[root@docker nginx]# docker cantiner --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default
context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
指令 | 描述 |
---|---|
-i , --interactive | 交互式 |
-t, --tty | 分配一个伪终端 |
-a, --attach list | 附加到运行的容器 |
–dns list | 设置dns服务器 |
-e, --env list | 设置环境变量 |
–env-file list | 从文件读取环境变量 |
-p, --publisg-all | 发布容器端口到主机 |
-h,–hostname string | 设置容器的主机名 |
–ip string | 指定容器ip 只能用于自定义网络 |
–link list | 添加连接到另一个容器 |
–network | 连接容器到一个网络 |
–mount mount | 挂载宿主机分区到容器 |
-v, --volume list | 挂载宿主机目录到容器 |
–restart string | 容器退出时重启策略,默认no[always|on failure] |
–add-host list | 添加其他主机到容器中/etc/hosts |
-d, --detach | 运行容器到后台 |
资源限制指令 | 描述 |
---|---|
-m ,–memory | 容器可以使用的最大内存量 |
–memory-swap | 允许交换到磁盘的内存量 |
–memory-swappiness-<0-100> | 容器使用swap分区交换的百分比(0-100,默认为-1) |
–memory-reservation | 内存软限制,docker检测主机容器争用或内存不足时所激活的软限制,使用此选项,值必须设置低于–memory,以使其优先 |
–oom-kill-disable | 当宿主机内存不足时,内核会杀死容器中的进程。建议设置了-memory选项在禁用OOM。如果没有设置,主机可能会耗尽内存 |
–cpus | 限制容器可以使用多少个可用的cpu资源 |
–cpuset-cpus | 限制容器可以使用特定的CPU |
–cpu-shares | 此值设置为大于或小于默认1024值,以增加或减少容器的权重,并使其可以访问主机cpu周期的更大或更小比例 |
1.run创建容器
docker container run -itd --name bs busybox
--name 指定一个名字
-itd 后端运行
2.进入容器
[root@docker nginx]# docker container attach bs
/ # ls
bin dev etc home proc root sys tmp usr var
/ # ps -ef #和宿主机的进程是相互隔离的
PID USER TIME COMMAND
1 root 0:00 sh
7 root 0:00 ps -ef
/ #exit
退出时容器停止
3.ctrl+p+q 退出容器 不停止
[root@docker nginx]# docker start 88
88
[root@docker nginx]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88a770ae905d busybox "sh" 6 minutes ago Up 2 seconds bs
[root@docker nginx]# docker container attach bs #进入容器
/ # read escape sequence # ctrl+p+q 退出
[root@docker nginx]# docker ps #查看容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88a770ae905d busybox "sh" 7 minutes ago Up About a minute bs
4.查看文件系统挂载的情况
[root@docker nginx]# docker container attach bs
/ # mount
#默认挂载三个文件
/dev/vda1 on /etc/resolv.conf type ext4 (rw,relatime,data=ordered) #dns解析
/dev/vda1 on /etc/hostname type ext4 (rw,relatime,data=ordered)
/dev/vda1 on /etc/hosts type ext4 (rw,relatime,data=ordered) #主机与ip对应的
#每次进行重启容器。都会将三个文件从宿主机进行挂载出来
#只要改任何一个文件 容器都不是生效的
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 88a770ae905d
#修改内容
/ # echo "123" > /etc/hosts
/ # cat /etc/hosts
123
#重启容器
[root@docker nginx]# docker container attach bs
#再次查看文件
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 88a770ae905d
- exec. -a传入变量
docker container run -itd -e a=123 --name bs1 busybox
[root@docker nginx]# docker exec -it bs1 bash #有的不支持bash
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknown
[root@docker nginx]# docker exec -it bs1 sh #用sh
/ # echo $a #变量123通过-a的选项传入进来
123
/ #
- -p
[root@docker nginx]# docker container run -itd -p 8080:80 --name nginx01 nginx
90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f
[root@docker nginx]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90a8aef6356b nginx "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:8080->80/tcp nginx01
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-NFwy0RCk-1596679167842)(/Users/yingliming/Desktop/截屏2020-07-13 下午7.56.02.png)]
7.查看日志
[root@docker nginx]# docker logs 90
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
219.143.183.130 - - [13/Jul/2020:11:55:31 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15" "-"
2020/07/13 11:55:31 [error] 28#28: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 219.143.183.130, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "121.199.30.165:8080", referrer: "http://121.199.30.165:8080/"
219.143.183.130 - - [13/Jul/2020:11:55:31 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://121.199.30.165:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15" "-"
