1. 创建容器常用选项
查看容器命令帮助:
# docker container --help
选项 | 描述 |
---|---|
-i, –interactive | 交互式 |
-t, –tty | 分配一个伪终端 |
-d, –detach | 运行容器到后台 |
-e, –env | 设置环境变量 |
-p, –publish list | 发布容器端口到主机 |
-P, –publish-all | 发布容器所有EXPOSE的端口到宿主机随机端口 |
–name string | 指定容器名称 |
-h, –hostname | 设置容器主机名 |
–ip string | 指定容器IP,只能用于自定义网络 |
–network | 连接容器到一个网络 |
–mount mount | 将文件系统附加到容器 |
-v, –volume list | 绑定挂载一个卷 |
–restart string | 容器退出时重启策略,默认no,可选值:[always/on-failure] |
查看容器文件系统的文件目录有哪些变化
# docker container diff 2dfc01330dee
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/scgi_temp
A /var/cache/nginx/uwsgi_temp
A /var/cache/nginx/client_temp
A /var/cache/nginx/fastcgi_temp
A /var/cache/nginx/proxy_temp
C /run
A /run/nginx.pid
一个容器必须有一个前台(守护)进程在工作,否则容器的状态会正常退出 'Exited'
所以一个容器尽量只允许运行一个进程
# docker run -d centos
2812ca25201067cd06a169ec3ea3c068f1a42a96e37bf031ce5354435d060cb0
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2812ca252010 centos "/bin/bash" 15 seconds ago Exited (0) 13 seconds ago sad_agnesi
# docker run -itd centos
3a924c66152589cf1325b84d0c3729e758e89a69fc7c04eb24a773fdedaa2ecd
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a924c661525 centos "/bin/bash" 8 seconds ago Up 7 seconds dazzling_blackburn
# docker top 3a924c661525
UID PID PPID C STIME TTY TIME CMD
root 29879 29861 0 16:27 pts/0 00:00:00 /bin/bash
# docker container run -d --name web -e test=123456 -p 88:80 -h web01 nginx
4e3212b8874f8f94f373514080bb702b3efefeefaad00d931a97addab40d01cb
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4e3212b8874f nginx "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:88->80/tcp web
# docker logs web #查看容器访问日志
10.19.1.28 - - [14/May/2019:08:37:24 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36" "-"
10.19.1.28 - - [14/May/2019:08:37:24 +0000] "GET /favicon.ico HTTP/1.1" 404 556 "http://10.40.6.165:88/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36" "-"
2019/05/14 08:37:24 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.19.1.28, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.40.6.165:88", referrer: "http://10.40.6.165:88/"
# docker exec -it web bash ## 进入容器web,查看我们传入的变量和主机名
root@web01:/# echo $test
123456
root@web01:/# hostname
web01
# docker container run -d -P nginx ## 容器的端口映射到宿主机的随机端口
d02685dde27f499f12af3548d80b988e3e65bd9e3a11334a0f10b1222e5d0fc7
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d02685dde27f nginx "nginx -g 'daemon of…" 5 seconds ago Up 3 seconds 0.0.0.0:32768->80/tcp xenodochial_ritchie
# docker container run -d --restart always nginx ## 容器随着docker进程启动而启动
2. 容器资源限制
选项 | 描述 |
---|---|
-m,–memory | 容器可以使用的最大内存量 |
–memory-swap | 允许交换到磁盘的内存量 |
–memory-swappiness=<0-100> | 容器使用SWAP分区交换的百分比(0-100,默认为-1) |
–oom-kill-disable | 禁用OOM Killer |
–cpus | 可以使用的CPU数量 |
–cpuset-cpus | 限制容器使用特定的CPU核心,如(0-3, 0,1) |
–cpu-shares | CPU共享(相对权重) |
容器资源限制
示例:
内存限额:
允许容器最多使用500M内存和100M的Swap,并禁用 OOM Killer:
# docker run -d --name nginx03 --memory="500m" --memory-swap="600m" --oom-kill-disable nginx
# docker stats nginx03 ## 查看容器的资源使用率
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c7cd0c3edec1 nginx03 0.00% 1.363MiB / 500MiB 0.27% 648B / 0B 7.71MB / 0B 0
# docker stats --no-stream nginx03
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c7cd0c3edec1 nginx03 0.00% 1.363MiB / 500MiB 0.27% 648B / 0B 7.71MB / 0B 0
# docker stats --no-stream web ## 默认情况是可使用宿主机所有资源
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
4e3212b8874f web 0.00% 1.383MiB / 7.64GiB 0.02% 2.27kB / 2.27kB 9.16MB / 0B 0
# free -h
total used free shared buff/cache available
Mem: 7.6G 287M 5.3G 9.0M 2.0G 7.0G
Swap: 7.9G 0B 7.9G
总结:
(1) --memory-swap值为-1 为不限制swap可用量;
(2) 与--memory相等为不可用swap;
(3) memory-swap-memory 为可用swap;
(4) --memory-swap 值不设置默认是--memory 的两倍
