容器(Container)是Docker中最重要的概念之一,他是镜像的运行实体,是一个应用运行和所需运行环境的结合体。从现在开始,忘掉“臃肿”的虚拟机吧,对容器进行操作就跟直接操作应用一样简单、快速。
docker create
docker create 命令可以用来创建一个容器,该命令支持的参数纷繁复杂,可以输入 docker create --help 来查看该命令的使用方法
[root@localhost go]# docker create --help
Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
Create a new container
-a, --attach=[] Attach to STDIN, STDOUT or STDERR
--add-host=[] Add a custom host-to-IP mapping (host:ip)
--blkio-weight=0 Block IO (relative weight), between 10 and 1000
-c, --cpu-shares=0 CPU shares (relative weight)
--cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities
--cgroup-parent= Optional parent cgroup for the container
--cidfile= Write the container ID to the file
--cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota=0 Limit the CPU CFS quota
--cpuset-cpus= CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems= MEMs in which to allow execution (0-3, 0,1)
--device=[] Add a host device to the container
--dns=[] Set custom DNS servers
--dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables
--entrypoint= Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports
-h, --hostname= Container host name
--help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached
--ipc= IPC namespace to use
-l, --label=[] Set meta data on a container
--label-file=[] Read in a line delimited file of labels
--link=[] Add link to another container
--log-driver= Logging driver for container
--log-opt=[] Log driver options
--lxc-conf=[] Add custom lxc options
-m, --memory= Memory limit
--mac-address= Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-swap= Total memory (memory + swap), '-1' to disable swap
--name= Assign a name to the container
--net=bridge Set the Network mode for the container
--oom-kill-disable=false Disable OOM Killer
-P, --publish-all=false Publish all exposed ports to random ports
-p, --publish=[] Publish a container's port(s) to the host
--pid= PID namespace to use
--privileged=false Give extended privileges to this container
--read-only=false Mount the container's root filesystem as read only
--restart=no Restart policy to apply when a container exits
--security-opt=[] Security Options
-t, --tty=false Allocate a pseudo-TTY
-u, --user= Username or UID (format: <name|uid>[:<group|gid>])
--ulimit=[] Ulimit options
--uts= UTS namespace to use
-v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir= Working directory inside the container
比如我们创建一个基于centos镜像的容器
[root@localhost go]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos v7.0 fae454d6fc7b 2 weeks ago 434.5 MB
mysql 5.6.37 c6d1fd492efc 3 weeks ago 299 MB
ubuntu 14.04 b44ce450cb60 4 weeks ago 188 MB
quay.io/coreos/etcd v3.0.4 3b17a5f34e6c 14 months ago 43.3 MB
hub.c.163.com/public/ubuntu 14.04 f6a575b7c805 19 months ago 237.1 MB
[root@localhost go]# docker create -it centos:v7.0 "/bin/bash"
20fb80443f2a6dc8b9e2eaca96301f3d89688b1013caf7b7a226041a96ebc557
-i 参数 保持标准输入打开,默认为false
-t 参数 用来分配一个伪终端并绑定到容器的标准输入上,-i 和 -t 通常配合使用,让我们可以在容器中执行shell命令
docker ps
docker ps 命令可以列出当前已经创建的容器,默认只列出正在运行的容器,加上 -a 参数可以列出所有
[root@localhost go]# docker ps --help
Usage: docker ps [OPTIONS]
List containers
-a, --all=false Show all containers (default shows just running)