106.14.6.194 - - [13/Jul/2020:11:55:50 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (macintosh; mac os safari) Mac OS Safari" "-"
[root@docker nginx]#
#日志还存放在这里
[root@docker nginx]# ls /var/lib/docker/containers/
0f646d20ccb6f54c8b700bd9a4aa2d3f8c5781065e4c49fa7c9b06dbe2e59ec8
6ded32348de2659d66acad2bd3abcc79b15f1ea0564ea10627ac756f67f2a74d
7c77ab4e80fb490496b5c1f00bc93d6a4a6299e830544fd49368ce1cfedbb6eb
88a770ae905de23320e33aeb6bb9062e651fb096ef102fb9029c7dbf7349d9e8
8e6de4d9c136f031b27e4bdadf880b2ff401d1a8d0ae95460799437e25e7df29
90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f
9dc1611db1ed657cf9585a2b88924c2831bc373bf17688d375ab4cab4298731a
[root@docker nginx]# ls /var/lib/docker/containers/90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f/
#控制台的输出到这个log里面,磁盘越来愈大 ,看一下日志控制台是不是越来越多了
90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f-json.log hostconfig.json mounts
checkpoints hostname resolv.conf
config.v2.json hosts resolv.conf.hash
[root@docker nginx]#
#日志是json格式
[root@docker nginx]# tail /var/lib/docker/containers/90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f/90a8aef6356b8e47d3e8a0abe86164855f991b22e03a7bfae4d4f154becb617f-json.log
{"log":"/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/\r\n","stream":"stdout","time":"2020-07-13T11:53:28.146854608Z"}
{"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh\r\n","stream":"stdout","time":"2020-07-13T11:53:28.150305983Z"}
{"log":"10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf\r\n","stream":"stdout","time":"2020-07-13T11:53:28.156529644Z"}
{"log":"10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf\r\n","stream":"stdout","time":"2020-07-13T11:53:28.182247249Z"}
{"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh\r\n","stream":"stdout","time":"2020-07-13T11:53:28.182526775Z"}
{"log":"/docker-entrypoint.sh: Configuration complete; ready for start up\r\n","stream":"stdout","time":"2020-07-13T11:53:28.185494449Z"}
{"log":"219.143.183.130 - - [13/Jul/2020:11:55:31 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15\" \"-\"\r\n","stream":"stdout","time":"2020-07-13T11:55:31.039140223Z"}
{"log":"2020/07/13 11:55:31 [error] 28#28: *2 open() \"/usr/share/nginx/html/favicon.ico\" failed (2: No such file or directory), client: 219.143.183.130, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"121.199.30.165:8080\", referrer: \"http://121.199.30.165:8080/\"\r\n","stream":"stdout","time":"2020-07-13T11:55:31.20857839Z"}
{"log":"219.143.183.130 - - [13/Jul/2020:11:55:31 +0000] \"GET /favicon.ico HTTP/1.1\" 404 153 \"http://121.199.30.165:8080/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15\" \"-\"\r\n","stream":"stdout","time":"2020-07-13T11:55:31.208613401Z"}
{"log":"106.14.6.194 - - [13/Jul/2020:11:55:50 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (macintosh; mac os safari) Mac OS Safari\" \"-\"\r\n","stream":"stdout","time":"2020-07-13T11:55:50.069680628Z"}
[root@docker nginx]#
8.restart
[root@docker nginx]# docker container run -itd -p 8081:80 --name nginx02 --restart=always nginx
c740a992c572cc77847e16cef7d732fc724630baf2c89818d4c1d82c34548548
9.资源限制cpu
[root@docker nginx]# docker container run --help|grep cpu
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs #!!!!!
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
[root@docker nginx]# docker container run -itd --cpus 1 --name nginx03 nginx
fb9dacd721377f68555e8cb9381b4acbe65b263fd527b0c2cc58e8312aaf0ae5
--cpus 限制容器使用多少个可用的cpu资源
10.资源限制内存
[root@docker nginx]# docker container run -itd --memory 512m --name nginx04 nginx
ead5aab459f11a8b1497ce3b2ff748ff5f61050bfff744a76aee9f751141e88a
那么swap交换分区使用的就是2倍
11.实时输出资源的利用率
docker container stats nginx04
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
ead5aab459f1 nginx04 0.00% 2.379MiB / 512MiB 0.46% 0B / 0B 0B / 0B 2