本章所講內容
- Docker安裝
- Docker基礎命令
- Docker命令彙總
- Docker鏡像管理
- Docker容器管理
- Docker文件日誌
- Docker鏡像製作及發佈
實驗環境
[root@docker-node1 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@docker-node1 ~]# uname -r
3.10.0-862.el7.x86_64 #爲了更好的支持docker組件,至少使用3.10以上版本的kernel
[root@docker-node1 ~]# hostname
docker-node1.cn
Linux Kernel Cgroups and Namespaces #Linux內核和資源控制和資源隔離
[root@docker-node1 ~]# ip a | grep 192.168.
inet 192.168.56.5/24 brd 192.168.56.255 scope global noprefixroute dynamic eth0Docker 安裝
1.下載Docker yum源文件repo
[root@docker-node1 ~]# cd /etc/yum.repos.d/ #該文件由清華大學開源鏡像站提供
[root@docker-node1 yum.repos.d]# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
2.替換repo文件內的下載路徑,原路徑爲Docker官方的下載路徑,須修改爲清華大學yum源的下載路徑
[root@docker-node1 yum.repos.d]# vim docker-ce.repo
把https://download.docker.com/全部替換爲https://mirrors.tuna.tsinghua.edu.cn/docker-ce/
vim裏面進入輸入模式:%s@https://download.docker.com/@https://mirrors.tuna.tsinghua.edu.cn/docker-ce/@
3.安裝Docker-ce(社區版本)
[root@docker-node1 /]# yum install docker-ce -y
4.修改pull images時的加速文件
Docker官方給了一個名叫 Docker cn,但因是國外的,網絡連接非常慢,再此寫爲了國內的加速,例如:阿里雲、網易、中國科技大學等
[root@docker-node1 /]# mkdir /etc/docker #/etc/docker在docker未啓動的時候是不存在的
[root@docker-node1 /]# vim /etc/docker/daemon.json #創建該json加速文件,再此使用的是163的加速代理
{
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}Docker 基礎命令
[root@docker-node1 /]# systemctl start docker
[root@docker-node1 /]# systemctl enable docker
[root@docker-node1 /]# docker version #查看Docker版本信息
Client: #Docker Client版本信息
Version: 18.06.1-ce #Docker版本爲18.06.1-ce爲社區版
API version: 1.38 #API遠程管理版本爲1.38
Go version: go1.10.3 #Go版本爲1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018 #該版本發佈時間
OS/Arch: linux/amd64 #系統信息
Experimental: false
Server: #Docker Server版本信息
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
[root@docker-node1 /]# [root@docker-node1 /]# docker info #查看docker系統的詳細信息
Containers: 0 #容器數量
Running: 0 #正在運行的容器數
Paused: 0
Stopped: 0 #停止的容器數量
Images: 0 #鏡像數量
Server Version: 18.06.1-ce #Docker Server版本信息
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs #Cgroups控制硬件資源系統
Plugins: #插件
Volume: local #存儲卷插件
Network: bridge host macvlan null overlay #網絡插件
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog #日誌插件
Swarm: inactive #Docker Swarm管理工具狀態
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e #
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.el7.x86_64 #系統內核版本
Operating System: CentOS Linux 7 (Core) #系統版本
OSType: linux #系統類型
Architecture: x86_64 #系統結構
CPUs: 1 #CPU數量
Total Memory: 974.6MiB #內存大小
Name: docker-node1.cn #主機名稱
ID: C5EI:6LOP:PZZB:H3OU:5JRP:QWXK:3XD6:ZOLZ:KYP3:45TH:H64X:3O5T
Docker Root Dir: /var/lib/docker #Docker根目錄
Debug Mode (client): false #Docker Clinet的Debug模版狀態
Debug Mode (server): false #Docker Server的Debug模版狀態
Registry: https://index.docker.io/v1/ #Docker倉庫API地址
Labels: #最新版本
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors: #Docker倉庫鏡像加速地址
http://hub-mirror.c.163.com/
Live Restore Enabled: false[root@docker-node1 /]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 日 2018-10-14 14:53:17 CST; 14min ago
Docs: https://docs.docker.com
Main PID: 2916 (dockerd)
CGroup: /system.slice/docker.service
├─2916 /usr/bin/dockerd
└─2922 docker-containerd --config /var/run/docker/containerd/containerd.toml
10月 14 14:53:16 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:16.692061642+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42017f090, CONNECTI...module=grpc
10月 14 14:53:16 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:16.692341578+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42017f090, READY" module=grpc
10月 14 14:53:16 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:16.692355058+08:00" level=info msg="Loading containers: start."