--before= Show only container created before Id or Name
-f, --filter=[] Filter output based on conditions provided
--help=false Print usage
-l, --latest=false Show the latest created container, include non-running
-n=-1 Show n last created containers, include non-running
--no-trunc=false Don't truncate output
-q, --quiet=false Only display numeric IDs
-s, --size=false Display total file sizes
--since= Show created since Id or Name, include non-running
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost go]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20fb80443f2a centos:v7.0 "/bin/bash" 11 minutes ago distracted_lumiere
aa670a3b8038 ubuntu:14.04 "/bin/bash" 2 weeks ago Exited (0) 2 weeks ago grave_lovelace
bf2565b8f666 hub.c.163.com/public/ubuntu:14.04 "/bin/sh -c '/usr/sb 2 weeks ago Exited (130) 2 weeks ago silly_pare
3bef58fab95a quay.io/coreos/etcd:v3.0.4 "/usr/local/bin/etcd 3 weeks ago Exited (0) 3 weeks ago adoring_turing
从上面的结果也可以看出,docker create 命令只是创建了一个容器并没有启动它
docker run
当然创建和启动容器也可以一步完成,使用docker run 命令,该命令相当于docker create + docker start命令,docker run 命令支持的参数和docker create 基本一致。
docker run命令的执行步骤大致如下:
·检查本地是否存在指定的镜像,不存在就从公有仓库下载;
·利用镜像创建一个容器,并启动该容器;
·分配一个文件系统给容器,并在只读的镜像层外面挂载一层可读写层;
·从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中;
·从网桥的地址池配置一个IP地址给容器;
·执行用户指定的应用程序;
·执行完毕后容器被自动终止。
例如:
[root@localhost go]# docker run centos:v7.0 /bin/echo "hello world"
hello wrold
[root@localhost go]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bfec95da73a6 centos:v7.0 "/bin/echo 'hello wo 6 seconds ago Exited (0) 5 seconds ago silly_sinoussi
上面的命令创建了一个centos容器,启动并执行COMMAND: /bin/echo "hello world" 命令执行完之后结束运行,可以用docker ps -a 命令查看到一个处于停止状态的容器
docker run 命令如果没有指定COMMAND,则会用镜像指定的默认COMMAND,如果镜像也没有指定COMMAND,则会抛出错误。
[root@localhost go]# docker run -d nginx:latest
3882e9573be8c85a42c4a46d3c2bd4e42c8fd01f0491ae053296bc2b517bf342
[root@localhost go]# docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3882e9573be8c85a42c4a46d3c2bd4e42c8fd01f0491ae053296bc2b517bf342 nginx:latest "nginx -g 'daemon off;'" 21 seconds ago
[root@localhost go]# docker run centos:v7.0
Error response from daemon: No command specified
-d 参数可以让容器在后台运行。可以看到这里的nginx镜像的默认COMMAND 为 “nginx -g 'daemon off;'”,而centos镜像没有指定默认的COMMAND,所以不指定COMMAND会报错,可以用上篇提到的docker inspect 命令来查看镜像的默认COMMAND
使用前面提到的 -it 参数可以打开一个伪终端来供我们在容器中执行shell命令,像操作本地机器一样方便
[root@localhost ~]# docker exec -it centos:v7.0 /bin/bash
[root@4b9028589de7 /]# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
17 ? 00:00:00 ps
[root@4b9028589de7 /]# whoami
root
[root@4b9028589de7 /]# ls
bin boot dev etc fastboot home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@4b9028589de7 /]# exit
exit
可以看到docker容器只运行了bash进程,也就是COMMAND指定的程序,这也是之所以Docker比虚拟机轻量级的原因之一。
docker logs
对于运行在后台的容器(使用 docker run -d),容器的标准输出会被重定向写入相应的日志文件中,这时如果我们想要看这个容器的标准输出,可以使用 docker logs 命令
[root@localhost ~]# docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
-f, --follow=false Follow log output
--help=false Print usage
--since= Show logs since timestamp
-t, --timestamps=false Show timestamps
--tail=all Number of lines to show from the end of the logs
比如现在在我的容器中有一个shell脚本 /usr/local/bin/hello.sh 内容如下:
#!/bin/sh
while [[ 1 ]]
do
echo "hello docker"
