea511590859fee80565d1c047da2443d62f72f79627c7a97fd891b3ae41168 hosts]
大小写转换
neo@MacBook-Pro ~ % docker inspect --format "{{lower .Name}}" dbea51159085
/redis-cli
neo@MacBook-Pro ~ % docker inspect --format "{{upper .Name}}" dbea51159085
/REDIS-CLI
首字母大写
neo@MacBook-Pro ~ % docker inspect --format "{{title .State.Status}}" dbea51159085
Restarting
长度计算
neo@MacBook-Pro ~ % docker inspect --format '{{len .Name}}' dbea51159085
10
打印字符串
neo@MacBook-Pro ~ % INSTANCE_ID=42a58cb957d9
neo@MacBook-Pro ~ % docker inspect --format '{{.State.Pid}}{{.State.ExitCode}}' $INSTANCE_ID
745770
neo@MacBook-Pro ~ % docker inspect --format '{{print .State.Pid .State.ExitCode}}' $INSTANCE_ID
74577 0
neo@MacBook-Pro ~ % docker inspect --format '{{printf "Pid:%d ExitCode:%d" .State.Pid .State.ExitCode}}' $INSTANCE_ID
Pid:74577 ExitCode:0
neo@MacBook-Pro ~ % docker inspect --format '{{.State.Pid}}{{print "|"}}{{.State.ExitCode}}' $INSTANCE_ID
74577|0
neo@MacBook-Pro ~ % docker inspect --format 'Hostname:{{ .Config.Hostname }} Name:{{.Name}} IP:{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)
Hostname:dbea51159085 Name:/redis-cli IP:
Hostname:79126b58e92a Name:/cluster_redisslave3_1 IP:172.24.0.7
Hostname:5d1fff33a3e1 Name:/cluster_redismaster3_1 IP:172.24.0.6
Hostname:42a58cb957d9 Name:/cluster_redismaster2_1 IP:172.24.0.5
Hostname:68904b82d071 Name:/cluster_redisslave2_1 IP:172.24.0.4
Hostname:70a20dd0396d Name:/cluster_redismaster1_1 IP:172.24.0.3
Hostname:742313f2af46 Name:/cluster_redisslave1_1 IP:172.24.0.2
docker inspect --format '{{ .Config.Hostname }}:{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)
[root@netkiller ~]# docker inspect gitlab | grep Mounts -A 20
"Mounts": [
{
"Source": "/srv/gitlab/config",
"Destination": "/etc/gitlab",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
{
"Source": "/srv/gitlab/logs",
"Destination": "/var/log/gitlab",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
{
"Source": "/srv/gitlab/data",
"Destination": "/var/opt/gitlab",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
$ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 14.10 58faa899733f 2 weeks ago 196 MB ubuntu utopic 58faa899733f 2 weeks ago 196 MB ubuntu precise ea7d6801c538 3 weeks ago 127.5 MB ubuntu 12.04 ea7d6801c538 3 weeks ago 127.5 MB ubuntu 12.10 c5881f11ded9 4 weeks ago 172.2 MB ubuntu quantal c5881f11ded9 4 weeks ago 172.2 MB ubuntu 13.04 463ff6be4238 4 weeks ago 169.4 MB ubuntu raring 463ff6be4238 4 weeks ago 169.4 MB ubuntu 13.10 195eb90b5349 4 weeks ago 184.7 MB ubuntu saucy 195eb90b5349 4 weeks ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu latest e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu trusty e54ca5efa2e9 4 weeks ago 276.5 MB ubuntu 10.04 3db9c44f4520 12 weeks ago 183 MB ubuntu lucid 3db9c44f4520 12 weeks ago 183 MB
$ sudo docker pull centos Pulling repository centos b7de3133ff98: Pulling dependent layers 5cc9e91966f7: Pulling fs layer 511136ea3c5a: Download complete ef52fb1fe610: Download complete
neo@MacBook-Pro ~/git/springcloud/webflux % docker images | grep none | cut -f2
<none> <none> 0fe48d3d68c6 About an hour ago 487MB
<none> <none> 8372211e8f27 About an hour ago 487MB