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.082057088+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/...IP address"
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.260922450+08:00" level=info msg="Loading containers: done."
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.282076401+08:00" level=info msg="Docker daemon" commit=e68fc7a graphdriver(s)=overlay2 version=18.06.1-ce
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.282160723+08:00" level=info msg="Daemon has completed initialization"
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.283470090+08:00" level=warning msg="Could not register builder git source: failed to find git binary...d in $PATH"
10月 14 14:53:17 docker-node1.cn dockerd[2916]: time="2018-10-14T14:53:17.288453326+08:00" level=info msg="API listen on /var/run/docker.sock"
10月 14 14:53:17 docker-node1.cn systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
[root@docker-node1 /]# ps -ef|grep docker
root 2916 1 0 14:53 ? 00:00:00 /usr/bin/dockerd
root 2922 2916 0 14:53 ? 00:00:03 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 3097 2784 0 15:07 pts/0 00:00:00 grep --color=auto docker
[root@docker-node1 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:23:99:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.56.5/24 brd 192.168.56.255 scope global noprefixroute dynamic eth0
valid_lft 1745sec preferred_lft 1745sec
inet6 fd15:4ba5:5a2b:1008:f851:f8bb:7c36:f1d2/64 scope global noprefixroute dynamic
valid_lft 86371sec preferred_lft 14371sec
inet6 fe80::e086:4982:4713:11c1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b0:20:51:2b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 #Docker啓動會自動創建一個網卡與物理地址是聯通的,該網卡被稱爲 nat橋,使用的是bridge網絡模式
valid_lft forever preferred_lft forever[root@docker-node1 /]# du -sh /var/lib/docker/* #Docker的鏡像及一些數據都在此目錄下
16K /var/lib/docker/builder
56K /var/lib/docker/buildkit
24K /var/lib/docker/containerd
0 /var/lib/docker/containers
4.0K /var/lib/docker/image
32K /var/lib/docker/network
0 /var/lib/docker/overlay2
0 /var/lib/docker/plugins
0 /var/lib/docker/runtimes
0 /var/lib/docker/swarm
0 /var/lib/docker/tmp
0 /var/lib/docker/trust
24K /var/lib/docker/volumesDocker 命令彙總
Docker版本信息
docker info #查看Docker詳細信息
docker version #查看Docker版本信息Docker本地鏡像管理命令
docker images #查看本地鏡像
docker save -o nginx.tar nginx #把nginx鏡像導出爲nginx.tar,導出的鏡像必須以 .tar結尾
docker load --input nginx.tar | docker load < nginx.tar | docker import nginx.tar nginx #導入鏡像的三種方法
docker rmi nginx #刪除本地鏡像,有時候可能會報錯是因爲該鏡像被容器使用,所以要刪除關聯的容器
docker history nginx #查看Nginx鏡像的創建歷史
docker tag nginx nginx:v3 #給nginx鏡像加上標籤,以便分類Docker鏡像倉庫
docker search <COMMAND> #搜索鏡像
docker pull <COMMAND> #下載鏡像
docker login -u user -p passwd #登錄到鏡像倉庫地址,如果未指定,默認登錄到 Docker Hub
docker logout #登出該倉庫
docker push <自己鏡像倉庫名> nginx #上傳本地鏡像nginx到鏡像倉庫中Docker容器操作命令
docker ps [OPTIONS] #不加選項只顯示正在運行的容器
OPTIONS說明:
-a:顯示所有容器,包括未運行的