sleep 2
done
就是每隔两秒打印一句 hello docker,现在我们后台启动这个容器,然后用 docker logs 命令查看输出
[root@localhost ~]# docker run -d centos:hello-docker /bin/sh /usr/local/bin/hello.sh
e2fa608635bddaca537a2a850f6d25259f6f54f98428be6a0fc96a771ad478f6
[root@localhost ~]# docker logs -f e2f
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
docker start/stop
docker stop 命令停止一个或多个容器的运行,实现机制是先向容器发送一个SIGTERM信号,过一段时间再发送一个SIGKILL信号,这样就确保了能够结束进程。
[root@localhost go]# docker stop 20f
20f
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
docker start 命令可以重新启动停止了的一个或多个容器
[root@localhost go]# docker start --help
Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
Start one or more stopped containers
-a, --attach=false Attach STDOUT/STDERR and forward signals
--help=false Print usage
-i, --interactive=false Attach container's STDIN
[root@localhost go]# docker start 20fb
20fb
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20fb80443f2a centos:v7.0 "/bin/bash" 25 minutes ago Up 4 seconds distracted_lumiere
docker exec
对于容器来说,通常我们都是让其在后台运行,比如对于nginx来说,我们通常这样启动容器
[root@localhost ~]# docker run -d -p 8080:80 nginx:latest nginx -g 'daemon off;'
b0a3266aaf05a9b7b5a7d910716c37a32330f0a5f9a34481679619c7217b5bb9
[root@localhost ~]# curl '127.0.0.1:8080'
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-d 参数以守护进程方式运行容器
-p 参数可以将容器的端口映射到宿主机的指定端口
我们知道,一个容器通常只能运行一个COMMAND,这时如果我还想在容器中执行其他命令该怎么办呢,比如在nginx容器中运行bash,docker exec命令可以实现该功能
[root@localhost ~]# docker exec --help
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
-d, --detach=false Detached mode: run command in the background
--help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached
-t, --tty=false Allocate a pseudo-TTY
-u, --user= Username or UID (format: <name|uid>[:<group|gid>])
比如我可以这样来执行shell命令
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0a3266aaf05 nginx:latest "nginx -g 'daemon of 13 minutes ago Up 13 minutes 0.0.0.0:8080->80/tcp cocky_lumiere
[root@localhost ~]# docker exec -it b0a /bin/bash
root@b0a3266aaf05:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@b0a3266aaf05:/# cd /etc/
root@b0a3266aaf05:/etc# ls
adduser.conf debconf.conf fonts gshadow- issue.net localtime mtab pam.d rc1.d rcS.d shadow subuid
alternatives debian_version fstab host.conf kernel login.defs nginx passwd rc2.d resolv.conf shadow- systemd
apt default gai.conf hostname ld.so.cache logrotate.d nsswitch.conf passwd- rc3.d rmt shells terminfo
bash.bashrc deluser.conf group hosts ld.so.conf machine-id opt profile rc4.d securetty skel timezone
bindresvport.blacklist dpkg group- init.d ld.so.conf.d mke2fs.conf os-release profile.d rc5.d security staff-group-for-usr-local ucf.conf
cron.daily environment gshadow issue libaudit.conf motd pam.conf rc0.d rc6.d selinux subgid update-motd.d
root@b0a3266aaf05:/etc# cat nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
root@b0a3266aaf05:/etc# exit
exit
上面我们进入到容器中,查看了nginx的配置文件然后退出,整个过程没有影响到容器的运行。
docker rm
docker rm 命令可以删除一个或多个容器,默认只能删除已停止的容器,如果想删除正在运行的容器,可以加 -f 参数,这样docker会先尝试终止容器运行,然后再删除容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0a3266aaf05 nginx:latest "nginx -g 'daemon of 17 minutes ago Exited (0) 3 seconds ago cocky_lumiere