<none> <none> 10e486f8b7e0 About an hour ago 487MB
<none> <none> 4e741a99e2f7 About an hour ago 487MB
<none> <none> ecb48c238139 About an hour ago 487MB
<none> <none> 5fb2543fe938 About an hour ago 487MB
<none> <none> 2638e33e8168 About an hour ago 487MB
<none> <none> 447651629be0 About an hour ago 470MB
<none> <none> f66e1450b24b About an hour ago 487MB
<none> <none> 90e5e4ccedb1 2 hours ago 486MB
<none> <none> 4de93b767f79 3 hours ago 486MB
<none> <none> 746b7846eb74 3 hours ago 470MB
<none> <none> cb45a33c957a 3 hours ago 470MB
<none> <none> 7a1e07e37dc6 3 hours ago 105MB
neo@MacBook-Pro ~/git/springcloud/webflux % docker rmi -f $(docker images | grep none | awk '{print $3}')
Deleted: sha256:0fe48d3d68c6e6784b6080a14a0f06eec55a29f2593b601579ffa3e34e0de6fe
Deleted: sha256:14a1b072ff90eeccd14530b60576fe488917df6bf4e1e369dfc841adf8827e72
Deleted: sha256:08f9d5b08dca78932767195c9188f6c32fccf6a8394ce0955ae280ca785187c2
Deleted: sha256:8372211e8f27dd23093b151a157b990b2d96feec2d3dd9ab38acbd6645c423c9
Deleted: sha256:d47c4aec3dec6beae787a1e1ab0245e69ca0e0aeaca76db2decaee3c5be13c5c
Deleted: sha256:e791fe1e86eeb86c4195d3558bb67025deaee36c5430fb83c60ab8c188774667
Deleted: sha256:10e486f8b7e000f5deb920cdd7db4d56fceab689747eda8ba365419d7abb7461
Deleted: sha256:eaccd2521fab18511d5aa1e51184f25442c3e717e29e85ff255c1f4f031ea572
Deleted: sha256:3af7330310b481636cdf756208cac87de4704612f95af2d309aa327b5d1fd30b
Deleted: sha256:4e741a99e2f707b6957be436d384d087200ebd11c8673b2c0c1e8baef304fbfb
显示容器运行日志,用于排查异常情况
$ docker logs [OPTIONS] CONTAINER
Options:
--details 显示更多的信息
-f, --follow 跟踪实时日志
--since string 显示自某个timestamp之后的日志,或相对时间,如42m(即42分钟)
--tail string 从日志末尾显示多少行日志, 默认是all
-t, --timestamps 显示时间戳
--until string 显示自某个timestamp之前的日志,或相对时间,如42m(即42分钟)
例如下面是nginx容易启动出错日志
[root@netkiller]# docker logs my-nginx-container nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80 nginx: [emerg] invalid server name or wildcard "www.*.com" on 0.0.0.0:80
https://docs.docker.com/engine/reference/commandline/login/
登陆到一个Docker镜像仓库,如果未指定镜像仓库地址,默认为官方仓库 Docker Hub
docker login -u 用户名 -p 密码
登陆到私有仓库
$ docker login localhost:8080
从标准输出传递密码
$ cat ~/my_password.txt | docker login --username foo --password-stdin
docker network create -d bridge --subnet 172.25.0.0/16 private_network docker run -d -v /usr/local/etc/redis/redis.conf:/usr/local/etc/redis/redis.conf -p 6379:6379 --network=private_network --name redis redis redis-server /usr/local/etc/redis/redis.conf
neo@MacBook-Pro-Neo ~ % docker events 2020-10-22T21:29:44.289075472+08:00 network create 8eab34642596e253eb51aa40cc4f5c4c14fb88f1bad7c8cbdeacc2ad411cdb44 (name=search_elastic, type=bridge) 2020-10-22T21:29:44.304732058+08:00 volume create search_data01 (driver=local) 2020-10-22T21:29:44.319023013+08:00 volume create search_data02 (driver=local) 2020-10-22T21:29:44.331507541+08:00 volume create search_data03 (driver=local) 2020-10-22T21:29:44.584989392+08:00 volume create search_data01 (driver=local)
neo@MacBook-Pro-Neo ~ % docker cp 13acbc98fb35:/etc/nginx/nginx.conf nginx/conf
复制文件和目录
[root@localhost nginx]# docker cp nginx:/etc/nginx/nginx.conf . [root@localhost nginx]# docker cp nginx:/etc/nginx/conf.d .
