docker常用命令總結

2023-03-02 06:00:57

1.1 docker 命令幫助

docker 命令是最常使用的docker 使用者端命令,其後面可以加不同的引數以實現不同的功能

docker 命令格式

docker [OPTIONS] COMMAND

COMMAND分為
Management Commands #指定管理的資源物件型別,較新的命令用法,將命令按資源型別進行分類,方便使用
Commands 			#對不同資源操作的命令不分類,使用容易產生混亂

docker 命令有很多子命令,可以用下面方法檢視幫助

#docker 命令幫助
man docker
docker
docker --help

#docker 子命令幫助
man docker-COMMAND
docker COMMAND --help

1.2 檢視 Docker 相關資訊

1.2.1 檢視 docker 版本

root@rocky8 ~]$ docker version
Client: Docker Engine - Community
 Version:           19.03.15
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        99e3ed8919
 Built:             Sat Jan 30 03:16:44 2021
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.15
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       99e3ed8919
  Built:            Sat Jan 30 03:15:19 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.15
  GitCommit:        5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

1.2.2 檢視 docker 詳解資訊

[root@ubuntu1804 ~]$ docker info
Client:
Debug Mode: false 	#client 端是否開啟 debug

Server:
 Containers: 2 		#當前主機執行的容器總數
  Running: 0 		#有幾個容器是正在執行的
  Paused: 0 		#有幾個容器是暫停的
  Stopped: 2 		#有幾個容器是停止的
 Images: 4 			#當前伺服器的映象數
 Server Version: 19.03.5 	#伺服器端版本
 Storage Driver: overlay2 	#正在使用的儲存引擎
  Backing Filesystem: extfs #後端檔案系統,即伺服器的磁碟檔案系統
  Supports d_type: true 	#是否支援 d_type
  Native Overlay Diff: true #是否支援差異資料儲存
 Logging Driver: json-file 	#紀錄檔型別
 Cgroup Driver: cgroupfs 	#Cgroups 型別
 Plugins: 					#外掛
  Volume: local 			#卷
  Network: bridge host ipvlan macvlan null overlay # overlay 跨主機通訊
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog 		 # 紀錄檔型別
 Swarm: inactive 				#是否支援 swarm
 Runtimes: runc 				#已安裝的容器執行時
 Default Runtime: runc 			#預設使用的容器執行時
 Init Binary: docker-init 		#初始化容器的守護行程,即 pid 為 1 的程序
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 #版本
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 #runc 版本
 init version: fec3683 			#init 版本
 Security Options: 				#安全選項
  apparmor 						#安全模組,https://docs.docker.com/engine/security/apparmor/
  seccomp 						#安全計算模組,即制容器操作,https://docs.docker.com/engine/security/seccomp/
   Profile: default 			#預設的組態檔
 Kernel Version: 4.15.0-29-generic #宿主機核心版本
 Operating System: Ubuntu 18.04.1 LTS #宿主機作業系統
 OSType: linux 						#宿主機作業系統型別
 Architecture: x86_64 				#宿主機架構
 CPUs: 1 							#宿主機 CPU 數量
 Total Memory: 962MiB 				#宿主機總記憶體
 Name: ubuntu1804.wang.org 			#宿主機 hostname
 ID: IZHJ:WPIN:BRMC:XQUI:VVVR:UVGK:NZBM:YQXT:JDWB:33RS:45V7:SQWJ #宿主機 ID
 Docker Root Dir: /var/lib/docker 	#宿主機關於docker資料的儲存目錄
 Debug Mode: false 					#server 端是否開啟 debug
 Registry: https://index.docker.io/v1/ #倉庫路徑
 Labels:
 Experimental: false 				#是否測試版
 Insecure Registries:
  127.0.0.0/8 : 					#非安全的映象倉庫
 Registry Mirrors:
  https://si7y70hh.mirror.aliyuncs.com/ #映象倉庫
 Live Restore Enabled: false #是否開啟活動重啟 (重啟docker-daemon 不關閉容器 )
 
WARNING: No swap limit support 	#系統警告資訊 (沒有開啟 swap 資源限制 )

範例: 解決上述SWAP報警提示

官方檔案: https://docs.docker.com/install/linux/linux-postinstall/

[root@ubuntu1804 ~]# vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_ release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 swapaccount=1" #修改此行
[root@ubuntu1804 ~]# update-grub
[root@ubuntu1804 ~]# reboot

1.3 映象管理命令

1.3.1 搜尋映象

官網: http://hub.docker.com

在官方的docker 倉庫中搜尋指定名稱的docker映象,也會有很多三方映象。

執行docker search命令進行搜尋

格式如下:

Usage: docker search [OPTIONS] TERM

Options:
  -f, --filter filter Filter output based on conditions provided
	--format string Pretty-print search using a Go template
	--limit int Max number of search results (default 25)
	--no-trunc Don't truncate output

