docker 笔记

**Warning: **Anyone added to the 'docker' group is root equivalent. More information here and here.

如果你想用你的使用者账户(非root账户)来使用Docker，把你的账户加到Docker的群组中：

# gpasswd -a your_username docker
$ newgrp docker

Docker Daemon 预设会监听 Unix socket。如果要让他监听特定的通讯埠号（端口），可以像下面这样修改，在 ExecStart 那一行加上 -H tcp://0.0.0.0:4243。这样就可以提供给别人访问了。

# /etc/systemd/system/multi-user.target.wants/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:4243
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target

在你本地查看我机器上的镜像有哪些你可以这样：

$ docker -H 192.168.1.228:4243 images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
rvm                 latest              c6c0eb59f230        3 days ago          1.869 GB
ubuntu              latest              b72889fa879c        10 days ago         187.9 MB
oracle-daemon       latest              61145c8def70        3 weeks ago         5.448 GB

假设你想借用我的 docker 环境来启动 leads 项目，由于项目不止 leads，你也可以像我一样，三个简单脚本来完成这件是：

It works at ~ $ cat .bin/start_leads
#!/usr/bin/env bash

if [ -z $1 ]
then
    start_r2_server ${0##*start_} 3003 ${0##*start_}
else
    start_r2_server ${0##*start_} $1 ${0##*start_}
fi

把上面 start_leads 复制一份为 start_reach 即可启动 reach 项目了。

It works at ~ $ cat .bin/start_r2_server 
#!/usr/bin/env bash

start_rvm_daemon $1 $2 $1 "ruby script/server -b 0.0.0.0 -p $2"

还可以把上面 start_r2_server 改动一下启动命令并保存为 start_r4_server，来运行 rails 4 项目，例如 bidding_info 等。

It works at ~ $ cat .bin/start_rvm_daemon 
#!/usr/bin/env bash

docker run --name $1 -d -p $2:$2 -v ~/Workspace/$3:/var/www/$3 rvm /bin/bash -c "source /etc/profile && cd /var/www/$3 && $4"

上面的约定是把项目文件保存到 ~/Workspace/ 下，并映射到容器中 /var/www/ 下。
接下来以 Ubuntu 为例，启动一个 docker 容器：

It works at ~ $ docker run -it --rm ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
759d6771041e: Pull complete 
8836b825667b: Pull complete 
c2f5e51744e6: Pull complete 
a3ed95caeb02: Pull complete 
Digest: sha256:b4dbab2d8029edddfe494f42183de20b7e2e871a424ff16ffe7b15a31f102536
Status: Downloaded newer image for ubuntu:latest
root@6ad946588ee8:/#  

我发现最近的国际惯例一般是用 nginx 来举例，由于上面我忘了开放端口出来，并且我还加了 --rm，所以下面只是简单举个例子，完善起见，下面是在 Ubuntu 环境中安装并启动 nginx 的方法。

root@6ad946588ee8:/#  apt-get install nginx
......
root@6ad946588ee8:/#  /etc/init.d/nginx start

最后根据需要日后免不了常常 docker --help 或者 man docker 来继续学习 docker 使用方法：

It works at ~ $ docker --help
Usage: docker [OPTIONS] COMMAND [arg...]
       docker daemon [ --help | ... ]
       docker [ --help | -v | --version ]

A self-sufficient runtime for containers.

Options:

  --config=~/.docker              Location of client config files
  -D, --debug                     Enable debug mode
  -H, --host=[]                   Daemon socket(s) to connect to
  -h, --help                      Print usage
  -l, --log-level=info            Set the logging level
  --tls                           Use TLS; implied by --tlsverify
  --tlscacert=~/.docker/ca.pem    Trust certs signed only by this CA
  --tlscert=~/.docker/cert.pem    Path to TLS certificate file
  --tlskey=~/.docker/key.pem      Path to TLS key file
  --tlsverify                     Use TLS and verify the remote
  -v, --version                   Print version information and quit

Commands:
    attach    Attach to a running container
    build     Build an image from a Dockerfile
    commit    Create a new image from a container's changes
    cp        Copy files/folders between a container and the local filesystem
    create    Create a new container
    diff      Inspect changes on a container's filesystem
    events    Get real time events from the server
    exec      Run a command in a running container
    export    Export a container's filesystem as a tar archive
    history   Show the history of an image
    images    List images
    import    Import the contents from a tarball to create a filesystem image
    info      Display system-wide information
    inspect   Return low-level information on a container or image
    kill      Kill a running container
    load      Load an image from a tar archive or STDIN
    login     Register or log in to a Docker registry
    logout    Log out from a Docker registry
    logs      Fetch the logs of a container
    network   Manage Docker networks
    pause     Pause all processes within a container
    port      List port mappings or a specific mapping for the CONTAINER
    ps        List containers
    pull      Pull an image or a repository from a registry
    push      Push an image or a repository to a registry
    rename    Rename a container
    restart   Restart a container
    rm        Remove one or more containers
    rmi       Remove one or more images
    run       Run a command in a new container
    save      Save an image(s) to a tar archive
    search    Search the Docker Hub for images
    start     Start one or more stopped containers
    stats     Display a live stream of container(s) resource usage statistics
    stop      Stop a running container
    tag       Tag an image into a repository
    top       Display the running processes of a container
    unpause   Unpause all processes within a container
    update    Update resources of one or more containers
    version   Show the Docker version information
    volume    Manage Docker volumes
    wait      Block until a container stops, then print its exit code

Run 'docker COMMAND --help' for more information on a command.

上面已经把 docker 常用命令及其作用列举出来了。