第四节、利用images镜像启动容器

首先从官方镜像站拉一个最新的busybox镜像包

[root@localhost /]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
8c5a7da1afbc: Pull complete 
Digest: sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd
Status: Downloaded newer image for busybox:latest
[root@localhost /]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello-world         latest              4ab4c602aa5e        10 days ago         1.84kB
nginx               latest              06144b287844        13 days ago         109MB
busybox             latest              e1ddd7948a1c        6 weeks ago         1.16MB

Docker常用管理命令container的子命令

-i   --interactive   #交互式
-t  --tty                #分配伪终端
-d  --detach        #运行容器到后台
run                     Run a command in a new container
#启动容器格式 docker container run  -it -d  --name name  local_image
[root@localhost /]# docker container run -it -d --name bs1 busybox
0e0cf4251b63c3756434227391d63887b5eb54108280311d8cc83967c5b2e85b
#创建容器返回容器的ID
[root@localhost /]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
0e0cf4251b63        busybox             "sh"                27 seconds ago      Up 27 seconds                           bs1

#attach根据容器名字进入容器
[root@localhost /]# docker container attach bs1
/ # ls
bin   dev   etc   home  proc  root  sys   tmp   usr   var
/ # ps 
PID   USER     TIME  COMMAND
    1 root      0:00 sh
    9 root      0:00 ps
/ # exit
[root@localhost /]# docker container attach bs1
You cannot attach to a stopped container, start it first
#退出伪终端后容器也随之关闭
#不关闭退出容器快捷键 ctrl + p + q
#推荐另一种进入容器的方式退出不会关闭容器 exec
-e  --env list 创建容器时候传递变量进去
[root@localhost /]# docker container run -it -d -e a=123 --name bs2 busybox
226d821635dee997b3f5f87a8feb14207dc31ce2e340a72c6500beb4ab881f70
[root@localhost /]# docker container exec -it bs2 sh
/ # echo $a
123

利用nginx官方最新的laest镜像开启容器

-p  --publish-all将容器的端口利用iptables服务映射到宿主机端口
[root@localhost /]# docker container run -it -d -p 8088:80 --name nginx01 nginx
a5478ab3830c6a16b28522e8e156646951eaee2bf7ea0126649d822a21aaae2b
[root@localhost /]#  docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
a5478ab3830c        nginx               "nginx -g 'daemon of…"   30 seconds ago      Up 28 seconds       0.0.0.0:8088->80/tcp   nginx01
226d821635de        busybox             "sh"                     4 minutes ago       Up 4 minutes                               bs2
[root@localhost /]# ss -ntulp|grep 8088
tcp    LISTEN     0      128      :::8088                 :::*                   users:(("docker-proxy",pid=4481,fd=4))
#访问宿主机的http://192.168.15.135:8088/可以访问到nginx页面
#利用exec进入nginx01容器进行交互式操作,it参数表示分配伪终端进行交互式操作,bash表示开启bash环境,也可以是sh
[root@localhost ~]# docker container exec -it  nginx01 bash
root@a5478ab3830c:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@a5478ab3830c:/# hostname
a5478ab3830c
#查看容器启动镜像的版本
root@a5478ab3830c:/# cat /etc/issue
Debian GNU/Linux 9 \n \l
#利用logs命令查看访问日志
[root@localhost /]# docker container logs nginx_01
192.168.15.1 - - [18/Sep/2018:15:14:31 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36" "-"
2018/09/18 15:14:32 [error] 9#9: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.15.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.15.135:8088", referrer: "http://192.168.15.135:8088/"
192.168.15.1 - - [18/Sep/2018:15:14:32 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.15.135:8088/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36" "-"
#输出日志信息保存位置/var/lib/docker/containers/,以json格式保存,所以硬盘占用会越来越大
 /var/lib/docker/containers/b2e7afade8a77522cb25a3d6a91eda7e21f0cea87f02b95cefb3d8de8a7c5c2e/b2e7afade8a77522cb25a3d6a91eda7e21f0cea87f02b95cefb3d8de8a7c5c2e-json.log
--restart=always  #容器重启策略,默认是no,这样设置保证服务退出后容器不会宕机,一般在开启容器的时候使用该参数保证容器会一直存活

对运行中容器的一些操作,以上面创建的nginx01容器为例子

#首先默认容器的/root目录下是空的创建一个文件text.txt
[root@localhost ~]# docker container exec -it nginx01 bash
root@a5478ab3830c:/# ls 
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@a5478ab3830c:/# ls root
root@a5478ab3830c:~# echo "123">text.txt
root@a5478ab3830c:~# ls /root
text.txt
root@a5478ab3830c:~# cat /root/text.txt 
123
root@a5478ab3830c:~# exit
exit
#退出容器后在外部利用exec命令对容器进行操作
[root@localhost ~]# docker container exec nginx01 ls /root
text.txt
[root@localhost ~]# docker container exec nginx01 cat /root/text.txt
123
#将系统文件拷贝到容器中,这样即使容器重启文件也不会丢失,一般不建议做,需要改变的文件可以直接从本地挂载或者重新用docker file构件基础镜像
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# docker container cp anaconda-ks.cfg  nginx01:/root/
[root@localhost ~]# docker container exec nginx01 ls /root
anaconda-ks.cfg
text.txt
#查看容器和宿主机的端口映射
[root@localhost ~]# docker container port nginx01
80/tcp -> 0.0.0.0:8088
#查看容器的资源利用率,一般在创建容器的时候可以对cpu及内存做出限制
[root@localhost ~]# docker container stats nginx01
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
a5478ab3830c        nginx01             0.00%               1.836MiB / 5.721GiB   0.03%               648B / 0B           9.56MB / 0B         0
#参数update可以动态修改容器的使用资源,即时生效(基于cgroup限制资源)
[root@localhost ~]# docker container update --help

Usage:  docker container update [OPTIONS] CONTAINER [CONTAINER...]