說明:
OFFICIAL: 	官方
AUTOMATED: 	使用第三方docker服務來幫助編譯映象,可以在網際網路上面直接拉取到映象,減少了繁瑣的編譯過程

範例: 選擇性的查詢映象

#搜尋點贊100個以上的映象
root@rocky8 ~]$ docker search --filter=stars=100 centos
NAME                DESCRIPTION                                 STARS               OFFICIAL            AUTOMATED
centos              DEPRECATED; The official build of CentOS.   7461                [OK]

1.3.2 下載映象

從 docker 倉庫將映象下載到本地,命令格式如下:

docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Options:
  -a, --all-tags                  Download all tagged images in the repository
	  --disable-content-trust     Skip image verification (default true)
	  --platform                  string Set platform if server is multi-platform capable
  -q, --quiet                      Suppress verbose output
  
NAME: 是映象名,一般的形式 倉庫伺服器:埠/專案名稱/映象名稱
:TAG: 即版本號,如果不指定:TAG,則下載最新版映象

映象下載儲存的路徑: /var/lib/docker/overlay2/映象ID

注意: 映象下載完成後,會自動解壓縮,比官網顯示的可能會大很多

docker pull rockylinux:9-minimal
docker pull ubuntu:focal-20221130

1.3.3 檢視本地映象

docker images 可以檢視下載至原生的映象

格式:

docker images [OPTIONS] [REPOSITORY[:TAG]]
docker image ls [OPTIONS] [REPOSITORY[:TAG]]

#常用選項:
-q, --quiet 	 Only show numeric IDs
-a, --all        Show all images (default hides intermediate images)
	--digests 	 Show digests
	--no-trunc 	 Don't truncate output
-f, --filter 	 filter Filter output based on conditions provided
	--format 	 string Pretty-print images using a Go template

執行結果的顯示資訊說明:

REPOSITORY 		#映象所屬的倉庫名稱
TAG 			#映象版本號(識別符號),預設為latest
IMAGE ID 		#映象唯一ID標識,如果ID相同,說明是同一個映象有多個名稱
CREATED 		#映象在倉庫中被建立時間
SIZE 			#映象的大小

Repository倉庫

  • 由某特定的docker映象的所有迭代版本組成的映象倉庫
  • 一個Registry中可以存在多個Repository
  • Repository可分為「頂層倉庫」和「使用者倉庫」
  • Repository使用者倉庫名稱一般格式為「使用者名稱/倉庫名」
  • 每個Repository倉庫可以包含多個Tag(標籤),每個標籤對應一個映象

1.3.4 映象匯出

利用docker save命令可以將從本地映象匯出為一個打包 tar檔案,然後複製到其他伺服器進行匯入使用

格式:

docker save [OPTIONS] IMAGE [IMAGE...]

Options:
  -o, --output string   Write to a file, instead of STDOUT

#說明:
Docker save 使用IMAGE ID匯出,在匯入後的映象沒有REPOSITORY和TAG,顯示為<none>

常見用法:

docker save -o /path/file.tar IMAGE1 IMAGE2 ...
docker save IMAGE1 IMAGE2 ... > /path/file.tar

範例: 匯出指定映象

[root@rocky8 ~]$ docker save alpine:latest -o alpine.tar
[root@rocky8 ~]$ scp alpine.tar 10.0.0.100:

範例: 匯出所有映象至不同的檔案中

[root@rocky8 ~]$ docker images | awk 'NR!=1{print $1,$2}'|while read repo tag;do docker save $repo:$tag -o /opt/$repo-$tag.tar;done

[root@rocky8 ~]$ ll /opt/*.tar
-rw------- 1 root root   7347200 Jan 13 20:04 /opt/alpine-latest.tar
-rw------- 1 root root     24064 Jan 13 20:04 /opt/hello-world-latest.tar
-rw------- 1 root root 145905152 Jan 13 20:04 /opt/nginx-latest.tar
-rw------- 1 root root 121435136 Jan 13 20:04 /opt/rockylinux-9-minimal.tar
-rw------- 1 root root  75167744 Jan 13 20:04 /opt/ubuntu-focal-20221130.tar

範例:匯出所有映象到一個打包檔案

#方法1: 使用image ID匯出映象,在匯入後的映象沒有REPOSITORY和TAG,顯示為<none>
docker save `docker images -qa` -o /opt/all.tar

#方法2:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar

#方法3:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar

1.3.5 映象匯入

利用docker load命令可以將映象匯出的打包或壓縮檔案再匯入

格式:

docker load [OPTIONS]

#選項
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output

常見用法:

docker load -i /path/file.tar
docker load < /path/file.tar

範例: 映象匯入

[root@ubuntu2004 ~]$ docker load -i alpine.tar 
8e012198eea1: Loading layer  7.338MB/7.338MB
Loaded image: alpine:latest
[root@ubuntu2004 ~]$ docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
alpine       latest    042a816809aa   3 days ago   7.05MB

