• docker commandline

    https://docs.docker.com/engine/reference/commandline/run/

    https://docs.docker.com/engine/reference/commandline/exec/

    • docker run – Runs a command in a new container.
    • docker start – Starts one or more stopped containers
    • docker stop – Stops one or more running containers
    • docker build – Builds an image form a Docker file
    • docker pull – Pulls an image or a repository from a registry
    • docker push – Pushes an image or a repository to a registry
    • docker export – Exports a container’s filesystem as a tar archive
    • docker exec – Runs a command in a run-time container
    • docker search – Searches the Docker Hub for images
    • docker attach – Attaches to a running container
    • docker commit – Creates a new image from a container’s changes

    --ipc=host and --ipc=container:id选项已添加到Docker createrun命令中以共享IPC资源。

    --ipc=""  : Set the IPC mode for the container,
             'container:<name|id>': reuses another container's IPC namespace
             'host': use the host's IPC namespace inside the container

    Configure namespaced kernel parameters (sysctls) at runtime

    The --sysctl sets namespaced kernel parameters (sysctls) in the container. For example, to turn on IP forwarding in the containers network namespace, run this command:

    $ docker run --sysctl net.ipv4.ip_forward=1 someimage

    Note

    Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced.

    CURRENTLY SUPPORTED SYSCTLS

    IPC Namespace:

    • kernel.msgmaxkernel.msgmnbkernel.msgmnikernel.semkernel.shmallkernel.shmmaxkernel.shmmnikernel.shm_rmid_forced.
    • Sysctls beginning with fs.mqueue.*
    • If you use the --ipc=host option these sysctls are not allowed.

    Network Namespace:

    • Sysctls beginning with net.*
    • If you use the --network=host option using these sysctls are not allowed.

    System V共享内存(shmget、shmat、shmdt)以及Mmap映射Regular File。System V共享内存支持一定程度上的内存数据持久化,即当程序创建共享内存对象后,如果不显式删除或物理主机重启,该IPC对象会一直保留,其中的数据也不会丢 失;mmap映射Regular File的方式支持内存数据持久化到文件中,即便物理主机重启,这部分数据依旧不会丢失,除非显式删除文件。

    mmap常见的有两类共享内存映射方式,一种映射到/dev/zero,另外一种则是映射到 Regular Fiile。前者在程序退出后数据自动释放,后者则保留在映射的文件中。

    一个启动的Docker容器就是一个拥有了自己的内核名字空间的进程,其pid、net、ipc、mnt、uts、user等均与其他进程隔离,对于运行于该容器内的程序而言,它仿佛会觉得它独占了一台“主机”。

    在docker容器中的centos无法使用gdb调试:在docker run 命令中加上参数--cap-add=SYS_PTRACE

    docker机器上不能使用date -s修改时间: --cap-add=SYS_TIME
  • 相关阅读:
    memcache
    memcache 杂记
    mysql_函数
    MySQL_存储过程
    MySQL_视图
    mysql _触发器
    MySQL_优化
    mysql_索引
    R语言编程艺术_第六章_因子和表
    Bioinfo:学习Python,做生信PartII 学习笔记
  • 原文地址:https://www.cnblogs.com/scw2901/p/14853532.html
Copyright © 2020-2023  润新知