Update configuration of one or more containers

Options:
      --blkio-weight uint16        Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
      --cpu-period int             Limit CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int              Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int          Limit the CPU real-time period in microseconds
      --cpu-rt-runtime int         Limit the CPU real-time runtime in microseconds
  -c, --cpu-shares int             CPU shares (relative weight)
      --cpus decimal               Number of CPUs
      --cpuset-cpus string         CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string         MEMs in which to allow execution (0-3, 0,1)
      --kernel-memory bytes        Kernel memory limit
  -m, --memory bytes               Memory limit
      --memory-reservation bytes   Memory soft limit
      --memory-swap bytes          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --restart string             Restart policy to apply when a container exits
#查看某个容器的详细信息
[root@localhost ~]# docker container inspect nginx01
#停止/开启/删除容器
[root@localhost ~]# docker container stop|start|rm nginx01

对容器内应用数据的管理可分成三种:
1、创建专用的数据管理卷volume,文件保存在/var/lib/docker/volume目录下,即使容器被删除,不清除对应的volume数据也不会丢失
2、直接将本地的目录挂载到容器中bind mounts,这样所有的数据将会保存到本地,一般可将配置文件,输出的日志、网站的根目录以及数据库保存的数据用该方法操作以方便维护,前提是本地目录需要已创建否则会抛出错误
3、tmpfs将存储挂载到宿主机内存中,不写入文件系统,比较少用
示例一、利用volume管理数据卷

#查看已有的volume卷
[root@localhost ~]# docker volume ls
DRIVER              VOLUME NAME
#为nginx容器创建数据卷nginx-vol01
[root@localhost ~]# docker volume create nginx-vol01
nginx-vol01
[root@localhost ~]# docker volume ls
DRIVER              VOLUME NAME
local               nginx-vol01
#查看系统本地目录可以看到生成的nginx-vol01目录
[root@localhost ~]# ll /var/lib/docker/volumes/
total 24
-rw------- 1 root root 32768 Sep 21 23:13 metadata.db
drwxr-xr-x 3 root root    18 Sep 21 23:13 nginx-vol01
#查看卷的详细信息
[root@localhost ~]# docker volume inspect nginx-vol01
[
    {
        "CreatedAt": "2018-09-21T23:13:04+08:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/nginx-vol01/_data",
        "Name": "nginx-vol01",
        "Options": {},
        "Scope": "local"
    }
]
#创建容器挂载已创建好的volume数据卷
[root@localhost ~]# docker container run -it -d  -p 8089:80 --name=nginx02 --mount src=nginx-vol01,dst=/usr/share/nginx/html nginx
8597a084ca239acc6f2bf5bfdb5bb2f988046a80d3a7758c5c19a713c69e22a9
#创建完成容器后观察容器内的目录和volume数据卷内容一致,相当于容器内的目录做了个软链接到volume1数据目录
[root@localhost ~]# tree /var/lib/docker/volumes/nginx-vol01/_data/
/var/lib/docker/volumes/nginx-vol01/_data/
├── 50x.html
└── index.html

0 directories, 2 files
[root@localhost ~]# docker container exec nginx02 ls /usr/share/nginx/html
50x.html
index.html
#一般适用于将网站发布目录保存在该数据卷下,以后即使容器删除,重新开启容器时直接饮用该目录下的数据卷即可,达到数据持久化的作用,也可以达到共享数据卷的目的,可以极大的增强系统服务的扩展能力
#若果启动容器的时候没有指定src卷名,系统会自动创建一个匿名卷,命名卷可以更好的对数据进行管理

示例二、bind模式绑定系统上已存在的目录

#在系统上创建需要绑定的目录及测试文件
[root@localhost ~]# cat /back/html/test.txt 
hello-world
#开启容器并绑定目录
[root@localhost ~]# docker container run -it -d -p 8090:80  --name=nginx03 --mount type=bind,src=/back/html/,dst=/usr/share/nginx/html/ nginx
c5665ac20db6d34efe228498a4d0ffaf69e57e2c48b7dad239c6ebaaf0e17ebb
[root@localhost ~]# docker container ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
c5665ac20db6        nginx               "nginx -g 'daemon of…"   11 seconds ago      Up 11 seconds       0.0.0.0:8090->80/tcp   nginx03
8597a084ca23        nginx               "nginx -g 'daemon of…"   6 hours ago         Up 6 hours          0.0.0.0:8089->80/tcp   nginx02
a5478ab3830c        nginx               "nginx -g 'daemon of…"   9 hours ago         Up 9 hours          0.0.0.0:8088->80/tcp   nginx01
[root@localhost ~]# docker container exec nginx03 ls /usr/share/nginx/html/
test.txt
[root@localhost ~]# docker container exec nginx03 cat /usr/share/nginx/html/test.txt
hello-world

备注:采用bind模式挂载本地目录时,容器内原本目录下的内容会被隐藏

你可能感兴趣的:(第四节、利用images镜像启动容器)