面試題: 將一臺主機的所有映象傳到另一臺主機

#方法1:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images 
REPOSITORY    TAG              IMAGE ID       CREATED         SIZE
alpine        latest           042a816809aa   3 days ago      7.05MB
rockylinux    9-minimal        c50e7a3e6f7f   3 weeks ago     118MB
ubuntu        focal-20221130   d5447fc01ae6   5 weeks ago     72.8MB
nginx         latest           605c77e624dd   12 months ago   141MB
hello-world   latest           feb5d9fea6a5   15 months ago   13.3kB

#方法2:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images 
REPOSITORY    TAG              IMAGE ID       CREATED         SIZE
alpine        latest           042a816809aa   3 days ago      7.05MB
rockylinux    9-minimal        c50e7a3e6f7f   3 weeks ago     118MB
ubuntu        focal-20221130   d5447fc01ae6   5 weeks ago     72.8MB
nginx         latest           605c77e624dd   12 months ago   141MB
hello-world   latest           feb5d9fea6a5   15 months ago   13.3kB

1.3.6 刪除映象

docker rmi 命令可以刪除本地映象

格式

docker rmi [OPTIONS] IMAGE [IMAGE...]
docker image rm [OPTIONS] IMAGE [IMAGE...]

#選項:
-f, --force Force removal of the image
	--no-prune Do not delete untagged parents

範例:

[root@ubuntu2004 ~]$ docker images 
REPOSITORY    TAG              IMAGE ID       CREATED         SIZE
alpine        latest           042a816809aa   3 days ago      7.05MB
rockylinux    9-minimal        c50e7a3e6f7f   3 weeks ago     118MB
ubuntu        focal-20221130   d5447fc01ae6   5 weeks ago     72.8MB
nginx         latest           605c77e624dd   12 months ago   141MB
hello-world   latest           feb5d9fea6a5   15 months ago   13.3kB

#刪除映象
[root@ubuntu2004 ~]$ docker rmi ubuntu:focal-20221130 
Untagged: ubuntu:focal-20221130
Deleted: sha256:d5447fc01ae62c20beffbfa50bc51b2797f9d7ebae031b8c2245b5be8ff1c75b
Deleted: sha256:0002c93bdb3704dd9e36ce5153ef637f84de253015f3ee330468dccdeacad60b

[root@ubuntu2004 ~]$ docker images 
REPOSITORY    TAG         IMAGE ID       CREATED         SIZE
alpine        latest      042a816809aa   3 days ago      7.05MB
rockylinux    9-minimal   c50e7a3e6f7f   3 weeks ago     118MB
nginx         latest      605c77e624dd   12 months ago   141MB
hello-world   latest      feb5d9fea6a5   15 months ago   13.3kB

強制刪除正在使用的映象,也會刪除對應的容器

範例: 刪除所有映象

[root@ubuntu2004 ~]$ docker rmi $(docker images -q)

1.3.7 映象打標籤

docker tag 可以給映象打標籤,類似於起別名,但通常要遵守一定的命名規範,才可以上傳到指定的倉庫

格式

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

#TARGET_IMAGE[:TAG]格式一般形式
倉庫主機FQDN或IP[:埠]/專案名(或使用者名稱)/image名字:版本

TAG預設為latest

範例

[root@rocky8 ~]$ docker tag rockylinux:9-minimal harbor.yanlinux.org:80/k8s/rockylinux:9
[root@rocky8 ~]$ docker images 
REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
alpine                                  latest              042a816809aa        3 days ago          7.05MB
harbor.yanlinux.org:80/k8s/rockylinux   9                   c50e7a3e6f7f        3 weeks ago         118MB
rockylinux                              9-minimal           c50e7a3e6f7f        3 weeks ago         118MB
ubuntu                                  focal-20221130      d5447fc01ae6        5 weeks ago         72.8MB
nginx                                   latest              605c77e624dd        12 months ago       141MB
hello-world                             latest              feb5d9fea6a5        15 months ago       13.3kB

#然後就可以將映象傳到倉庫中
[root@rocky8 ~]$ docker push harbor.yanlinux.org:80/k8s/rockylinux:9

總結: 企業使用映象及常見操作: 搜尋、下載、匯出、匯入、刪除

命令總結:

docker search centos           #搜尋映象
docker pull alpine			   #拉取映象
docker images                  #檢視本地所有映象
docker save > /opt/centos.tar  #匯出映象
docker load -i /opt/centos.tar #匯入本地映象
docker rmi 映象ID/映象名稱       #刪除指定ID的映象,此映象對應容器正啟動映象不能被刪除,除非將容器全部關閉

1.4 容器操作基礎命令

容器相關命令

[root@rocky8 ~]$ docker container 

Usage:	docker container COMMAND

Manage containers

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  inspect     Display detailed information on one or more containers
  kill        Kill one or more running containers
  logs        Fetch the logs of a container
  ls          List containers
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  run         Run a command in a new container
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes

1.4.1 啟動容器

docker run 可以啟動容器,進入到容器,並隨機生成容器ID和名稱。docker run等價於docker pull + docker start

幫助: man docker run

命令格式:

docker run [選項] [映象名] [shell命令] [引數]

