运行交互式的容器:
[root@elk02 ~]# docker run -i -t ubuntu:15.10 /bin/bash root@66d539b6313e:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
- -t:在新容器内指定一个伪终端或终端。
- -i:允许你对容器内的标准输入 (STDIN) 进行交互
启动容器(后台模式):
[root@elk02 ~]# docker run -d ubuntu:15.10 /bin/sh -c "while true; do echo hello world; sleep 1; done" 5a2a7609bb50410323b30532988422412a0bd76f7ca36a7b79fc7dfd58348402 [root@elk02 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5a2a7609bb50 ubuntu:15.10 "/bin/sh -c 'while tr" 5 seconds ago Up 3 seconds tiny_shaw [root@elk02 ~]# docker logs 5a2a7609bb50 hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world hello world …
- -d:表示以damon模式运行
进入容器:
[root@elk01 conf]# docker exec -i -t 0321912df6c1 /bin/bash root@0321912df6c1:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
停止容器:
[root@elk01 ~]# docker stop 5a2a7609bb50 5a2a7609bb50 [root@elk02 ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5a2a7609bb50 ubuntu:15.10 "/bin/sh -c 'while tr" 4 minutes ago Exited (137) 6 seconds ago tiny_shaw
网络端口映射:
[root@elk01 sysconfig]# docker run -d -P training/webapp python app.py 6ab91fee56ff81c3ee71f89dfad0ed6439aaf698c563b4b90d9355f5231a8240 You have mail in /var/spool/mail/root [root@elk01 sysconfig]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6ab91fee56ff training/webapp:latest "python app.py" 6 seconds ago Up 6 seconds 0.0.0.0:32778->5000/tcp furious_rosalind
- -d:让容器在后台运行。
- -P:将容器内部使用的网络端口映射到我们使用的主机上。
- -p:指定需要绑定的端口号
查看网络端口映射:docker port
[root@elk01 sysconfig]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2bb2ed1f9867 training/webapp:latest "python app.py" 9 minutes ago Up 9 minutes 0.0.0.0:5000->5000/tcp high_mcclintock [root@elk01 sysconfig]# docker port 2bb2ed1f9867 #可以使用容器ID或者名字 5000/tcp -> 0.0.0.0:5000 [root@elk01 sysconfig]# docker port high_mcclintock 5000/tcp -> 0.0.0.0:5000
查看正在运行的容器:
[root@elk01 sysconfig]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2bb2ed1f9867 training/webapp:latest "python app.py" 7 seconds ago Up 6 seconds 0.0.0.0:5000->5000/tcp high_mcclintock
- -l,--latest=false:查看最后创建的容器(包含没有启动的容器)
查看容器的应用日志:
和tail -f一样
[root@elk01 sysconfig]# docker logs -f 2bb2ed1f9867 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit) 10.11.102.12 - - [03/Nov/2017 06:52:49] "GET / HTTP/1.1" 200 - 10.11.102.12 - - [03/Nov/2017 06:52:49] "GET /favicon.ico HTTP/1.1" 404 -
检查WEB应用程序:
使用 docker inspect 来查看Docker的底层信息。它会返回一个 JSON 文件记录着 Docker 容器的配置和状态信息。
[root@elk01 sysconfig]# docker inspect 2bb2ed1f9867 [{ "AppArmorProfile": "", "Args": [ "app.py" ], "Config": { "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": [ "python", "app.py" ], …
删除容器:
容器必须先停止,才能删除
[root@elk01 sysconfig]# docker rm 2bb2ed1f9867 Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f FATA[0000] Error: failed to remove one or more containers [root@elk01 sysconfig]# docker stop 2bb2ed1f9867 2bb2ed1f9867 [root@elk01 sysconfig]# docker rm 2bb2ed1f9867 2bb2ed1f9867
列出本地所有镜像:
[root@elk01 sysconfig]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
镜像的仓库源 镜像的标签 镜像ID 镜像创建时间 镜像大小
yehaifeng/learn 6.7 a0318133f1fa 2 weeks ago 190.6 MB yehaifeng/ubuntu v4 6b416869c565 2 weeks ago 137.2 MB docker.io/mysql 5.6 dd751b1fac67 2 weeks ago 299 MB docker.io/httpd latest fe37d22f8f5f 3 weeks ago 177.3 MB docker.io/ubuntu latest bd92ca350bbd 3 weeks ago 122 MB docker.io/nginx latest 2ecc072be0ec 3 weeks ago 108.3 MB docker.io/debian jessie de2958a3c124 3 weeks ago 123.4 MB docker.io/centos 6.7 27c25e48cd03 7 weeks ago 190.6 MB docker.io/hello-world latest bef02f2f6467 7 weeks ago 1.84 kB docker.io/jiaxiangkong/jumpserver_docker 0.3.2 80e9ddba8da6 11 months ago 179.2 MB docker.io/ubuntu 15.10 bfaaabeea063 15 months ago 137.2 MB docker.io/training/webapp latest 02a8815912ca 2.472794 years ago 348.7 MB docker.io/ubuntu 13.10 195eb90b5349 3.379130 years ago 184.5 MB