neo@MacBook-Pro-Neo ~/workspace/Linux % docker history prom/prometheus:latest IMAGE CREATED CREATED BY SIZE COMMENT 267e73020447 9 days ago /bin/sh -c #(nop) CMD ["--config.file=/etc/… 0B <missing> 9 days ago /bin/sh -c #(nop) ENTRYPOINT ["/bin/prometh… 0B <missing> 9 days ago /bin/sh -c #(nop) WORKDIR /prometheus 0B <missing> 9 days ago /bin/sh -c #(nop) VOLUME [/prometheus] 0B <missing> 9 days ago /bin/sh -c #(nop) EXPOSE 9090 0B <missing> 9 days ago /bin/sh -c #(nop) USER nobody 0B <missing> 9 days ago |2 ARCH=amd64 OS=linux /bin/sh -c mkdir -p /… 1kB <missing> 9 days ago |2 ARCH=amd64 OS=linux /bin/sh -c ln -s /usr… 70B <missing> 9 days ago /bin/sh -c #(nop) COPY file:ccd2272d74b950d3… 129kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:e56be853b56584e3… 3.65kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:141c5dcfe0148c05… 11.4kB <missing> 9 days ago /bin/sh -c #(nop) COPY dir:fb3645c7e168b5a4c… 19.5kB <missing> 9 days ago /bin/sh -c #(nop) COPY dir:6111a57e3d623c34c… 9.04kB <missing> 9 days ago /bin/sh -c #(nop) COPY file:a1aaf2bddcc0da1d… 934B <missing> 9 days ago /bin/sh -c #(nop) COPY file:32c8fb6cc8e0278c… 91.1MB <missing> 9 days ago /bin/sh -c #(nop) COPY file:a9b6183415409ccb… 102MB <missing> 9 days ago /bin/sh -c #(nop) ARG OS=linux 0B <missing> 9 days ago /bin/sh -c #(nop) ARG ARCH=amd64 0B <missing> 9 days ago /bin/sh -c #(nop) LABEL maintainer=The Prom… 0B <missing> 3 months ago /bin/sh -c #(nop) COPY dir:bb5589ed25434b0b5… 1.44MB <missing> 3 months ago /bin/sh -c #(nop) MAINTAINER The Prometheus… 0B <missing> 3 months ago /bin/sh -c #(nop) CMD ["sh"] 0B <missing> 3 months ago /bin/sh -c #(nop) ADD file:dc794c2febce9ec5b… 1.24MB
使用 --no-trunc 可以查看被隐藏的部分
neo@MacBook-Pro-Neo ~/workspace/Linux % docker history --no-trunc docker.io/mysql:latest
Neo-iMac:nginx neo$ docker scan
Usage: docker scan [OPTIONS] IMAGE
A tool to scan your images
Options:
--accept-license Accept using a third party scanning provider
--dependency-tree Show dependency tree with scan results
--exclude-base Exclude base image from vulnerability scanning (requires --file)
-f, --file string Dockerfile associated with image, provides more detailed results
--group-issues Aggregate duplicated vulnerabilities and group them to a single one (requires --json)
--json Output results in JSON format
--login Authenticate to the scan provider using an optional token (with --token), or web base token if empty
--reject-license Reject using a third party scanning provider
--severity string Only report vulnerabilities of provided level or higher (low|medium|high)
--token string Authentication token to login to the third party scanning provider
--version Display version of the scan plugin
"docker scan" requires exactly 1 argument
Neo-iMac:nginx neo$ docker scan redis:latest Neo-iMac:nginx neo$ docker scan 192.168.30.5/netkiller.cn/java
Neo-iMac:~ neo$ docker context Manage contexts Usage: docker context [command] Available Commands: create Create new context export Export a context to a tar or kubeconfig file import Import a context from a tar or zip file inspect Display detailed information on one or more contexts list List available contexts rm Remove one or more contexts show Print the current context update Update a context use Set the default context Flags: -h, --help Help for context Use "docker context [command] --help" for more information about a command.