#選項:
-i, --interactive 		Keep STDIN open even if not attached,通常和-t一起使用
-t, --tty 				分配pseudo-TTY,通常和-i一起使用,注意對應的容器必須執行shell才支援進入
-d, --detach 			Run container in background and print container ID,臺後執行,預設前臺
--name string 			Assign a name to the container
--h, --hostname string 	Container host name
--rm 					Automatically remove the container when it exits
-p, --publish list 		Publish a container's port(s) to the host
-P, --publish-all 		Publish all exposed ports to random ports
--dns list 				Set custom DNS servers
--entrypoint string 	Overwrite the default ENTRYPOINT of the image
--restart policy
--privileged 			Give extended privileges to container
-e, --env=[] 			Set environment variables
--env-file=[] 			Read in a line delimited file of environment variables

--restart 可以指定四種不同的policy

POLICY 說明
no 預設no,容器退出後不自動重啟
on-failure[:max-retries] 僅當容器以非零退出狀態退出時,才重新啟動。(可選)限制 Docker 守護程式嘗試的重新啟動重試次數。
always 無論退出狀態如何,始終重新啟動容器。如果指定始終,Docker 守護程式將無限期地嘗試重新啟動容器。容器也將始終在守護程式啟動時啟動,無論容器的當前狀態如何。利用此選項可以實現自動啟動容器
unless-stopped 無論退出狀態如何,始終重新啟動容器,但如果容器之前已進入停止狀態,則不要在守護程式啟動時啟動它。

注意: 容器啟動後,如果容器內沒有前臺執行的程序,將自動退出停止

從容器內退出,並停止容器:

exit

從容器內退出,且容器不停止:

ctrl+p+q

範例:啟動後臺守護並指定執行容器的名字

[root@rocky8 ~]$ docker run -d --name web01 nginx
[root@rocky8 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
b0b9221c09a9        nginx               "/docker-entrypoint.…"   5 seconds ago       Up 5 seconds        80/tcp              web01

範例: 一次性執行容器中命令

[root@rocky8 ~]$ docker run alpine cat /etc/issue
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)

[root@rocky8 ~]$ docker run alpine du -sh /
7.0M	/

範例: 執行互動式容器並退出

退出兩種方式:

  • exit 容器也停止
  • 按ctrl+p+q 容器不停止
[root@rocky8 ~]$ docker run -it alpine sh
/ # ls
bin    etc    lib    mnt    proc   run    srv    tmp    var
dev    home   media  opt    root   sbin   sys    usr
/ # cat /etc/issue 
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)

#檢視容器是在執行
[root@rocky8 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
bad7e7c5ef39        alpine              "sh"                     7 seconds ago       Up 7 seconds                            angry_knuth

#現在在容器中執行退出
/ # exit

#檢視容器是否執行
[root@rocky8 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES

##另外一種退出容器的方法
##ctrl+p+q
/ # [22:13:43 root@rocky8 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
2bae444f9796        alpine              "sh"                     51 seconds ago      Up 51 seconds                           nifty_davinci
#這種情況相當於臨時從容器中出來,還可以利用以下命令進入進去
[root@rocky8 ~]$ docker exec -it 2bae444f9796 sh
/ # 

1.4.2 檢視容器資訊

1.4.2.1 顯示當前存在容器

格式:

docker ps [OPTIONS]
docker container ls [OPTIONS]

選項:
-a, --all 				Show all containers (default shows just running)
-q, --quiet 			Only display numeric IDs
-s, --size 				Display total file sizes
-f, --filter filter 	Filter output based on conditions provided
-l, --latest 			Show the latest created container (includes all states)
-n, --last int 			Show n last created containers (includes all states)(default -1)

範例:

#顯示正在執行的容器
[root@rocky8 ~]$ docker ps
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS              PORTS                            NAMES
d5bc9651615e        nginx                          "/docker-entrypoint.…"   3 minutes ago       Up 3 minutes        80/tcp                           web02
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   8 minutes ago       Up 8 minutes        80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie

#顯示全部容器,包括退出狀態的容器
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                     PORTS                            NAMES
d5bc9651615e        nginx                          "/docker-entrypoint.…"   3 minutes ago       Up 3 minutes               80/tcp                           web02
69cb07c29477        nginx                          "/docker-entrypoint.…"   4 minutes ago       Exited (0) 4 minutes ago                                    web01
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   9 minutes ago       Up 9 minutes               80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie

#只顯示容器ID
[root@rocky8 ~]$ docker ps -aq
d5bc9651615e
69cb07c29477
3d9a0cbfa238

#顯示容器大小
[root@rocky8 ~]$ docker ps -s
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS              PORTS                            NAMES               SIZE
d5bc9651615e        nginx                          "/docker-entrypoint.…"   5 minutes ago       Up 5 minutes        80/tcp                           web02               1.09kB (virtual 141MB)
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   10 minutes ago      Up 10 minutes       80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie      2B (virtual 1GB)

#顯示最新建立的容器
root@rocky8 ~]$ docker ps -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
d5bc9651615e        nginx               "/docker-entrypoint.…"   5 minutes ago       Up 5 minutes        80/tcp              web02