-f:根據條件過濾顯示內容
-l:顯示最近創建的容器
-n:列出最近創建的N個容器
-q:靜默模式,只顯示容器編號
-s:顯示總的文件大小docker inspect [OPTIONS] nginx #獲取容器|鏡像的元數據
OPTION說明:
-f:指定返回值的模版文件
-s:顯示總文件的大小
--type:爲指定類型返回JSON
docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' centos #獲取正在運行容器centos的IP地址docker top centos #查看容器centos的進程信息docker logs [OPTIONS] [容器名|容器ID]
[OPTIONS]說明:
-f:跟蹤日誌輸出
-t:顯示時間戳
--since:顯示某個開始時間的所有日誌
--tail:僅列出最新N條容器日誌
docker logs -f centos #跟蹤容器centos的日誌輸出docker wait centos #阻塞容器運行直到容器停止,然後打印出它的退出代碼!
docker export -o centos-`date +%Y-%m-%d`.tar centos #導出centos鏡像
docker port [OPTIONS] [容器名] #列出指定容器的端口映射
docker port nginx #查看容器nginx的端口影響情況Docker生命週期管理命令
docker run [OPTIONS] IMAGE [容器名稱]
OPTIONS說明:
-a stdin:指定標準輸入輸出內容類型,可選STDIN|STDOUT|STDERR三項
-d:後臺運行容器,並返回容器ID
-P:將容器內的某端口映射到宿主機的任意端口
-p:將容器內的某端口指定映射到宿主機的某端口
-v:將宿主機的某目錄指定映射到容器的某目錄
-i:以交互式運行容器,通常與-t同時使用
-t:爲該容器分配一個僞終端,通常與-i同時使用
--name nginx:爲容器指定一個名稱爲nginx
--dns 8.8.8.8:指定容器使用的DNS服務器,默認不指定和宿主機一致
--dns-search example.com:指定容器DNS搜索域名,默認和宿主機一致
-h "localhost":指定容器的hostname
-e username=“ritchie”:設置環境變量
--env-file[]:從指令讀入環境變量
--cpuset="0-2" or --cpuset="0,1,2":綁定容器到指定CPU運行
-m:設置容器使用的內存最大值
--net="bridge":指定容器的網絡連接類型,支持bridge/host/none/container,四種類型
--link=[]:添加鏈接到另一容器
--expose=[]:開放一個端口或一組端口
[root@docker-node1 /]# docker run --name mycentos -d centos:latest #後臺啓動容器並起名爲mycentos
[root@docker-node1 /]# docker run -P -d centos:latest #使用鏡像centos啓動容器並將該容器的80端口隨機映射到宿主機的任意端口
[root@docker-node1 /]# docker run -p 80:80 -v /data:/data -d centos:latest #使用鏡像centos啓動容器並將容器的80端口映射到宿主機的80端口,主機目錄的/data映射到容器的/data
[root@docker-node1 /]# docker run -p 127.0.0.1:80:8080/tcp centos bash #使用鏡像centos啓動容器並將容器的8080端口綁定到本地主機的80端口
[root@docker-node1 /]# docker run -it centos:latest /bin/bash #使用鏡像centos以交互式啓動容器Docker啓動|關閉|重啓命令
docker start centos
docker stop centos
docker restart centosDocker kill命令
docker kill [OPTIONS] [容器]
OPTIONS說明:
-s:向容器發送一個信號
docker kill -s KILL d96a8184c192 Docker rm 命令
docker rm [OPTIONS] [容器]
OPTIONS說明:
-f:通過SLGKILL信號強制刪除一個運行中的容器
-l:移除容器間的網絡連接,而非容器本身
-v:刪除與容器無關的卷
docker rm -f centosDocker pause/unpause命令
docker pause centos #暫停centos容器中的所有進程
docker unpause centos #恢復centos容器中的所有進程Docker create 命令
docker create --name mycentos centos:latest #創建一個新的容器但不啓動它Docker exec 命令
docker exec [OPTIONS] [容器] [命令]
OPTIONS說明:
-d:分離模式,在後臺運行
-i:即使沒有附加也保持STDIN打開
-t:分配一個僞終端
docker exec -it mycentos /bin/sh /root/xuwl.sh #在容器mycentos交互模式中運行容器中/root/xuwl.sh腳本
docker exec -it mycentos /bin/bash #在容器的mycentos中開啓一個交互模式的僞終端Docker 鏡像管理
搜索鏡像
語法:docker search [image]
docker search centos 
下載鏡像
語法:docker pull [image_NAME]
[root@code-01 ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
7dc0dca2b151: Pull complete
Digest: sha256:b67d21dfe609ddacf404589e04631d90a342921e81c40aeaf3391f6717fa5322
Status: Downloaded newer image for docker.io/centos:latest
[root@code-01 ~]# docker pull nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
