zoukankan      html  css  js  c++  java
  • docker命令及选项

    docker 命令帮助

    $ sudo docker 
        attach    Attach to a running container  
                  1> 运行一个交互型容器
                     [root@localhost ~]# docker run -i -t centos /bin/bash
                     [root@f0a02b473067 /]# 
                  2> 在另一个窗口上查看该容器的状态
                     [root@localhost ~]# docker ps -a
                     CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS      PORTS       NAMES
                     d4a75f165ce6        centos              "/bin/bash"         5 seconds ago       Up 5 seconds            cranky_mahavira
                  3> 退出第一步中运行的容器
                     [root@d4a75f165ce6 /]# exit
                  4> 查看该容器的状态
                     [root@localhost ~]# docker ps -a
                     CONTAINER ID        IMAGE           COMMAND           CREATED             STATUS                  PORTS    NAMES
                     d4a75f165ce6        centos          "/bin/bash"       2 minutes ago       Exited (0) 23 seconds ago        cranky_mahavira
                     可见此时容器的状态是Exited,那么,如何再次运行这个容器呢?可以使用docker start命令
                  5> 再次运行该容器
                     [root@localhost ~]# docker start cranky_mahavira
                  6> 再次查看该容器的状态
                     [root@localhost ~]# docker ps -a
                     CONTAINER ID        IMAGE          COMMAND             CREATED             STATUS              PORTS      NAMES
                     d4a75f165ce6        centos         "/bin/bash"         6 minutes ago       Up 29 seconds                  cranky_mahavira
                  7> 通过attach命令进行交互
                     [root@localhost ~]# docker attach cranky_mahavira
                     [root@d4a75f165ce6 /]# 
        build     Build an image from a Dockerfile
        commit    Create a new image from a container's changes
                  注意:如果是要push到docker hub中,注意生成镜像的命名
                   [root@localhost ~]# docker commit centos_v1 centos:v1
                   [root@localhost ~]# docker push centos:v1
                   You cannot push a "root" repository. Please rename your repository to <user>/<repo> (ex: <user>/centos)
                   用centos:v1就不行,因为它push到docker hub中时,是推送到相应用户下,必须指定用户名。譬如我的用户名是ivictor,则新生成的本地镜像命名为:
                   docker push victor/centos:v1,其中v1是tag,可不写,默认是latest 
        cp        Copy files/folders from a container to a HOSTDIR or to STDOUT
                  Usage:    docker cp [OPTIONS] CONTAINER:PATH LOCALPATH|-
                            docker cp [OPTIONS] LOCALPATH|- CONTAINER:PATH
                  #  docker cp mysql:/usr/local/bin/docker-entrypoint.sh /root
                  # docker cp /root/docker-entrypoint.sh mysql:/usr/local/bin/     
        create    Create a new container  
        diff      Inspect changes on a container's filesystem
                   [root@localhost ~]# docker diff mysqldb
                   C /root
                   A /root/.bash_history
                   A /test1.txt
                   A /test.tar
                   A /test.txt
                   C /run
                   C /run/mysqld
                   A /run/mysqld/mysqld.pid
                   A /run/mysqld/mysqld.sock
        events    Get real time events from the server
                  [root@localhost ~]# docker events
                  2015-09-08T17:40:13.000000000+08:00 d2a2ef5ddb90b505acaf6b59ab43eecf7eddbd3e71f36572436c34dc0763db79: (from wordpress) create
                  2015-09-08T17:40:14.000000000+08:00 d2a2ef5ddb90b505acaf6b59ab43eecf7eddbd3e71f36572436c34dc0763db79: (from wordpress) die
                  2015-09-08T17:42:10.000000000+08:00 839866a338db6dd626fa8eabeef53a839e4d2e2eb16ebd89679aa722c4caa5f7: (from mysql) start
        exec      Run a command in a running container
                  后台型任务:docker exec -d cc touch 123  其中cc是容器名
                  [root@localhost ~]# docker exec -i -t cc /bin/bash
                  root@1e5bb46d801b:/# ls
     bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
        export    Export a container's filesystem as a tar archive
                  docker export -o mysqldb1.tar mysqldb
