Docker容器操作
容器是Docker的另一个核心概念,类似于轻量级的沙箱,用来运行和隔离应用;简单来说,容器是镜像的一个运行实例。所不同的是,镜像是静态的只读文件,而容器带有运行时需要的可写文件层,同时,容器中的应用进程处于运行状态。
1:创建并启动容器
创建容器:docker create -it {image_name}
docker create命令新建的容器处于停止状态,可以使用docker start命令来启动它。
[root@virtual_host ~]# docker create -it nginx:alpine
83c0f73fb4dfbfdc304843de12752b388d2093e36e270beb4b500861b8698b15
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c0f73fb4df nginx:alpine "/docker-entrypoint.…" 7 seconds ago Created kind_diffie
# 启动容器:docker start {container_id} //容器ID前三位
[root@virtual_host ~]# docker start 83c
83c
[root@virtual_host ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c0f73fb4df nginx:alpine "/docker-entrypoint.…" 46 seconds ago Up 2 seconds 80/tcp kind_diffie
#直接新建并启动容器
[root@virtual_host ~]# docker run -d nginx:alpine
dcb2c4af1738554cd7ab03fca11dd9c01bdaf536cf81aa877fcfe93ccc3d1785
[root@virtual_host ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dcb2c4af1738 nginx:alpine "/docker-entrypoint.…" 2 seconds ago Up 1 second 80/tcp amazing_pike
# -i表示让容器的标准输入打开,-t表示分配一个伪终端,要把-i -t 放到镜像名字前面
守护态运行
[root@virtual_host ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@virtual_host ~]# docker run -itd centos /bin/bash
1d59e3ab74bffabdf46b0ce25a000724e265483292d920ed85dd06ab49922cd0
[root@virtual_host ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d59e3ab74bf centos "/bin/bash" 8 seconds ago Up 7 seconds determined_lumiere
[root@virtual_host ~]# docker exec -it determined_lumiere /bin/bash
[root@1d59e3ab74bf /]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
当使用docker run来创建并启动容器时,Docker在后台运行的标准操作:
(1)检查本地是否存在指定的镜像centos,不存在就从公有仓库下载
(2)利用镜像创建并启动一个容器
(3)分配一个文件系统,并在只读的镜像层外面挂载一层可读写层
(4)从宿主主机配置的桥接网络接口中桥接一个虚拟接口到容器中去
(5)从地址池配置一个IP地址给容器
(6)执行用户指定的应用程序
(7)执行完毕后,容器被终止
2:停止容器
1:# 启动一个容器并将其暂停
[root@virtual_host ~]# docker run --name devopsdu --rm -it centos /bin/bash
[root@ea8df7cfe4bb /]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
[root@virtual_host ~]# docker pause nginx
nginx
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ba130941a26 nginx:alpine "/docker-entrypoint.…" 13 seconds ago Up 12 seconds (Paused) 80/tcp nginx
[root@virtual_host ~]# docker unpause nginx
nginx
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ba130941a26 nginx:alpine "/docker-entrypoint.…" 31 seconds ago Up 31 seconds 80/tcp nginx
2:# 终止容器
使用docker stop来终止一个运行中的容器,命令的格式为docker stoop [container]首先向容器发送SIGTERM信号,等待一段超时时间(默认为10s)后,-t 时间设置 ,再发送SIGKILL信号来终止容器,docker kill命令会直接发送SIGKILL信号来强行终止容器。
# 停止容器,
[root@virtual_host ~]# docker run -d --name nginx nginx:alpine
0e9f65c468140128aa50897b075547f0ff0ff731a3ceb8f626be719e0c2bc46c
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e9f65c46814 nginx:alpine "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 80/tcp nginx
[root@virtual_host ~]# docker stop nginx
nginx
[root@virtual_host ~]# docker start nginx
nginx
#强制终止
[root@virtual_host ~]# docker kill nginx
nginx
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e9f65c46814 nginx:alpine "/docker-entrypoint.…" 47 seconds ago Exited (137) 4 seconds ago nginx
#自动清除所有处于停止状态的容器
[root@virtual_host ~]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
0e9f65c468140128aa50897b075547f0ff0ff731a3ceb8f626be719e0c2bc46c
Total reclaimed space: 1.095kB
3、进入容器
(1)attach命令
[root@virtual_host ~]# docker run -itd --name devopsdu centos /bin/bash
34c1174dc84de98f31f96429bb3334f45bae0d4ca18d2c1b6355cdc086f7155e
[root@virtual_host ~]# docker attach devopsdu
[root@34c1174dc84d /]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
注意:使用attach命令有时候并不方便,当多个窗口同时使用attach命令链接到同一个容器的时候,所有窗口都会同步显示。
当某个窗口因命令阻塞时,其他窗口也无法进行操作。
(2)exec命令(推荐方式)
[root@virtual_host ~]# docker run -d --name nginx nginx:alpine