範例:顯示指定狀態的容器

[root@rocky8 ~]$ docker ps -f "status=exited"
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
69cb07c29477        nginx               "/docker-entrypoint.…"   9 minutes ago       Exited (0) 9 minutes ago                       web01
1.4.2.2 檢視容器內的程序
docker top CONTAINER [ps OPTIONS]

範例:

root@rocky8 ~]$ docker top web02 
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                2483                2468                0                   12:42               ?                   00:00:00            nginx: master process nginx -g daemon off;
101                 2534                2483                0                   12:42               ?                   00:00:00            nginx: worker process
101                 2535                2483                0                   12:42               ?                   00:00:00            nginx: worker process
1.4.2.3 檢視容器資源使用情況
docker stats [OPTIONS] [CONTAINER...]

Display a live stream of container(s) resource usage statistics

Options:
-a, --all 			Show all containers (default shows just running)
	--format 		string Pretty-print images using a Go template
	--no-stream 	Disable streaming stats and only pull the first result
	--no-trunc 		Do not truncate output

範例:

root@rocky8 ~]$ docker stats web02 

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
d5bc9651615e        web02               0.00%               3.434MiB / 1.748GiB   0.19%               1.01kB / 0B         410kB / 25.6kB      3

範例:限制記憶體使用大小

[root@ubuntu1804 ~]#docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx128m" elasticsearch:7.6.2
[root@ubuntu1804 ~]#docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK PIDS
29282e91d773 elasti254.23310.5MiB / 1.924GiB 15.76% 766B / 0B 766kB /46kB 22
1.4.2.4 檢視容器的詳細資訊

docker inspect 可以檢視docker各種物件的詳細資訊,包括:映象,容器,網路等

docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Options:
-f, --format string 	Format the output using the given Go template
-s, --size 				Display total file sizes if the type is container

範例:

root@rocky8 ~]$ docker inspect web02 
[
    {
        "Id": "d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6",
        "Created": "2023-01-16T04:42:40.652945855Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 2483,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2023-01-16T04:42:40.939507921Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
        "ResolvConfPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hostname",
        "HostsPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hosts",
        "LogPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6-json.log",
        "Name": "/web02",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Capabilities": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a-init/diff:/var/lib/docker/overlay2/ac2a6764ef29d802f6d57c03311285e004854c1125392c571a54a0e51e7aa770/diff:/var/lib/docker/overlay2/00498af85ccf1634977fabaa1e8bc0347de69aa93c9a498932291ef6cc66ad2d/diff:/var/lib/docker/overlay2/e85525a30c0dc487cfe1bfed9931cc85994a3655f1194d5e357c9f52a29eb0c7/diff:/var/lib/docker/overlay2/616978347c6243ee5a035fb5dcd055a5bb72052fbc54e7da735babeef558d2aa/diff:/var/lib/docker/overlay2/6c5ffca8e721e566c9f03345b9bedc31db36328a5ec6a78c828d0b2ca4b21d89/diff:/var/lib/docker/overlay2/1dde0f444f04a43847d956a6cea24ce25fcc74c784086fe0f51ed17bb75e9ae8/diff",
                "MergedDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/merged",
                "UpperDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/diff",
                "WorkDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "d5bc9651615e",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.5",
                "NJS_VERSION=0.7.1",
                "PKG_RELEASE=1~bullseye"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <[email protected]>"
            },
            "StopSignal": "SIGQUIT"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "83b75e77e1d7de17af47765c03f4c9e3aba0f93a615542e9e385fd97f29f961c",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/83b75e77e1d7",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "745daa224c76c2091d6852549ffaaa346bae3a7a2128186e5bbf40cbddf416a3",
                    "EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

範例:選擇性檢視

root@rocky8 ~]$ docker inspect -f "{{.State.Status}}" web02 
running

root@rocky8 ~]$ docker inspect --format="{{.State.Status}}" web02
running

1.4.3 刪除容器

docker rm 可以刪除容器,即使容器正在執行當中,也可以被強制刪除掉

格式

docker rm [OPTIONS] CONTAINER [CONTAINER...]
docker container rm [OPTIONS] CONTAINER [CONTAINER...]

#選項:
-f, --force 	Force the removal of a running container (uses SIGKILL)
-v, --volumes 	Remove the volumes associated with the container

#刪除停止的容器
docker container prune [OPTIONS]
Options:
	--filter filter Provide filter values (e.g. 'until=<timestamp>')
  -f, --force Do not prompt for confirmation

範例:

root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                      PORTS                            NAMES
ceb134349daf        alpine                         "/bin/sh"                50 seconds ago      Exited (0) 50 seconds ago                                    sharp_swanson
d5bc9651615e        nginx                          "/docker-entrypoint.…"   25 minutes ago      Up 25 minutes               80/tcp                           web02
69cb07c29477        nginx                          "/docker-entrypoint.…"   25 minutes ago      Exited (0) 25 minutes ago                                    web01
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   30 minutes ago      Up 30 minutes               80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie

#刪除web01容器
root@rocky8 ~]$ docker rm web01 
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                          COMMAND                  CREATED              STATUS                          PORTS                            NAMES
ceb134349daf        alpine                         "/bin/sh"                About a minute ago   Exited (0) About a minute ago                                    sharp_swanson
d5bc9651615e        nginx                          "/docker-entrypoint.…"   25 minutes ago       Up 25 minutes                   80/tcp                           web02
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   31 minutes ago       Up 31 minutes                   80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie

範例: 刪除指定狀態的容器

[root@rocky8 ~]$ docker rm $(docker ps -qf status=exited)
ceb134349daf
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS              PORTS                            NAMES
d5bc9651615e        nginx                          "/docker-entrypoint.…"   27 minutes ago      Up 27 minutes       80/tcp                           web02
3d9a0cbfa238        docs/docker.github.io:latest   "/docker-entrypoint.…"   32 minutes ago      Up 32 minutes       80/tcp, 0.0.0.0:4000->4000/tcp   hardcore_curie

1.4.4 容器的啟動和停止

格式

docker start|stop|restart|pause|unpause 容器ID

批次正常啟動或關閉所有容器

docker start $(docker ps -a -q)
docker stop $(docker ps -a -q)

範例

[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
e4af980c1bff        nginx               "/docker-entrypoint.…"   About a minute ago   Up About a minute   80/tcp              web01

#停止容器
[root@rocky8 ~]$ docker stop web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
e4af980c1bff        nginx               "/docker-entrypoint.…"   2 minutes ago       Exited (0) 4 seconds ago                       web01

#啟動nginx容器
[root@rocky8 ~]$ docker start web01 
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
e4af980c1bff        nginx               "/docker-entrypoint.…"   3 minutes ago       Up 2 seconds        80/tcp              web01

#重啟nginx容器
[root@rocky8 ~]$ docker restart web01 

[10:05:45 root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
e4af980c1bff        nginx               "/docker-entrypoint.…"   4 minutes ago       Up 4 seconds        80/tcp              web01

範例: 啟動並進入容器

root@rocky8 ~]$ docker run --name=rocky -it rockylinux:9-minimal bash
bash-5.1# ls
afs  dev  home	lib64	    media  opt	 root  sbin  sys  usr
bin  etc  lib	lost+found  mnt    proc  run   srv   tmp  var
bash-5.1# cat /etc/os-release 
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
bash-5.1# exit
exit

#啟動並進入rocky容器
[root@rocky8 ~]$ docker start -i rocky 
bash-5.1# cat etc/issue
\S
Kernel \r on an \m

bash-5.1#

範例: 暫停和恢復容器

#暫停web01容器
[root@rocky8 ~]$ docker pause web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                     PORTS               NAMES
03357d030c20        rockylinux:9-minimal   "bash"                   6 minutes ago       Exited (0) 2 minutes ago                       rocky
e4af980c1bff        nginx                  "/docker-entrypoint.…"   11 minutes ago      Up 7 minutes (Paused)      80/tcp              web01 #狀態中加上了paused標誌

#恢復容器
[root@rocky8 ~]$ docker unpause web01 
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                     PORTS               NAMES
03357d030c20        rockylinux:9-minimal   "bash"                   7 minutes ago       Exited (0) 3 minutes ago                       rocky
e4af980c1bff        nginx                  "/docker-entrypoint.…"   12 minutes ago      Up 8 minutes               80/tcp              web01

1.4.5 給正在執行的容器發訊號

docker kill 可以給容器發訊號,預設號SIGKILL,即9訊號

格式

docker kill [OPTIONS] CONTAINER [CONTAINER...]

#選項:
-s, --signal string   Signal to send to the container (default "KILL")

範例:

[root@rocky8 ~]$ docker kill web01 
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                      PORTS               NAMES
03357d030c20        rockylinux:9-minimal   "bash"                   9 minutes ago       Exited (0) 6 minutes ago                        rocky
e4af980c1bff        nginx                  "/docker-entrypoint.…"   15 minutes ago      Exited (137) 1 second ago                       web01

1.4.6 進入正在執行的容器

1.4.6.1 使用attach命令

docker attach 容器名attach 類似於vnc,操作會在同一個容器的多個對談介面同步顯示,所有使用此方式進入容器的操作都是同步顯示的,且使用exit退出後容器自動關閉,不推薦使用,需要進入到有shell環境的容器

格式:

docker attach [OPTIONS] CONTAINER
1.4.6.2 使用exec命令

在執行中的容器啟動新程序,可以執行單次命令,以及進入容器

測試環境使用此方式,使用exit退出,但容器還在執行,此為推薦方式

格式:

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

常用選項:
-d, --detach 		Detached mode: run command in the background
-e, --env list 		Set environment variables
-i, --interactive 	Keep STDIN open even if not attached
-t, --tty 			Allocate a pseudo-TTY

#常見用法
docker exec -it 容器ID sh|bash

範例:

