Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏

104.6. 容器管理

104.6.1. 查看容器

		
iMac:netkiller neo$ docker container ls		
		
		

104.6.2. 启动与终止容器

			
$ sudo docker run ubuntu:14.10 /bin/echo 'Hello world'
Hello world			
			
		

进入BASH

			
$ sudo docker run -t -i ubuntu:14.10 /bin/bash
root@f8c7b2afff14:/# 			
			
		

start / stop / restart

			
sudo docker start silly_bohr
silly_bohr

$ sudo docker stop silly_bohr
silly_bohr

$ sudo docker restart silly_bohr
silly_bohr
			
		
		
[root@localhost ~]# docker container start registry
registry

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
f1e57592f82a        registry:latest     "/entrypoint.sh /etc…"   8 days ago          Up 6 seconds        0.0.0.0:5000->5000/tcp   registry		

[root@localhost ~]# curl http://192.168.3.6:5000/v2/_catalog
{"repositories":[]}
		
		

守护进程运行

			
$ sudo docker run -d ubuntu:14.10 /bin/sh -c "while true; do echo hello world; sleep 1; done"
4cdbb75eeabf3f1ea87bec91accdf5211639d0895e94ab94ffa1d55fb7f62e2a
			
		

通过 docker ps 命令来查看容器信息

			
$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS               NAMES
4cdbb75eeabf        ubuntu:14.10        "/bin/sh -c 'while t   30 seconds ago      Up 28 seconds                           drunk_rosalind 
			
		

要获取容器的输出信息,可以通过 docker logs 命令。

			
$ sudo docker logs insane_babbage			
			
		

注意:守护进程在后台运行,所以无输出,只能通过docker logs 命令查看

104.6.3. 进入容器

			
$ sudo docker run -idt ubuntu:14.10
793f9805620d7e10564e0778c388640cb73b6a1aec663bf468904d72a4f219f2

$ sudo docker ps 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
793f9805620d        ubuntu:14.10        "/bin/bash"         5 seconds ago       Up 4 seconds                            mad_elion           

$ sudo docker attach mad_elion 
root@793f9805620d:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
			
		

104.6.4. 运行容器内的命令

		
neo@MacBook-Pro-Neo ~ % docker exec prometheus id         
uid=65534(nobody) gid=65534(nogroup)		
		
		

104.6.5. 导出和导入容器

104.6.5.1. Ubuntu

			
$ sudo docker export 7691a814370e > ubuntu.tar
			
			

			
			<![CDATA[
$ cat ubuntu.tar | sudo docker import - test/ubuntu:v1.0
			
			

指定 URL 或者某个目录来导入,例如

			
$sudo docker import http://example.com/exampleimage.tgz example/imagerepo			
			
			

104.6.5.2. Mac 导出与导入

导出

		
iMac:tmp neo$ docker export registry -o registry.tar		
		
			

导入

		
iMac:tmp neo$ docker import registry.tar 
sha256:1678c838115696f9540f168fe117ea81715b6b676497307e65d15d1ac10d9a11
		
			

指定 [REPOSITORY[:TAG]]

		
iMac:tmp neo$ docker import registry.tar registry:latest
sha256:7b76bd807a47dcc60e41bf2f8268ecf69906bb14c2ebaa348c4c15aac716b878

iMac:tmp neo$ docker images registry
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            latest              7b76bd807a47        11 seconds ago      26.2MB		
		
			

104.6.6. 停止所有容器

杀死所有正在运行的容器

			
docker kill $(docker ps -a -q)			
			
		

104.6.6.1. 信号处理

--signal, -s 向容器发送信号

发送一个SIGHUP信号

			
$ docker kill -s=SIGHUP my_container
			
			

你可以通过名字或数字指定自定义信号,SIG前缀是可选的,例如下面的命令是等价的:

			
$ docker kill -s=SIGHUP my_container
$ docker kill -s=HUP my_container
$ docker kill -s=1 my_container
			
			

104.6.7. 删除容器

使用 docker rm 来删除一个处于终止状态的容器。

			
$ sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
f8c7b2afff14        ubuntu:14.10        "/bin/bash"            14 minutes ago      Exited (0) 2 minutes ago                        agitated_fermat     
0abd2e5fc251        ubuntu:14.10        "/bin/echo 'Hello wo   15 minutes ago      Exited (0) 15 minutes ago                       clever_kowalevski 

$ sudo docker rm clever_kowalevski
clever_kowalevski

$ sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
f8c7b2afff14        ubuntu:14.10        "/bin/bash"         16 minutes ago      Exited (0) 5 minutes ago                       agitated_fermat     			
			
		

			
$ docker rm 719f98391ecf1d6f1f153ffea1bbd84cd2dc9cf6d31d5a4f348c60d98392814c
			
		

删除所有已经停止的容器

			
docker rm $(docker ps -a -q)			
			
		

104.6.8. log-driver

日志发送到 fluentd

		
docker run --log-driver=fluentd --log-opt fluentd-address=192.168.2.5:24220 ubuntu echo "Hello world"		
		
		

104.6.9. 操作系统

104.6.9.1. 设置环境变量

		
iMac:welcome neo$ docker run 127.0.0.1:5000/netkiller/welcome -e JAVA_OPTS="-server -Xms512m -Xmx4096m"		
		