8aaf333304063b647ce48af987c945e8250fcd77091ece68b28f31baceb75fe1
[root@virtual_host ~]# docker exec -it nginx /bin/sh
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.0
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
4:删除容器
可以使用docker rm 命令来删除处于终止或退出状态的容器,命令格式为docker [container] rm [ -f | -l | -v ] CONTAINER
默认情况下,docker rm 只能删除处于终止或退出状态的容器,并不能删除还处于运行状态的容器。如果需要直接删除一个运行中的容器,可以添加-f参数。Docker会先发送SIGKILL信号给容器,终止其中的应用,之后强行删除。
选项:
-f:强行终止并删除在运行的一个容器
-l:删除容器的链接,但保留容器
-v:删除容器挂载的数据卷
# 查看所有容器
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9482481e9cba centos "/bin/bash" 5 seconds ago Exited (0) 3 seconds ago centos
50c87171a35e nginx:alpine "/docker-entrypoint.…" 16 seconds ago Up 15 seconds 80/tcp nginx
# 删除已经终止容器:centos
[root@virtual_host ~]# docker rm centos
centos
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50c87171a35e nginx:alpine "/docker-entrypoint.…" 46 seconds ago Up 45 seconds 80/tcp nginx
# 删除正在运行的id为c1a的容器,也就是nginx
[root@virtual_host ~]# docker rm -f nginx
nginx
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5:导入和导出容器
当我们需要将容器从一个系统迁移到另外一个系统,此时可以使用Docker的导入和导出功能。
5.1导出容器
导出容器是指导出一个已经创建的容器到一个文件,不管此时这个容器是否处于运行状态,可以使用docker export命令
格式为:docker export [-o|–out[=””] CONTAINER_ID,其中使用-o选项来指定导出tar文件名,也可以使用重定向来实现。
#查看容器
[root@virtual_host ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58ec56df4ebc nginx:alpine "/docker-entrypoint.…" 6 seconds ago Up 5 seconds 80/tcp nginx
#导出nginx-1和nginx-2的容器
[root@virtual_host ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4a338e62ca9d nginx:alpine "/docker-entrypoint.…" 2 seconds ago Up 1 second 80/tcp nginx-2
837de1ffbdb1 nginx:alpine "/docker-entrypoint.…" 11 seconds ago Up 11 seconds 80/tcp nginx-1
[root@virtual_host ~]# docker export -o nginx-1.tar nginx-1
[root@virtual_host ~]# docker export nginx-2 > nginx-2.tar
[root@virtual_host ~]# ls
anaconda-ks.cfg dockerfile nginx-1.tar nginx-2.tar nginx.tar
5.2 导入容器
导出的tar文件可以传输到其他机器上,然后再通过导入命令导入到系统中,实现容器的迁移。
[root@virtual_host ~]# docker import nginx-1.tar nginx:devopsdu
sha256:5380c5e0ee7c145b67b2e5d2e299b8fc05c6bd0523fd5495be1857bc719a9453
[root@virtual_host ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx devopsdu 5380c5e0ee7c 7 seconds ago 23.2MB
6:查看容器
#查看容器详细信息
docker container inspect 626 //使用容器ID或者名称
[root@virtual_host ~]# docker container inspect nginx
[
{
"Id": "93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75",
"Created": "2021-12-28T08:38:41.10699125Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 18447,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-28T08:38:41.378339945Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:bef258acf10dc257d641c47c3a600c92f87be4b4ce4a5e4752b3eade7533dcd9",
"ResolvConfPath": "/var/lib/docker/containers/93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75/hostname",
"HostsPath": "/var/lib/docker/containers/93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75/hosts",
"LogPath": "/var/lib/docker/containers/93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75/93cb0dca4da1d1b1d5e9d41fddb69cfcab8a9ca009474371da07e733eeb1db75-json.log",
"Name": "/nginx",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/0ab91017fb0c4e9e686638c8edd9d3dcc8ab4af64c495dbb3e5b24ddab9e0cad-init/diff:/var/lib/docker/overlay2/b1f22e0aca4bfa8d9f4a0edf47d1a3b28d8083747eb57a67db157f10424bb105/diff:/var/lib/docker/overlay2/87fe6cd85652c34fce956b7b8016195b26415384a5b4cc43e25c38167cc82269/diff:/var/lib/docker/overlay2/b7df82a8a43d29434bb88c9b42b8871142d9ec6669ca6449376197cc3a671c75/diff:/var/lib/docker/overlay2/e810da10875fce2428f3a954259542a867c392718cb094ebe52fa059f4fc33fc/diff:/var/lib/docker/overlay2/de9c211022d861116556f5faa8835d0d5b337538883d91c4e6c7cf5eea00751f/diff:/var/lib/docker/overlay2/488e37689dca758209cf04ea333fb6675a9346e81661119ce956fead39b416fe/diff",