                  docker export mysqldb > mysqldb.tar
        history   Show the history of an image
        images    List images   
        import    Import the contents from a tarball to create a filesystem image
                 [root@localhost ~]# docker import mysqldb.tar mysql:v1
                 [root@localhost ~]# docker images
                 REPOSITORY                 TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
                 mysql                      v1                  eb81de183cd9        21 seconds ago       281.9 MB
                  [root@localhost volume2]# docker ps
                  CONTAINER ID   IMAGE               COMMAND      CREATED        STATUS      PORTS     NAMES
                  9cb07559cc17   docker.io/ubuntu    "/bin/bash"  22 hours ago   Up 22 hours           naughty_bartik
                  [root@localhost volume2]# docker export gigantic_goldwasser > wanghui.tar
                  [root@localhost volume2]# docker import wanghui.tar wanghui:v1
                  [root@localhost volume2]# docker images
                  REPOSITORY    TAG   IMAGE ID        CREATED           SIZE
                  wanghui       v1    b6cbbaf69a58    5 seconds ago     450.9 MB
                  [root@localhost volume2]# docker run -i -t wanghui:v1 /bin/bash
                  [root@78f4ac39972d /]# ps -ef
        info      Display system-wide information
                  [root@localhost ~]# docker info
                  Containers: 3              --当前有3个容器
                  Images: 298      
                  Storage Driver: devicemapper
                   Pool Name: docker-253:0-34402623-pool
                   Pool Blocksize: 65.54 kB
                   Backing Filesystem: xfs
                   Data file: /dev/loop0
                   Metadata file: /dev/loop1
                   Data Space Used: 8.677 GB          --对应的是下面Data loop file大小
                   Data Space Total: 107.4 GB
                   Data Space Available: 5.737 GB
                   Metadata Space Used: 13.4 MB       --对应的是下面Metadata loop file大小
                   Metadata Space Total: 2.147 GB
                   Metadata Space Available: 2.134 GB
                   Udev Sync Supported: true
                   Deferred Removal Enabled: false
                   Data loop file: /var/lib/docker/devicemapper/devicemapper/data
                   Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
                   Library Version: 1.02.93-RHEL7 (2015-01-28)
                  Execution Driver: native-0.2
                  Logging Driver: json-file
                  Kernel Version: 3.10.0-229.el7.x86_64
                  Operating System: CentOS Linux 7 (Core)
                  CPUs: 2
                  Total Memory: 979.7 MiB
                  Name: localhost.localdomain
                  WARNING: bridge-nf-call-iptables is disabled
                  WARNING: bridge-nf-call-ip6tables is disabled
        inspect   Return low-level information on a container or image
        kill      Kill a running container 
                  关于stop和kill的区别,docker stop命令给容器中的进程发送SIGTERM信号,默认行为是会导致容器退出,当然,
                  容器内程序可以捕获该信号并自行处理,例如可以选择忽略。而docker kill则是给容器的进程发送SIGKILL信号,该信号将会使容器必然退出。
        load      Load an image from a tar archive or STDIN
        login     Register or log in to a Docker registry
                  --登录到自己的Docker register,需有Docker Hub的注册账号
                  [root@localhost ~]# docker login
                  Username: ivictor
                  Email: xxxx@foxmail.com
                  WARNING: login credentials saved in /root/.docker/config.json
                  Login Succeeded
        logout    Log out from a Docker registry
                  [root@localhost ~]# docker logout
                  Remove login credentials for https://index.docker.io/v1/
        logs      Fetch the logs of a container
                  --用于查看容器的日志,它将输出到标准输出的数据作为日志输出到docker logs命令的终端上。常用于后台型容器
        pause     Pause all processes within a container
                  此时,通过docker stats可以观察到此时的资源使用情况是固定不变的,
                  通过docker logs -f也观察不到日志的进一步输出。