be8881be8156: Pull complete
32d9726baeef: Pull complete
87e5e6f71297: Pull complete
Digest: sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Status: Downloaded newer image for docker.io/nginx:latest
[root@code-01 ~]# docker images #列出本地所有鏡像
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest c82521676580 3 days ago 109 MB
docker.io/centos latest 49f7960eb7e4 7 weeks ago 200 MB鏡像導出
語法:docker save -o [image].tar [image]
-o:指定導出名稱,必須以 .tar結尾
image:指定需導出的鏡像名稱
[root@code-01 ~]# docker save -o centos.tar centos
[root@code-01 ~]# ls
anaconda-ks.cfg centos.tar刪除本地鏡像
語法:docker rmi [REPOSITORY|IMAGE ID]
[root@code-01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest c82521676580 3 days ago 109 MB
docker.io/centos latest 49f7960eb7e4 7 weeks ago 200 MB
[root@code-01 ~]# docker rmi 49f7960eb7e4
Untagged: docker.io/centos:latest
Deleted: sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
Deleted: sha256:bcc97fbfc9e1a709f0eb78c1da59caeb65f43dc32cd5deeb12b8c1784e5b8237
[root@code-01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest c82521676580 3 days ago 109 MB
[root@code-01 ~]# docker rmi nginx
Untagged: nginx:latest
Untagged: docker.io/nginx@sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869
Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458
Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
[root@code-01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE鏡像導入
1.語法:docker load --input [image].tar
2.語法:docker load < [image].tar
[root@code-01 ~]# docker load --input centos.tar
bcc97fbfc9e1: Loading layer [==================================================>] 208.2 MB/208.2 MB
Loaded image: docker.io/centos:latest
[root@code-01 ~]# docker load < nginx.tar
cdb3f9544e4c: Loading layer [==================================================>] 58.44 MB/58.44 MB
a8c4aeeaa045: Loading layer [==================================================>] 54.24 MB/54.24 MB
08d25fa0442e: Loading layer [==================================================>] 3.584 kB/3.584 kB
Loaded image: docker.io/nginx:latestDocker 容器管理
創建容器
語法:docker run --name [CONTAINER NAME] -t -i -d [image]
[root@code-01 ~]# docker run --name dockerc -t -i -d centos /bin/bash
e968c0137775150c72299b8b6370a83db1cb0b4e62533f2f2447205c6a1c810d
[root@code-01 ~]# docker run --name dockerd -t -i -d centos /bin/bash
11f3e96045013c5e9e96a1e7b58772275b2446cc18c9c52207e96a5b1f7ada15
[root@code-01 ~]# docker run --name nginx -t -i -d nginx /bin/bash
398defba777bba256f856f50de7e2e64a6eda915180c062bc51130b4a36f2372
[root@code-01 ~]# docker ps -a #查看所有容器(包含沉睡/退出狀態的容器)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 3 seconds ago Up 3 seconds 80/tcp nginx
11f3e9604501 centos "/bin/bash" 18 seconds ago Up 17 seconds dockerd
e968c0137775 centos "/bin/bash" About a minute ago Up About a minute dockerc啓動關閉容器
[root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 3 seconds ago Up 3 seconds 80/tcp nginx