"MergedDir": "/var/lib/docker/overlay2/0ab91017fb0c4e9e686638c8edd9d3dcc8ab4af64c495dbb3e5b24ddab9e0cad/merged",
"UpperDir": "/var/lib/docker/overlay2/0ab91017fb0c4e9e686638c8edd9d3dcc8ab4af64c495dbb3e5b24ddab9e0cad/diff",
"WorkDir": "/var/lib/docker/overlay2/0ab91017fb0c4e9e686638c8edd9d3dcc8ab4af64c495dbb3e5b24ddab9e0cad/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "93cb0dca4da1",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.6",
"NJS_VERSION=0.7.2",
"PKG_RELEASE=1"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx:alpine",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "119cdeb591ee8da5d0c489c7fe9d23630cbb104221cf53ef05d4baeb6e90460d",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/119cdeb591ee",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "04489ac73c58703c8e46ab6ef30bdf44def1d858f4b92aa297f6f69edfb3263a",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "d4268ed40a0d09cce2de1d61997df946b6209ab7919e6a50427bbe0490b2340c",
"EndpointID": "04489ac73c58703c8e46ab6ef30bdf44def1d858f4b92aa297f6f69edfb3263a",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
#查看容器内进程
[root@virtual_host ~]# docker top nginx
UID PID PPID C STIME TTY TIME CMD
root 18447 18429 0 03:38 ? 00:00:00 nginx: master process nginx -g daemon off;
#查看容器的统计信息
[root@virtual_host ~]# docker stats -a nginx
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
93cb0dca4da1 nginx 0.00% 1.332MiB / 972.3MiB 0.14% 656B / 0B 0B / 24.6kB 2
6.1复制本地文件到容器内
[root@virtual_host ~]# echo "<a href="https://www.cnblogs.com/devopsdu"><h1>DevOpsDu</h1></a>" >>index.html
[root@virtual_host ~]# docker cp index.html nginx:/usr/share/nginx/html/index.html
#查看容器内文件
[root@virtual_host ~]# docker exec -it nginx /bin/sh
/ # cat /usr/share/nginx/html/index.html
<a href=https://www.cnblogs.com/devopsdu><h1>DevOpsDu</h1></a>
[root@virtual_host ~]# curl 172.17.0.2
<a href=https://www.cnblogs.com/devopsdu><h1>DevOpsDu</h1></a>
6.2 查看容器内的变更
[root@ecs-test ~]# docker container diff 626
[root@virtual_host ~]# docker container diff nginx
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/client_temp
A /var/cache/nginx/fastcgi_temp
A /var/cache/nginx/proxy_temp
A /var/cache/nginx/scgi_temp
A /var/cache/nginx/uwsgi_temp
C /root
A /root/.ash_history
C /run
A /run/nginx.pid
C /usr
C /usr/share
C /usr/share/nginx
C /usr/share/nginx/html
C /usr/share/nginx/html/index.html
C /etc
C /etc/nginx
C /etc/nginx/conf.d
C /etc/nginx/conf.d/default.conf
6.3 查看端口映射
[root@virtual_host ~]# docker run -d --name nginx -p 80:80 nginx:alpine
644257f48fa7bf9c55bccecfc1f0f84a4514b1755cb7dc46ca36133b461ad134
[root@virtual_host ~]# docker container port nginx
80/tcp -> 0.0.0.0:80
80/tcp -> :::80
6.4 更新配置
container update 命令可以更新容器的一些运行时的配置,主要是一些资源限制份额
用法:docker update [OPTIONS] CONTAINER [CONTAINER…]
选项
名称,简写 描述
–blkio-weight 阻塞IO(相对权重),介于10和1000之间,或0禁用(默认为0)
–cpu-period 限制CPU CFS(完全公平的调度程序)周期
–cpu-quota 限制CPU CFS(完全公平的调度程序)配额
–cpu-rt-period 限制CPU实时周期(以微秒为单位)
–cpu-rt-runtime 以微秒为单位限制CPU实时运行时间
–cpu-shares, -c CPU份额(相对权重)
–cpus 限制cpu个数
–cpuset-cpus 允许执行的CPU(0-3,0.1)
–cpuset-mems 允许执行的内存率(0-3,0.1)
–kernel-memory 内核内存限制
–memory, -m 内存限制
–memory-reservation 内存软限制
–memory-swap 交换限制等于内存加交换:’-1‘以启用无限制的交换
–restart 重新启动在容器退出时应用的策略
例如:限制总配额为1秒,容器nginx 所占用时间为10%
[root@virtual_host ~]# docker update --cpu-quota 1000000 nginx
nginx
[root@virtual_host ~]# docker update --cpu-period 100000 nginx
nginx
[root@virtual_host ~]# docker inspect nginx | grep CpuPeriod
"CpuPeriod": 100000,
[root@virtual_host ~]# docker inspect nginx | grep CpuQ
"CpuQuota": 1000000,
浙公网安备 33010602011771号