docker学习(一)docker 概述
docker学习(二)docker 安装部署
docker学习(三)常用命令
docker学习(四)使用 commit 制作镜像
docker学习(五)使用 Dockerfile 制作镜像
docker学习(六)卷 Volume
docker学习(七)docker daemon
docker学习(八)HTTP/HTTPS 代理
docker学习(九)docker 调试
docker学习(十)docker 持久化存储
1.Docker 日志
常用操作系统中Docker守护进程日志的位置:
RHEL、Oracle Linux:/var/log/messages。
Debian:/var/log/daemon.log。
Ubuntu 14.10:/var/log/upstart/docker.log。
macOS(Docker 18.01及以上版本):~/Library/Containers/com.docker.docker/Data/vms/0/console-ring。
macOS(Docker <18.01):~/Library/Containers/com.docker.docker/Data/com.docker. driver.amd64-linux/console-ring。
Windows:AppData\Local。
使用systemctl的linux系统查看Docker守护进程日志:
[test@localhost ~]$ sudo journalctl -u docker.service
-- Logs begin at 一 2023-07-03 08:34:45 CST, end at 一 2023-07-03 11:00:31 CST. --
7月 03 08:35:18 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
7月 03 08:35:18 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:18.831377513+08:00" level=info msg="Starting up"
7月 03 08:35:18 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:18.832222414+08:00" level=warning msg="Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone
7月 03 08:35:18 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:18.832280598+08:00" level=warning msg="Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe o
7月 03 08:35:19 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:19.833136704+08:00" level=warning msg="Binding to an IP address without --tlsverify is deprecated. Startup is intentionally being slowed down t
7月 03 08:35:19 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:19.833263451+08:00" level=warning msg="Please consider generating tls certificates with client validation to prevent exposing unauthenticated r
7月 03 08:35:19 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:19.833300931+08:00" level=warning msg="You can override this by explicitly specifying '--tls=false' or '--tlsverify=false'" host="tcp://0.0.0.0
7月 03 08:35:19 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:19.833325135+08:00" level=warning msg="Support for listening on TCP without authentication or explicit intent to run without authentication wil
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.843915112+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.843991859+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.844051220+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock <nil> 0 <nil>}] <nil> <
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.844084253+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.849359605+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.849409736+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.849452356+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock <nil> 0 <nil>}] <nil> <
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.849476301+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
7月 03 08:35:34 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:34.883485121+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
7月 03 08:35:35 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:35.003155926+08:00" level=info msg="Loading containers: start."
7月 03 08:35:35 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:35.217361543+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to s
7月 03 08:35:35 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:35.284347936+08:00" level=info msg="Loading containers: done."
7月 03 08:35:35 localhost.localdomain dockerd[3779]: time="2023-07-03T08:35:35.383056576+08:00" level=info msg="Docker daemon" commit=eeddea2 graphdriver(s)=overlay2 version=20.10.0
......
使用sudo tailf /var/log/messages也可以查看日志。
2.Docker 调试模式
方法一:在daemon.json文件中将debug键值设置为true。
[test@localhost ~]# sudo vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://nxwgbmaq.mirror.aliyuncs.com"],
"debug":true
}
方式二:直接停止Docker守护进程,并使用-D 调试选项手动重新启动
[test@localhost ~]$ sudo systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[test@localhost ~]$ sudo dockerd -D
INFO[2023-07-03T11:08:37.281255069+08:00] Starting up
WARN[2023-07-03T11:08:37.281696387+08:00] Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network. host="tcp://0.0.0.0:5678"
WARN[2023-07-03T11:08:37.281728844+08:00] Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there! host="tcp://0.0.0.0:5678"
WARN[2023-07-03T11:08:38.284159553+08:00] Binding to an IP address without --tlsverify is deprecated. Startup is intentionally being slowed down to show this message host="tcp://0.0.0.0:5678"
WARN[2023-07-03T11:08:38.284202173+08:00] Please consider generating tls certificates with client validation to prevent exposing unauthenticated root access to your network host="tcp://0.0.0.0:5678"
WARN[2023-07-03T11:08:38.284222240+08:00] You can override this by explicitly specifying '--tls=false' or '--tlsverify=false' host="tcp://0.0.0.0:5678"
WARN[2023-07-03T11:08:38.284256453+08:00] Support for listening on TCP without authentication or explicit intent to run without authentication will be removed in the next release host="tcp://0.0.0.0:5678"
第二种方式可能会导致 Docker 在不同于主机启动脚本创建的环境中重新启动,使调试更加困难。
3.自定义 Docker 守护进程选项
daemon.json文件可以用来配置几乎所有的守护进程配置选项。
案例:运行时目录和存储驱动的配置
[test@localhost ~]# sudo vim /etc/docker/daemon.json
{
"registry-mirrors":["https://nxwgbmaq.mirror.aliyuncs.com"],
"data-root":"/mnt/docker-data",
"storage-driver":"overlay"
}
上述配置中,data-root选项设置的是运行目录(docker 镜像、容器、卷所用的磁盘空间)。storage-driver选项设置的是存储驱动。