        port      List port mappings or a specific mapping for the CONTAINER
                  [root@localhost ~]# docker port blog
                  80/tcp ->
        ps        List containers  
                  --列出所有容器,其中docker ps用于查看正在运行的容器,ps -a则用于查看所有容器。
        pull      Pull an image or a repository from a registry
                  --从docker hub中下载镜像
        push      Push an image or a repository to a registry
                  --将本地的镜像上传到docker hub中
                  前提是你要先用docker login登录上,不然会报以下错误
                  [root@localhost ~]# docker push ivictor/centos:v1
                  The push refers to a repository [docker.io/ivictor/centos] (len: 1)
                  unauthorized: access to the requested resource is not authorized
        rename    Rename a container
        restart   Restart a running container 
        rm        Remove one or more containers 
                  --删除容器,注意,不可以删除一个运行中的容器,必须先用docker stop或docker kill使其停止。
                  如果要一次性删除所有容器,可使用 docker rm -f `docker ps -a -q`,其中,-q指的是只列出容器的ID
        rmi       Remove one or more images   
        run       Run a command in a new container   
                  --让创建的容器立刻进入运行状态,该命令等同于docker create创建容器后再使用docker start启动容器
        save      Save an image(s) to a tar archive
                  docker save -o nginx.tar nginx
        search    Search the Docker Hub for images   
                  --从Docker Hub中搜索镜像
        start     Start one or more stopped containers
        stats     Display a live stream of container(s) resource usage statistics
        stop      Stop a running container 
        tag       Tag an image into a repository
        top       Display the running processes of a container
        unpause   Unpause all processes within a container
        version   Show the Docker version information 
        wait      Block until a container stops, then print its exit code

    dokcer options

    Usage of docker:
      --api-enable-cors=false                Enable CORS headers in the remote API                      # 远程 API 中开启 CORS 头
      -b, --bridge=""                        Attach containers to a pre-existing network bridge         # 桥接网络
                                               use 'none' to disable container networking
      --bip=""                               Use this CIDR notation address for the network bridge's IP, not compatible with -b
                                             # 和 -b 选项不兼容,具体没有测试过
      -d, --daemon=false                     Enable daemon mode                                         # daemon 模式
      -D, --debug=false                      Enable debug mode                                          # debug 模式
      --dns=[]                               Force docker to use specific DNS servers                   # 强制 docker 使用指定 dns 服务器
      --dns-search=[]                        Force Docker to use specific DNS search domains            # 强制 docker 使用指定 dns 搜索域
      -e, --exec-driver="native"             Force the docker runtime to use a specific exec driver     # 强制 docker 运行时使用指定执行驱动器
      --fixed-cidr=""                        IPv4 subnet for fixed IPs (ex:
                                               this subnet must be nested in the bridge subnet (which is defined by -b or --bip)
      -G, --group="docker"                   Group to assign the unix socket specified by -H when running in daemon mode
                                               use '' (the empty string) to disable setting of a group
      -g, --graph="/var/lib/docker"          Path to use as the root of the docker runtime              # 容器运行的根目录路径
      -H, --host=[]                          The socket(s) to bind to in daemon mode                    # daemon 模式下 docker 指定绑定方式[tcp or 本地 socket]
                                               specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
      --icc=true                             Enable inter-container communication                       # 跨容器通信
      --insecure-registry=[]                 Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or
      --ip=""                         Default IP address to use when binding container ports     # 指定监听地址,默认所有 ip