#執行一次性命令
[root@rocky8 ~]$ docker exec rocky cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)

#進入容器,執行命令,exit退出容器不停止
[root@rocky8 ~]$ docker exec -it rocky bash
bash-5.1# cat /etc/redhat-release 
Rocky Linux release 9.1 (Blue Onyx)

1.4.7 暴露所有容器埠

容器啟動後,預設處於預定義的NAT網路中,所以外部網路的主機無法直接存取容器中網路服務

docker run -P 可以將事先容器預定義的所有埠對映宿主機的網路卡的隨機埠,預設從32768開始

使用隨機埠 時,當停止容器後再啟動可能會導致埠發生變化

-P , --publish-all= true | false預設為false

#範例:
docker run -P docker.io/nginx #對映容器所有暴露埠至隨機本地埠

範例

[root@rocky8 ~]$ docker run -d  --name web01 -P nginx
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
46b790b7393a        nginx               "/docker-entrypoint.…"   4 seconds ago       Up 4 seconds        0.0.0.0:32768->80/tcp   web01

docker port 可以檢視容器的埠對映關係

格式

docker port CONTAINER [PRIVATE_PORT[/PROTO]]

範例

[root@rocky8 ~]$ docker port web01 
80/tcp -> 0.0.0.0:32768

埠對映的本質就是利用NAT技術實現的

1.4.8 指定埠對映

docker run -p 可以將容器的預定義的指定埠對映到宿主機的相應埠

注意: 多個容器對映到宿主機的埠不能衝突,但容器內使用的埠可以相同

方式1: 容器80埠對映宿主機本地隨機埠

docker run -p 80 --name nginx-test-port1 nginx

方式2: 容器80埠對映到宿主機本地埠81

docker run -p 81:80 --name nginx-test-port2 nginx

方式3: 宿主機本地IP:宿主機本地埠:容器埠

docker run -p 10.0.0.100:82:80 --name nginx-test-port3 docker.io/nginx

方式4: 宿主機本地IP:宿主機本地隨機埠:容器埠,預設從32768開始

docker run -p 10.0.0.100::80 --name nginx-test-port4 docker.io/nginx

方式5: 宿主機本機ip:宿主機本地埠:容器埠/協定,預設為tcp協定

docker run -p 10.0.0.100:83:80/udp --name nginx-test-port5 docker.io/nginx

方式6: 一次性對映多個埠+協定

docker run -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port6 nginx

範例:

[root@rocky8 ~]$ docker run  -d -p 8080:80 --name web02 nginx
846ca3aa883687906cbc14884d2fc2c89d47884a1f3236c3f73bab628f18a121
[root@rocky8 ~]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
846ca3aa8836        nginx               "/docker-entrypoint.…"   5 seconds ago       Up 4 seconds        0.0.0.0:8080->80/tcp    web02
46b790b7393a        nginx               "/docker-entrypoint.…"   20 minutes ago      Up 20 minutes       0.0.0.0:32768->80/tcp   web01

[root@rocky8 ~]$ ss -ntl
State      Recv-Q     Send-Q           Local Address:Port            Peer Address:Port     Process     
LISTEN     0          128                    0.0.0.0:22                   0.0.0.0:*                    
LISTEN     0          128                       [::]:22                      [::]:*                    
LISTEN     0          128                          *:32768                      *:*                    
LISTEN     0          128                          *:8080                       *:*

實戰案例: 修改已經建立的容器的埠對映關係

[root@ubuntu1804 ~]#docker run -d -p 80:80 --name nginx01 nginx
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:80
[root@ubuntu1804 ~]#lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 2364 root 4u IPv6 35929 0t0 TCP *:http (LISTEN)
[root@ubuntu1804 ~]#ls
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/
checkpoints
hostconfig.json 	mounts
config.v2.json
hostname 			resolv.conf
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24-json.log hosts
	resolv.conf.hash
[root@ubuntu1804 ~]#systemctl stop docker
[root@ubuntu1804 ~]#vim
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/hostconfig.json
"PortBindings":{"80/tcp":[{"HostIp":"","HostPort":"80"}]}
#PortBindings後80/tcp對應的是容器內部的80埠,HostPort對應的是對映到宿主機的埠80 修改此處為8000

[root@ubuntu1804 ~]#systemctl start docker
[root@ubuntu1804 ~]#docker start nginx01
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:8000

範例:實現wordpress應用

#部署mysql
[root@rocky8 ~]$ docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=123456  --name mysql mysql:8.0.31-oracle

#下載wordpress
[root@rocky8 ~]$ docker run -d -p 80:80 --name wordpress wordpress:php7.4-apache

1.4.9 檢視容器的紀錄檔

docker logs 可以檢視容器中執行的程序在控制檯輸出的紀錄檔資訊

格式

docker logs [OPTIONS] CONTAINER

選項:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
--tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)

範例:

[root@rocky8 ~]$ docker logs wordpress 
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 17 04:10:22.767095 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
......