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock
localhost default unix:///var/run/docker.sock Remote host remote ssh://user@remotemachine docker-in-docker dind tcp://127.0.0.1:2375
Neo-iMac:~ neo$ docker context create development --docker "host=ssh://root@192.168.30.11" development Successfully created context "development" Neo-iMac:~ neo$ docker context create testing --docker "host=tcp://192.168.30.11:2376" testing Successfully created context "testing"
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock development moby ssh://root@192.168.30.11 testing moby tcp://192.168.30.11:2376
Neo-iMac:~ neo$ docker context inspect
[
{
"Name": "default",
"Metadata": {
"StackOrchestrator": "swarm"
},
"Endpoints": {
"docker": {
"Host": "unix:///var/run/docker.sock",
"SkipTLSVerify": false
}
},
"TLSMaterial": {},
"Storage": {
"MetadataPath": "\u003cIN MEMORY\u003e",
"TLSPath": "\u003cIN MEMORY\u003e"
}
}
]
切换默认为 development
Neo-iMac:~ neo$ docker context use development development
查看,注意 * 指标
Neo-iMac:~ neo$ docker context ls NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm desktop-linux moby unix:///Users/neo/.docker/run/docker.sock development * moby ssh://root@192.168.30.11 testing moby tcp://192.168.30.11:2376
连接到 development 查看 ps
Neo-iMac:~ neo$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be36eb55d2a7 openjdk:8 "java -jar /app/neo…" 6 days ago Up 40 hours 0.0.0.0:8088->8080/tcp, :::8088->8080/tcp api 5c6892c6d488 redis:alpine "docker-entrypoint.s…" 2 months ago Up 2 weeks 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis 9ee2a3aab354 portainer/agent "./agent" 3 months ago Up 2 weeks 0.0.0.0:9001->9001/tcp, :::9001->9001/tcp portainer-agent 84639b1810a1 mysql:5.7 "docker-entrypoint.s…" 3 months ago Up 2 weeks 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql
Neo-iMac:~ neo$ docker --context default ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES Neo-iMac:~ neo$ docker --context development ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be36eb55d2a7 openjdk:8 "java -jar /app/neo…" 6 days ago Up 41 hours 0.0.0.0:8088->8080/tcp, :::8088->8080/tcp api
[root@localhost ~]# docker-compose version docker-compose version 1.29.2, build 5becea4c docker-py version: 5.0.0 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
[root@localhost tmp]# cat app.py
import time
import redis
from flask import Flask
app = Flask(__name__)
cache = redis.Redis(host='redis', port=6379)
def get_hit_count():
retries = 5
while True:
try:
return cache.incr('hits')
except redis.exceptions.ConnectionError as exc:
if retries == 0:
raise exc
retries -= 1
time.sleep(0.5)
@app.route('/')
def hello():
count = get_hit_count()
return 'Hello World! I have been seen {} times.\n'.format(count)
if __name__ == "__main__":
app.run(host="0.0.0.0", debug=True)
[root@localhost tmp]# cat requirements.txt flask redis
[root@localhost tmp]# cat Dockerfile FROM python:3.4-alpine ADD . /code WORKDIR /code RUN pip install -r requirements.txt CMD ["python", "app.py"]
[root@localhost tmp]# cat docker-compose.yml
version: '2'
services:
web:
build: .
ports:
- "5000:5000"
redis:
image: "redis:alpine"
docker-compose up
[root@localhost docker]# docker-compose up
守护进程
docker-compose up -d
启动指定服务
[root@localhost docker]# docker-compose up mysql [root@localhost docker]# docker-compose up -d mysql
指定 yml 文件
$ docker-compose -f docker-compose.yml up -d
docker-compose down
[root@localhost docker]# docker-compose down Removing docker_membersrvc_1 ... done
docker-compose ps
[root@localhost docker]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------------------------------------
test_membersrvc_1 membersrvc Up 0.0.0.0:7054->7054/tcp
test_vp0_1 sh -c sleep 5; peer node s ... Up 0.0.0.0:7050->7050/tcp, 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp
docker-compose logs -f vp0
查看最后100行日志
[www@testing api.netkiller.cn]$ sudo docker-compose logs -f --tail=100