      --ip-forward=true                      Enable net.ipv4.ip_forward                                 # 开启转发
      --ip-masq=true                         Enable IP masquerading for bridge's IP range
      --iptables=true                        Enable Docker's addition of iptables rules                 # 添加对应 iptables 规则
      --mtu=0                                Set the containers network MTU                             # 设置网络 mtu
                                               if no value is provided: default to the default route MTU or 1500 if no default route is available
      -p, --pidfile="/var/run/docker.pid"    Path to use for daemon PID file                            # 指定 pid 文件位置
      --registry-mirror=[]                   Specify a preferred Docker registry mirror                 
      -s, --storage-driver=""                Force the docker runtime to use a specific storage driver  # 强制 docker 运行时使用指定存储驱动
      --selinux-enabled=false                Enable selinux support                                     # 开启 selinux 支持
      --storage-opt=[]                       Set storage driver options                                 # 设置存储驱动选项
      --tls=false                            Use TLS; implied by tls-verify flags                       # 开启 tls
      --tlscacert="/root/.docker/ca.pem"     Trust only remotes providing a certificate signed by the CA given here
      --tlscert="/root/.docker/cert.pem"     Path to TLS certificate file                               # tls 证书文件位置
      --tlskey="/root/.docker/key.pem"       Path to TLS key file                                       # tls key 文件位置
      --tlsverify=false                      Use TLS and verify the remote (daemon: verify client, client: verify daemon) # 使用 tls 并确认远程控制主机
      -v, --version=false                    Print version information and quit

    dokcer run

    [root@localhost ~]# docker run --help
    : docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
    Run a command in a new container
    -a, --attach=[] Attach to STDIN, STDOUT or STDERR
    --add-host=[] Add a custom host-to-IP mapping (host:ip)   增加一个定制的'主机-IP'映射
    --blkio-weight=0 Block IO (relative weight), between 10 and 1000
    -c, --cpu-shares=0 CPU shares (relative weight)
    --cap-add=[] Add Linux capabilities     增加linux能力
    --cap-drop=[] Drop Linux capabilities
    --cgroup-parent= Optional parent cgroup for the container
    --cidfile= Write the container ID to the file     把容器的ID写入文件
    --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period
    --cpu-quota=0 Limit the CPU CFS quota
    --cpuset-cpus= CPUs in which to allow execution (0-3, 0,1)
    --cpuset-mems= MEMs in which to allow execution (0-3, 0,1)
    -d, --detach=false Run container in background and print container ID   在后台运行容器并打印容器ID
    --device=[] Add a host device to the container    把一个主机设备添加到容器
    --dns=[] Set custom DNS servers     设置定制的域名服务器
    --dns-search=[] Set custom DNS search domains    设置定制的域名服务器的搜索域
    -e, --env=[] Set environment variables    设置环境变量
    --entrypoint= Overwrite the default ENTRYPOINT of the image    覆盖镜像的默认进入点
    --env-file=[] Read in a file of environment variables    读入一个包含环境变量的文件
    --expose=[] Expose a port or a range of ports    暴露一个端口、端口范围
    -h, --hostname= Container host name      容器的主机名
    -i, --interactive=false Keep STDIN    标准输入
    --ipc= IPC namespace to use     使用的IPC命名空间
    --pid= PID namespace to use 使用的PID命名空间
    --uts= UTS namespace to use
    -l, --label=[] Set meta data on a container     在容器上,设置元数据
    --label-file=[] Read in a line delimited file of labels
    --link=[] Add link to another container     添加一个到另一个容器的连接
    --log-driver= Logging driver for container    容器的日志驱动
    --log-opt=[] Log driver options
    --lxc-conf=[] Add custom lxc options     添加定制的lxc选项
    -m, --memory= Memory limit     内存限制
    --mac-address= Container MAC address (e.g. 92:d0:c6:0a:29:33)     容器的MAC地址
    --memory-swap= Total memory (memory + swap), '-1' to disable swap    容器的总内存(物理内容+交换区)
    --name= Assign a name to the container     为容器分配一个名字