1.4.10 傳遞執行命令

容器需要有一個前臺執行的程序才能保持容器的執行,通過傳遞執行引數是一種方式,另外也可以在構
建映象的時候指定容器啟動時執行的前臺命令

容器裡的PID為1的守護行程的實現方式

  • 服務類: 如: Nginx,Tomcat,Apache ,但服務不能停
  • 命令類: 如: tail -f /etc/hosts ,主要用於測試環境,注意: 不要tail -f <服務存取紀錄檔> 會產生不必要的磁碟IO

範例:

[root@rocky8 ~]$ docker run --name rocky rockylinux:9-minimal cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"

1.4.11 容器內和宿主機之間複製檔案

docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Options:
  -a, --archive 		Archive mode (copy all uid/gid information)
  -L, --follow-link 	Always follow symbol link in SRC_PATH

範例:

[root@rocky8 ~]$ docker run -itd --rm alpine

#將宿主機檔案複製到容器中
[root@rocky8 ~]$ docker cp /etc/hosts 2b91caf6ba44:/
[root@rocky8 ~]$ docker exec -it 2b91caf6ba44 sh
/ # cat hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

#將容器內的檔案複製到宿主機
[root@rocky8 ~]$ docker cp 2b91caf6ba44:/bin/busybox /usr/local/bin/
[root@rocky8 ~]$ ls /usr/local/bin/
busybox

1.5 Docker映象製作和管理命令

Docker的映象製作分為手動製作(基於容器)和自動製作(基於DockerFile),企業通常都是基於Dockerfile製作映象

docker commit #通過修改現有容器,將之手動構建為映象
docker build  #通過Dockerfile檔案,批次構建為映象

1.5.1 docker commit 手動構建映象

1.5.1.1 基於容器手動製作映象步驟

docker commit 格式

docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
#選項
-a, --author 	string Author (e.g., "John Hannibal Smith <[email protected]>")
-c, --change 	list Apply Dockerfile instruction to the created image
-m, --message 	string Commit message
-p, --pause 	Pause container during commit (default true)

#說明:
製作映象和CONTAINER狀態無關,停止狀態也可以製作映象
如果沒有指定[REPOSITORY[:TAG]],REPOSITORY和TAG都為<none>
提交的時候標記TAG號: 生產當中常用,後期可以根據TAG標記建立不同版本的映象以及建立不同版本的容器

基於容器手動製作映象步驟具體如下:

  • 下載一個系統的官方基礎映象,如: CentOS 或 Ubuntu
  • 基於基礎映象啟動一個容器,並進入到容器
  • 在容器裡面做設定操作
    • 安裝基礎命令
    • 設定執行環境
    • 安裝服務和設定服務
    • 放業務程式程式碼
  • 提交為一個新映象 docker commit
  • 基於自己的映象建立容器並測試存取
1.5.1.2 實戰案例: 基於 rocky8.5 製作 自我需求的rocky 映象
#執行容器
[root@rocky8 ~]$ docker run  -it  rockylinux:9-minimal sh

#安裝基礎包
[root@c85d96e2158a ~]# yum -y install bash-completion psmisc tree vim lsof iproute git net-tools

#建立組和使用者
[root@c85d96e2158a ~]# groupadd -g 88 www
[root@c85d96e2158a ~]# useradd -g www -u 88 -r -s /sbin/nologin -M -d /home/www www
[root@c85d96e2158a ~]# id www
uid=88(www) gid=88(www) groups=88(www)

#清楚yum快取,減少製作的映象的大小
[root@rocky8 ~]$ docker commit rocky9 rockylinux:v8.5-2023-01-17
sha256:1af952b962d9501a4249c69132baa733e384933c6db76d0794a40998c38af588
[root@rocky8 ~]$ docker images 
REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
rockylinux                            v8.5-2023-01-17     1af952b962d9        3 seconds ago       327MB

1.5.2 利用 DockerFile 檔案執行 docker build 自動構建映象

1.5.2.1 Dockerfile 檔案格式

Dockerfile 是一個有特定語法格式的文字檔案

dockerfile 官方說明: https://docs.docker.com/engine/reference/builder/

幫助: man 5 dockerfile

Dockerfile 檔案說明

  • 每一行以Dockerfile的指令開頭,指令不區分大小寫,但是慣例使用大寫
  • 使用 # 開始作為註釋
  • 一行只支援一條指令,每條指令可以攜帶多個引數
  • 指令按檔案的順序從上至下進行執行
  • 每個指令的執行會生成一個新的映象層,為了減少分層和映象大小,儘可能將多條指令合併成一條指令
  • 製作映象一般可能需要反覆多次,每次執行dockfile都按順序執行,從頭開始,已經執行過的指令已經快取,不需要再執行,如果後續有一行新的指令沒執行過,其往後的指令將會重新執行,所以為加速映象製作,將最常變化的內容放下dockerfile的檔案的後面
1.5.2.2 Dockerfile 相關指令

dockerfile 檔案中的常見指令:

ADD
COPY
ENV
EXPOSE
FROM
LABEL
STOPSIGNAL
USER
VOLUME
WORKDIR