			

104.6.9.2. /etc/hosts 配置

		
# docker run --add-host=docker:10.180.0.1 --rm -it debian
		
			

向 /etc/hosts 文件内添加主机名

		
docker run -it --add-host=db.netkiller.cn:172.16.18.80 ubuntu cat /etc/hosts		
		
			

104.6.9.3. sysctl

		
$ docker run --sysctl net.ipv4.ip_forward=1 someimage		
		
			
			
docker run -itd --restart=always --net=host \
--name=centos01 --hostname=centos01 \
--sysctl kernel.msgmnb=13107200 \
--sysctl kernel.msgmni=256 \
--sysctl kernel.msgmax=65536 \
--sysctl kernel.shmmax=69719476736 \
--sysctl kernel.sem='500 256000 250 1024' \
-v /mnt/ssd:/var/lib/www \
centos:latest /bin/bash

docker exec centos01 sysctl -a |grep -E \
'kernel.msgmnb|kernel.msgmni|kernel.msgmax|kernel.shmmax|kernel.sem'			
			
			

104.6.9.4. ulimits

查看 ulimit 设置

		
$ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
		
			
		
$ docker run -it --ulimit as=1024 fedora /bin/bash
$ docker run -d -u daemon --ulimit nproc=3 busybox top
		
			
		
docker run -d --ulimit nofile=20480:40960 nproc=1024:2048 nginx		
		
			

104.6.10. 查看容器内运行的进程

		
neo@MacBook-Pro-Neo ~ % docker ps
CONTAINER ID        IMAGE                                                 COMMAND                  CREATED             STATUS              PORTS                              NAMES
a6e33697e4bb        docker.elastic.co/elasticsearch/elasticsearch:7.9.2   "/tini -- /usr/local…"   2 minutes ago       Up 2 minutes        9200/tcp, 9300/tcp                 es02
598a6e61d4fc        docker.elastic.co/kibana/kibana:7.9.2                 "/usr/local/bin/dumb…"   2 minutes ago       Up 2 minutes        0.0.0.0:5601->5601/tcp             kibana
bc125a658981        docker.elastic.co/elasticsearch/elasticsearch:7.9.2   "/tini -- /usr/local…"   2 minutes ago       Up 2 minutes        9200/tcp, 9300/tcp                 es03
d027503bee4b        docker.elastic.co/elasticsearch/elasticsearch:7.9.2   "/tini -- /usr/local…"   2 minutes ago       Up 2 minutes        0.0.0.0:9200->9200/tcp, 9300/tcp   elasticsearch

neo@MacBook-Pro-Neo ~ % docker top 598a6e61d4fc
PID                 USER                TIME                COMMAND
3077                1000                0:00                /usr/local/bin/dumb-init -- /usr/local/bin/kibana-docker
3285                1000                1:58                /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/		
		
		

104.6.11. 更新容器资源配置

		
neo@MacBook-Pro-Neo ~ % docker update kibana --cpus 1
kibana		
		
		

104.6.12. 查看容器的退出状态

		
neo@MacBook-Pro-Neo ~ % docker wait a6e33697e4bb
0
		
		

104.6.13. 暂停与恢复容器

暂停容器运行

		
docker pause a6e33697e4bb		
		
		

恢复容器运行

		
docker unpause a6e33697e4bb
		
		

104.6.14. 对比容器的变化

查看容器启动后,修改了镜像中哪些问题

		
neo@MacBook-Pro-Neo ~ % docker diff a6e33697e4bb
C /tmp
A /tmp/elasticsearch-14495251404334864644
A /tmp/hsperfdata_elasticsearch
A /tmp/hsperfdata_elasticsearch/6
C /usr
C /usr/share
C /usr/share/elasticsearch
C /usr/share/elasticsearch/config
A /usr/share/elasticsearch/config/elasticsearch.keystore
A /usr/share/elasticsearch/.cache
A /usr/share/elasticsearch/.cache/JNA
A /usr/share/elasticsearch/.cache/JNA/temp
C /usr/share/elasticsearch/logs
A /usr/share/elasticsearch/logs/gc.log
A /usr/share/elasticsearch/logs/gc.log.00		
		
		

104.6.15. 查看容器状态

		
neo@MacBook-Pro-Neo ~ % docker stats
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
a6e33697e4bb        es02                0.68%               894.2MiB / 3.848GiB   22.69%              13.9MB / 6.95MB     98.9MB / 3.88MB     77
598a6e61d4fc        kibana              0.95%               462.8MiB / 3.848GiB   11.74%              718kB / 13MB        409MB / 4.1kB       12
bc125a658981        es03                2.67%               889.9MiB / 3.848GiB   22.58%              1.76MB / 5.79MB     48.5MB / 3.09MB     71
d027503bee4b        elasticsearch       2.75%               928.4MiB / 3.848GiB   23.56%              24MB / 14.7MB       139MB / 8.57MB      75		
		
		

104.6.16. 重启容器

--time, -t 10 停止容器之前需要等待的时间(秒)

		
$ docker restart [options] container [container...]		
		
		

104.6.17. DNS

host.docker.internal

gateway.docker.internal