    --net=bridge Set the Network mode for the container    为容器设置网络模式
    --oom-kill-disable=false Disable OOM Killer
    -P, --publish-all=false Publish all exposed ports to random ports     把通气端口发布的主机。即容器端口映射到宿主机的任意端口上。
    -p, --publish=[] Publish a container's port(s) to the host      把容器的端口发布到主机,即容器端口映射到宿主机的具体端口上。可加上多个-p
    --privileged=false Give extended privileges to this container    赋予容器扩展权限
    --read-only=false Mount the container's root filesystem as read only     以只读的方式装载容器的根文件系统
    --restart=no Restart policy to apply when a container exits
    --rm=false Automatically remove the container when it exits     当容器存在时,自动移除容器
    --security-opt=[] Security Options      安全选项
    --sig-proxy=true Proxy received signals to the process
    -t, --tty=false Allocate a pseudo-TTY     分配一个伪终端
    -u, --u-user= Username or UID (format: <name|uid>[:<group|gid>])
    --ulimit=[] Ulimit options
    -v, --volume=[] Bind mount a volume
    --volumes-from=[] Mount volumes from the specified container(s)
    -w, --workdir= Working directory inside the container
    当运行docker run命令时,Docker会启动一个进程,并为这个进程分配其独占的文件系统、网络资源和以此进程为根进程的进程组。
    在容器启动时,镜像可能已经定义了要运行的二进制文件、暴露的网络端口等,但是用户可以通过docker run命令重新定义(docker run可以控制一个容器运行时的行为,它可以覆盖docker build在构建镜像时的一些默认配置),这也是为什么run命令相比于其它命令有如此多的参数的原因。
    docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
    docker run [OPTIONS]可以让用户完全控制容器的生命周期,并允许用户覆盖执行docker build时所设定的参数,甚至也可以修改本身由Docker所控制的内核级参数。
    Operator exclusive options
    当执行docker run时可以设置以下参数:
      1.Detached vs Foreground
         Detached (-d)
           - Foreground
      2.Container Identification
         Name (--name)
           - PID Equivalent
      3.IPC Setting
      4.Network Settings
      5.Clean Up (--rm)
      6.Runtime Constraints on CPU and Memory
      7.Runtime Privilege, Linux Capabilities, and LXC Configuration
    1.Detached vs foreground
    -d=false, 没有附加标准输入、输出、错误 ---- 运行在后台
    Detached (-d)
    docker run    -d
    此时所有I/O数据只能通过网络资源或者共享卷组来进行交互,因为容器不再监听你执行docker run的这个终端命令行窗口。
    但你可以通过执行docker attach来重新附着到该容器的回话中。
    不指定-d参数(为明确给-d选项指定值,取默认值false) --在前台模式下
    Docker会在容器中启动进程,同时将当前的命令行窗口附着到容器的标准输入、标准输出和标准错误中 --- 把当前的命令行窗口附着到容器的标准输入、输出、错误上.
    -a=[], --attach=[]            把容器的标准输入、输出、错误附着到当前的命令行窗口
    -t=false, --tty=false        分配一个伪终端
    -i=false, --interactive=false    附着标准输入到当前命令行
    -i      选项取默认值(false)
    docker run       没有-i选项,相当于docker run -i=false,即非交互式运行
    docker run -i    指定-i选项,即以交互式运行
    # docker run -a=[stdin, stdout] -i -t ubuntu /bin/bash
    如果要进行交互式操作(例如Shell脚本),那我们必须使用-i -t参数同容器进行数据交互。
    # echo test | docker run -i busybox cat

    docker 容器识别

    这个UUID标示是由Docker deamon生成的。
    如果你在执行docker run时没有指定--name,那么deamon会自动生成一个随机字符串UUID。
    PID equivalent
    --cidfile="": Write the container ID to the file
    当一个镜像的名称不足以分辨这个镜像所代表的含义时,你可以通过tag将版本信息添加到run命令中,以执行特定版本的镜像。例如:docker run ubuntu:14.04
    [root@localhost ~]# docker images
    REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
    docker.io/uifd/ui-for-docker   latest              312812aadc64        34 hours ago        8.096 MB
    docker.io/nginx                latest              5e69fe4b3c31        5 days ago          182.5 MB      latest              47c5123914a1        6 days ago          562.3 MB
    docker.io/ubuntu               latest              0ef2e08ed3fa        4 weeks ago         130 MB
    docker.io/centos               latest              67591570dd29        3 months ago        191.8 MB
    docker.io/tomcat               latest              ebb17717bed4        5 months ago        355.4 MB
    3.IPC Settings
    --ipc=""  : Set the IPC mode for the container,
            'container:<name|id>': reuses another container's IPC namespace
            'host': use the host's IPC namespace inside the container
    IPC(POSIX/SysV IPC)命名空间提供了相互隔离的命名共享内存、信号灯变量和消息队列。
    共享内存一般用在数据库和高性能应用(C/OpenMPI、C++/using boost libraries)上或者金融服务上。
  • 相关阅读:
    C#实现,C++实现,JS实现 阿拉伯数字金额转换为中文大写金额
    SQL server 生成数据字典
    JS实用小函数 数据是否合法或存在 获取当前日期时间
    vs2010 学习Silverlight学习笔记(13):数据与通信之WCF
  • 原文地址:https://www.cnblogs.com/maruidong/p/8011368.html
Copyright © 2011-2022 走看看