11f3e9604501 centos "/bin/bash" 18 seconds ago Up 17 seconds dockerd
e968c0137775 centos "/bin/bash" About a minute ago Up About a minute dockerc
[root@code-01 ~]# docker restart dockerc
dockerc
[root@code-01 ~]# docker stop dockerd
dockerd
[root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 10 minutes ago Up 10 minutes 80/tcp nginx
11f3e9604501 centos "/bin/bash" 10 minutes ago Exited (137) 2 seconds ago dockerd
e968c0137775 centos "/bin/bash" 11 minutes ago Up 22 seconds dockerc
[root@code-01 ~]# docker start dockerd
dockerd
[root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 10 minutes ago Up 10 minutes 80/tcp nginx
11f3e9604501 centos "/bin/bash" 11 minutes ago Up 4 seconds dockerd
e968c0137775 centos "/bin/bash" 11 minutes ago Up 41 seconds dockerc殺死容器
語法:docker kill [ NAMES | CONTAINER ID ]
[root@code-01 ~]# docker kill nginx
nginx
[root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 14 minutes ago Exited (137) 2 seconds ago nginx
11f3e9604501 centos "/bin/bash" 14 minutes ago Up 3 minutes dockerd
e968c0137775 centos "/bin/bash" 15 minutes ago Up 4 minutes dockerc
[root@code-01 ~]# docker kill 11f3e9604501
11f3e9604501
[root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
398defba777b nginx "/bin/bash" 14 minutes ago Exited (137) 16 seconds ago nginx
11f3e9604501 centos "/bin/bash" 14 minutes ago Exited (137) 3 seconds ago dockerd
e968c0137775 centos "/bin/bash" 15 minutes ago Up 4 minutes dockerc刪除容器
語法:docker rm [ NAMES | CONTAINER ID ]
語法:docker rm -f [ NAMES | CONTAINER ID ]
[root@code-01 ~]# docker rm nginx # rm可以刪除未在運行的容器
nginx
[root@code-01 ~]# docker rm dockerc # 使用rm刪除正在運行的容器時,報錯如下
Error response from daemon: You cannot remove a running container e968c0137775150c72299b8b6370a83db1cb0b4e62533f2f2447205c6a1c810d. Stop the container before attempting removal or use -f
[root@code-01 ~]# docker rm -f dockerc #使用 rm -f來強制刪除此容器
dockerc
[root@code-01 ~]# docker ps -a #查看所有容器只剩下了一個
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 19 minutes ago Exited (137) 4 minutes ago dockerd進入容器
三種方式如下:
語法:docker attach [image]
語法:docker exec -it [ NAMES | CONTAINER ID ] /bin/bash
語法:nsenter工具
注:以上三種方式 nsenter工具用的最爲廣泛,attach生產中的大忌
[root@code-01 ~]# docker ps -a #查看容器dockerd,結果並未在運行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 44 minutes ago Exited (137) 29 minutes ago dockerd
[root@code-01 ~]# docker start dockerd #開啓容器dockerd
dockerd
[root@code-01 ~]# docker ps -a #已開啓
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 44 minutes ago Up 13 seconds dockerd
[root@code-01 ~]# docker attach dockerd #使用attach命令進入此容器
[root@11f3e9604501 /]# ps aux #已登錄到該容器,並查看該容器進程
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.1 11820 1876 ? Ss 11:16 0:00 /bin/bash
root 13 0.0 0.1 51708 1712 ? R+ 11:16 0:00 ps aux
[root@11f3e9604501 /]# exit #退出dockerd容器
exit