CPU限额:
允许容器最多使用一个半(1.5核)的CPU:
# docker run -d --name nginx04 --cpus="1.5" nginx
允许容器最多使用50%的CPU:
# docker run -d --name nginx05 --cpus=".5" nginx
# docker stats --no-stream nginx04 ## 看到这个限制,这个得做压测,如果两核,压测可以看到CPU 200%
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
793806fad223 nginx04 0.00% 1.363MiB / 7.64GiB 0.02% 648B / 0B 7.71MB / 0B 0
3. 管理容器常用命令
docker container --help或者 docker ps
选项 | 描述 |
---|---|
ls | 列出容器 |
inspect | 查看一个或多个容器详细信息 |
exec | 在运行容器中执行命令 |
commit | 创建一个新镜像来自一个容器 |
cp | 拷贝文件/文件夹到一个容器 |
logs | 获取一个容器日志 |
port | 列出或指定容器端口映射 |
top | 显示一个容器运行的进程 |
stats | 显示容器资源使用统计 |
stop/start | 停止/启动一个或多个容器 |
rm | 删除一个或多个容器 |
update | 表更资源的更新 |
查看正在运行的容器
# docker container ls
# docker ps
查看最后创建的容器
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
793806fad223 nginx "nginx -g 'daemon of…" 7 minutes ago Up 7 minutes 80/tcp nginx04
列出所有的容器,包括停止和运行的,ps 默认只列出up状态的
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
793806fad223 nginx "nginx -g 'daemon of…" 7 minutes ago Up 7 minutes 80/tcp nginx04
c7cd0c3edec1 nginx "nginx -g 'daemon of…" 27 minutes ago Up 27 minutes 80/tcp nginx03
0e2b60e3ea63 nginx "nginx -g 'daemon of…" 39 minutes ago Up 39 minutes 80/tcp pensive_mcnulty
d02685dde27f nginx "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:32768->80/tcp xenodochial_ritchie
4e3212b8874f nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:88->80/tcp web
3a924c661525 centos "/bin/bash" 2 hours ago Up 2 hours dazzling_blackburn
ecc3a4db01c6 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 80/tcp zen_gates
2812ca252010 centos "/bin/bash" 2 hours ago Exited (0) 2 hours ago sad_agnesi
4715a4db7577 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 80/tcp admiring_hoover
2dfc01330dee nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 80/tcp focused_franklin
查看容器的详细信息
# docker inspect nginx04
进入一个容器:
# docker exec -it nginx04 bash
root@793806fad223:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@793806fad223:/# touch {1..4}
root@793806fad223:/# ls
1 2 3 4 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@793806fad223:/# exit
exit
[root@localhost ~]# docker commit nginx04 nginx:nginx04
sha256:8868f915bd47e1c4f4d6da80fe9e9d6b8f13fb40c9af3330bb677fe9b2e703da
[root@localhost ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx nginx04 8868f915bd47 5 seconds ago 109MB
nginx latest 53f3fd8007f7 6 days ago 109MB
centos latest 9f38484d220f 2 months ago 202MB
[root@localhost ~]# docker run -d --name nginx04-1 nginx:nginx04
34c8e1504aa5dbe2fc2f680bf0dcb6ae100b9855d84fa8848b28cf8f7d620fcf
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
34c8e1504aa5 nginx:nginx04 "nginx -g 'daemon of…" 7 seconds ago Up 5 seconds 80/tcp nginx04-1
[root@localhost ~]# docker exec -it nginx04-1 bash
root@34c8e1504aa5:/# ls
1 2 3 4 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
往容器里拷贝一个文件
[root@localhost ~]# docker cp aaa.txt nginx04:/
[root@localhost ~]# docker exec -it nginx04 ls /
1 3 aaa.txt boot etc lib media opt root sbin sys usr
2 4 bin dev home lib64 mnt proc run srv tmp var
# docker logs nginx04 ## 查看控制台的日志
# docker port web ## 端口映射
80/tcp -> 0.0.0.0:88
# docker stats --no-stream web ## 查看资源使用情况 或docker stats web(动态显示)
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
4e3212b8874f web 0.00% 1.383MiB / 7.64GiB 0.02% 2.27kB / 2.27kB 9.16MB / 0B 0
更新容器资源配置
# docker stats --no-stream c7cd0c3edec1
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c7cd0c3edec1 nginx03 0.00% 1.352MiB / 500MiB 0.27% 648B / 0B 8.08MB / 0B 0
# docker update --memory="600m" c7cd0c3edec1
c7cd0c3edec1
# docker stats --no-stream c7cd0c3edec1
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c7cd0c3edec1 nginx03 0.00% 1.352MiB / 600MiB 0.23% 648B / 0B 8.08MB / 0B 0