4b9028589de7 centos:v7.0 "/bin/bash" 50 minutes ago Exited (0) 48 minutes ago happy_heisenberg
aa670a3b8038 ubuntu:14.04 "/bin/bash" 2 weeks ago Exited (0) 2 weeks ago grave_lovelace
bf2565b8f666 hub.c.163.com/public/ubuntu:14.04 "/bin/sh -c '/usr/sb 3 weeks ago Exited (130) 3 weeks ago silly_pare
3bef58fab95a quay.io/coreos/etcd:v3.0.4 "/usr/local/bin/etcd 3 weeks ago Exited (0) 3 weeks ago adoring_turing
[root@localhost ~]# docker rm b0a 4b9
b0a
4b9
docker commit
当我们在一个容器中做了一些更改之后,想要保存这些更改方便以后使用,我们可以使用 docker commit 提交更改,这样会在本地生成一个新的镜像,这个镜像保存了你之前所做的所有修改。
[root@localhost sshd_ubuntu]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
-a, --author= Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change=[] Apply Dockerfile instruction to the created image
--help=false Print usage
-m, --message= Commit message
-p, --pause=true Pause container during commit
以Nginx镜像为例,在容器中创建一个文件,然后 docker commit:
[root@localhost sshd_ubuntu]# docker run -d -p 8080:80 nginx:latest
ffa8237fe81a34e13c0ef7c13ec0dd52775fee0e2e9f377e6924929ac4eb7915
[root@localhost sshd_ubuntu]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffa8237fe81a nginx:latest "nginx -g 'daemon of 3 seconds ago Up 3 seconds 0.0.0.0:8080->80/tcp compassionate_lumiere
[root@localhost sshd_ubuntu]# docker exec -it ffa /bin/bash
root@ffa8237fe81a:/# echo "Hello,docker!" > /usr/share/nginx/html/test.html
root@ffa8237fe81a:/# ls /usr/share/nginx/html/test.html
/usr/share/nginx/html/test.html
root@ffa8237fe81a:/# exit
[root@localhost sshd_ubuntu]# curl '127.0.0.1:8080/test.html'
Hello,docker!
[root@localhost sshd_ubuntu]# docker commit -m "创建test.html" ffa nginx:myself
ffbf82fc975d8804bdd0f219e038be0c4f788303938671ae1db61be9bb6703e0
[root@localhost sshd_ubuntu]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
nginx myself ffbf82fc975d 40 seconds ago 108.3 MB
这样就把我们刚刚的修改提交生成了一个新镜像 nginx:myself
docker export/import
有时我们需要将一个容器迁移到另一个容器上,这时我们使用docker提供的导入导出命令(docker import/export)就可以很方便的将容器导出成备份文件,然后再从备份文件导入成镜像。
[root@localhost ~]# docker export --help
Usage: docker export [OPTIONS] CONTAINER
Export a filesystem as a tar archive (streamed to STDOUT by default)
--help=false Print usage
-o, --output= Write to a file, instead of STDOUT
docker export命令用来导出一个容器为镜像,-o 参数可以指定导出的镜像文件名
[root@localhost containers]# docker export -o nginx-1017.tar 1b6
[root@localhost containers]# ls
nginx-1017.tar
docker import 可以导入之前导出的镜像
[root@localhost containers]# docker import --help
Usage: docker import [OPTIONS] URL|- [REPOSITORY[:TAG]]
Create an empty filesystem image and import the contents of the
tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then
optionally tag it.
-c, --change=[] Apply Dockerfile instruction to the created image
--help=false Print usage
docker import URL 表示从某个URL读取镜像文件
docker import - 表示从标准输入读取镜像文件
比如导入之前的nginx-1017.tar
[root@localhost containers]# cat nginx-1017.tar | docker import - nginx:backup
410962fdbc386075569f135b725baaf684708947aee2f3e0f4b4281522f73b49
[root@localhost containers]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
nginx backup 410962fdbc38 7 seconds ago 106.6 MB
nginx latest 2ecc072be0ec 6 days ago 108.3 MB
ubuntu 14.04 b44ce450cb60 4 weeks ago 188 MB
[root@localhost containers]#
以上就是对docker容器操作的基本介绍,希望对大家有帮助