[root@code-01 ~]# docker ps -a #dockerd容器跟隨着attach命令的退出而停止運行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 44 minutes ago Exited (0) 1 second ago dockerd [root@code-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 44 minutes ago Exited (0) 1 second ago dockerd
[root@code-01 ~]# docker exec -it dockerd /bin/bash #進入該容器因爲未啓動而報一下錯誤
Error response from daemon: Container 11f3e96045013c5e9e96a1e7b58772275b2446cc18c9c52207e96a5b1f7ada15 is not running
[root@code-01 ~]# docker start dockerd
dockerd
[root@code-01 ~]# docker exec -it dockerd /bin/bash #進入該容器
[root@11f3e9604501 /]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.1 11820 1676 ? Ss+ 11:22 0:00 /bin/bash
root 13 0.2 0.1 11820 1896 ? Ss 11:22 0:00 /bin/bash
root 25 0.0 0.1 51708 1712 ? R+ 11:22 0:00 ps -aux
[root@11f3e9604501 /]# exit
exit
[root@code-01 ~]# docker ps -a #dockerd容器並沒有因爲終端退出而關閉自身
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 50 minutes ago Up 16 seconds dockerd
[root@code-01 ~]# docker exec dockerd ps -aux #還可以在容器外操作命令來查看容器內
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11820 1676 ? Ss+ 11:22 0:00 /bin/bash
root 30 0.0 0.1 51708 1708 ? Rs 11:25 0:00 ps -aux [root@code-01 ~]# yum install util-linux -y #nsenter工具是依賴在util-linux軟件包內
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.ustc.edu.cn
Package util-linux-2.23.2-52.el7.x86_64 already installed and latest version
Nothing to do
[root@code-01 ~]# docker inspect -f "{{ .State.Pid}}" dockerd #dockerd是容器名字,每一個容器都有.State.Pid
14835
[root@code-01 ~]# nsenter -t 14835 -m -u -i -n -p
解釋nsenter指令中進程id之後的參數的含義:
* –t:target參數是指定進程ID
* –m:mount參數是進去到mount namespace中
* –u:uts參數是進入到uts namespace中
* –i:ipc參數是進入到System V IPC namaspace中
* –n:net參數是進入到network namespace中
* –p:pid參數是進入到pid namespace中
* –u:user參數是進入到user namespace中
[root@11f3e9604501 /]# ps aux # -bash是nsenter所產生的進程,就算是我退出容器,因爲 -bash還在運行,容器也不會自行退出
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11820 1676 ? Ss+ 11:22 0:00 /bin/bash
root 34 0.2 0.1 15252 1980 ? S 11:28 0:00 -bash
root 47 0.0 0.1 55140 1856 ? R+ 11:28 0:00 ps aux
[root@11f3e9604501 /]# exit
logout
[root@code-01 ~]# docker ps -a #容器運行正常
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
11f3e9604501 centos "/bin/bash" 56 minutes ago Up 6 minutes dockerd
編寫進入容器腳本
[root@code-01 ~]# cat docker.sh
#!/bin/bash
# Use nsenter to access docker
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1容器日誌查看
語法:docker logs [ NAMES | CONTAINER ID ]
[root@code-01 ~]# docker logs dockerd
[root@11f3e9604501 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.1 11820 1876 ? Ss 11:16 0:00 /bin/bash
root 13 0.0 0.1 51708 1712 ? R+ 11:16 0:00 ps aux
[root@11f3e9604501 /]# exit
exit
[root@code-01 ~]#Docker 文件日誌
Docker的日誌文件默認寫入到/var/log/messages內 Docker的配置文件(CentOS7)
[root@code-01 ~]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket registries.service
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target