从镜像仓库查找下载镜像:
[root@elk01 sysconfig]# docker search nginx #查找镜像 INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/nginx Official build of Nginx. 7172 [OK] docker.io docker.io/jwilder/nginx-prox Automated Nginx reverse proxy for docker c... 1159 [OK] docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable ... 468 [OK] [root@elk01 sysconfig]# docker pull nginx #下载镜像 latest: Pulling from docker.io/nginx 33e4f169980f: Pull complete 4732224668e2: Pull complete d7a36ce98ade: Pull complete d8b26cb8ad00: Pull complete 15fc5d030907: Pull complete 878f1c38771b: Pull complete b18c56787b43: Pull complete 9c0ba5cb2724: Pull complete 2bbcf0f8fd73: Pull complete 6362f5ebce41: Pull complete Digest: sha256:19d924bb7e9cfc412703c433e61803768cca7b2b8ef2ba1250be6647868a6acf Status: Downloaded newer image for docker.io/nginx:latest [root@elk01 sysconfig]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE docker.io/nginx latest 6362f5ebce41 6 days ago 108.4 MB docker.io/mysql 5.6 dd751b1fac67 2 weeks ago 299 MB docker.io/jiaxiangkong/jumpserver_docker 0.3.2 80e9ddba8da6 11 months ago 179.2 MB
创建镜像:
当我们从docker镜像仓库中下载的镜像不能满足我们的需求时,我们可以通过以下两种方式对镜像进行更改。
1.从已经创建的容器中更新镜像,并且提交这个镜像
2.使用 Dockerfile 指令来创建一个新的镜像
更新镜像:
#更新镜像之前,我们需要使用镜像来创建一个容器。 [root@elk01 sysconfig]# docker run -t -i ubuntu:15.10 /bin/bash Unable to find image 'ubuntu:15.10' locally 15.10: Pulling from docker.io/ubuntu 8e40f6313e6b: Pull complete e2224f46fc07: Pull complete 8c721b8e6e1c: Pull complete a73b3adec5de: Pull complete bfaaabeea063: Pull complete Digest: sha256:cc767eb612212f9f5f06cd1f4e0821d781a5f83bc24d1182128a1088907d3825 Status: Downloaded newer image for docker.io/ubuntu:15.10 root@7ea24f7664d0:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var #在运行的容器内使用命令进行修改操作 root@7ea24f7664d0:/# apt-get update Ign http://archive.ubuntu.com wily InRelease Ign http://archive.ubuntu.com wily-updates InRelease Ign http://archive.ubuntu.com wily-security InRelease Ign http://archive.ubuntu.com wily Release.gpg Ign http://archive.ubuntu.com wily-updates Release.gpg Ign http://archive.ubuntu.com wily-security Release.gpg Ign http://archive.ubuntu.com wily Release … #将修改好的副本提交docker仓库中,并指定版本为v2 [root@elk01 sysconfig]# docker commit -m="has update" -a="runoob" 7ea24f7664d0 yehaifeng/ubuntu:v2 2f84022778678a442c943c19b492232a4b5867d853ed57e11d0246150dda9c28 [root@elk01 sysconfig]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE yehaifeng/ubuntu v2 2f8402277867 4 seconds ago 137.2 MB docker.io/nginx latest 6362f5ebce41 6 days ago 108.4 MB docker.io/mysql 5.6 dd751b1fac67 2 weeks ago 299 MB docker.io/jiaxiangkong/jumpserver_docker 0.3.2 80e9ddba8da6 11 months ago 179.2 MB docker.io/ubuntu 15.10 bfaaabeea063 15 months ago 137.2 MB
- -m:提交的描述信息
- -a:指定镜像作者
- 7ea24f7664d0:容器ID
- yehaifeng/ubuntu:v2:指定要创建的目标镜像名
构建镜像docker build:
从零开始来创建一个新的镜像。为此,我们需要创建一个 Dockerfile 文件,其中包含一组指令来告诉 Docker 如何构建我们的镜像。
[root@elk01 ~]# cat Dockerfile FROM centos:6.7 MAINTAINER Fisher "fisher@sudops.com" RUN /bin/echo 'root:123456' |chpasswd RUN useradd runoob RUN /bin/echo 'runoob:123456' |chpasswd RUN /bin/echo -e "LANG="en_US.UTF-8"" >/etc/default/local EXPOSE 22 EXPOSE 80 CMD /usr/sbin/sshd –D [root@elk01 ~]# docker build -t runoob/centos:6.7 . Sending build context to Docker daemon 952.9 MB Sending build context to Docker daemon Step 0 : FROM centos:6.7 ---> a40ca4e3cce6 Step 1 : MAINTAINER Fisher "fisher@sudops.com" ---> Using cache ---> cc989d9b4629 Step 2 : RUN /bin/echo 'root:123456' |chpasswd ---> Using cache ---> fae1ea8b83c2 Step 3 : RUN useradd runoob ---> Using cache ---> 6085436fbfde Step 4 : RUN /bin/echo 'runoob:123456' |chpasswd ---> Using cache ---> 2c98a6d8a31e Step 5 : RUN /bin/echo -e "LANG="en_US.UTF-8"" >/etc/default/local ---> Using cache ---> 3a4a92e7fe15 Step 6 : EXPOSE 22 ---> Using cache ---> 35596241dcdf Step 7 : EXPOSE 80 ---> Using cache ---> 649b43f0fbd8 Step 8 : CMD /usr/sbin/sshd -D ---> Using cache ---> 3192d489e846 Successfully built 3192d489e846 [root@elk01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE runoob/centos 6.7 3192d489e846 3 hours ago 190.6 MB runoob/ubuntu v2 59b7bca5f46b 3 hours ago 179.9 MB docker.io/centos 6.7 a40ca4e3cce6 2 days ago 190.6 MB yehaifeng/ubuntu v2 2f8402277867 3 days ago 137.2 MB docker.io/nginx latest 6362f5ebce41 9 days ago 108.4 MB docker.io/mysql 5.6 dd751b1fac67 2 weeks ago 299 MB docker.io/jiaxiangkong/jumpserver_docker 0.3.2 80e9ddba8da6 11 months ago 179.2 MB docker.io/ubuntu 15.10 bfaaabeea063 15 months ago 137.2 MB
本地文件挂载:
[root@elk01 conf]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE runoob/centos 6.7 3192d489e846 21 hours ago 190.6 MB runoob/ubuntu v2 59b7bca5f46b 21 hours ago 179.9 MB docker.io/centos 6.7 a40ca4e3cce6 3 days ago 190.6 MB yehaifeng/ubuntu v2 2f8402277867 3 days ago 137.2 MB docker.io/nginx latest 6362f5ebce41 10 days ago 108.4 MB docker.io/mysql 5.6 dd751b1fac67 3 weeks ago 299 MB docker.io/jiaxiangkong/jumpserver_docker 0.3.2 80e9ddba8da6 11 months ago 179.2 MB docker.io/ubuntu 15.10 bfaaabeea063 15 months ago 137.2 MB docker.io/training/webapp latest 02a8815912ca 2.483361 years ago 348.7 MB [root@elk01 nginx]# docker run -d -p 80:80 --name younginx -v $PWD/www/:/usr/share/nginx/html/ -v $PWD/logs/:/var/log/nginx/ -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf nginx 0321912df6c129e817a51cdb7de4ff8c6a2ae056cd2639ca9ac9b5032f4b8c26 #-v:将本地文件映射到容器中的文件 [root@elk01 nginx]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0321912df6c1 nginx:latest "nginx -g 'daemon of 3 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp younginx c11937cd9383 jiaxiangkong/jumpserver_docker:0.3.2 "/bin/sh -c /run.sh" 5 months ago Up 4 months 0.0.0.0:2222->22/tcp, 0.0.0.0:8888->80/tcp jms
docker --help:
[root@elk01 conf]# docker --help Usage: docker [OPTIONS] COMMAND [arg...] A self-sufficient runtime for linux containers. Options: --add-registry=[] Registry to query before a public one --api-cors-header= Set CORS headers in the remote API -b, --bridge= Attach containers to a network bridge --bip= Specify network bridge IP --block-registry=[] Don't contact given registry --confirm-def-push=true Confirm a push to default registry -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode --default-ulimit=[] Set default ulimits for containers --dns=[] DNS server to use --dns-search=[] DNS search domains to use -e, --exec-driver=native Exec driver to use --fixed-cidr= IPv4 subnet for fixed IPs --fixed-cidr-v6= IPv6 subnet for fixed IPs -G, --group=docker Group for the unix socket -g, --graph=/var/lib/docker Root of the Docker runtime -H, --host=[] Daemon socket(s) to connect to -h, --help=false Print usage --icc=true Enable inter-container communication --insecure-registry=[] Enable insecure registry communication --ip=0.0.0.0 Default IP when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading --iptables=true Enable addition of iptables rules --ipv6=false Enable IPv6 networking -l, --log-level=info Set the logging level --label=[] Set key=value labels to the daemon --log-driver=json-file Containers logging driver --mtu=0 Set the containers network MTU -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror -s, --storage-driver= Storage driver to use --selinux-enabled=false Enable selinux support --storage-opt=[] Set storage driver options --tls=false Use TLS; implied by --tlsverify --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA --tlscert=~/.docker/cert.pem Path to TLS certificate file --tlskey=~/.docker/key.pem Path to TLS key file --tlsverify=false Use TLS and verify the remote -v, --version=false Print version information and quit Commands: attach Attach to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders from a container's filesystem to the host path create Create a new container diff Inspect changes on a container's filesystem events Get real time events from the server exec Run a command in a running container export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container or image kill Kill a running container load Load an image from a tar archive login Register or log in to a Docker registry server logout Log out from a Docker registry server logs Fetch the logs of a container port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT pause Pause all processes within a container ps List containers pull Pull an image or a repository from a Docker registry server push Push an image or a repository to a Docker registry server rename Rename an existing container restart Restart a running container rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save an image to a tar archive search Search for an image on the Docker Hub start Start a stopped container stats Display a stream of a containers' resource usage statistics stop Stop a running container tag Tag an image into a repository top Lookup the running processes of a container unpause Unpause a paused container version Show the Docker version information wait Block until a container stops, then print its exit code Run 'docker COMMAND --help' for more information on a command.
docker run --hep:
[root@elk01 conf]# docker run --help Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities --cgroup-parent= Optional parent cgroup for the container --cidfile= Write the container ID to the file --cpuset-cpus= CPUs in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint= Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a file of environment variables --expose=[] Expose a port or a range of ports -h, --hostname= Container host name --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --ipc= IPC namespace to use -l, --label=[] Set meta data on a container --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container --log-driver= Logging driver for container --lxc-conf=[] Add custom lxc options -m, --memory= Memory limit --mac-address= Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-swap= Total memory (memory + swap), '-1' to disable swap --name= Assign a name to the container --net=bridge Set the Network mode for the container -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid= PID namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only --restart=no Restart policy to apply when a container exits --rm=false Automatically remove the container when it exits --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY -u, --user= Username or UID (format: <name|uid>[:<group|gid>]) --ulimit=[] Ulimit options -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir= Working directory inside the container