Docker基础造作
Docker基础造作
Alexdocker基础
运行busybox
1
docker run -d busybox ping baidu.com
查看进程层级关系
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121[root@master docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ce05336bf64 busybox "ping baidu.com" About a minute ago Up About a minute compassionate_hawking
[root@master docker]# ps -ef|grep docker
root 1002 1 0 08:33 ? 00:00:45 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=cgroupfs --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json --selinux-enabled --log-driver=journald --signature-verification=false --storage-driver overlay2
root 1031 1002 0 08:33 ? 00:00:13 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
root 13555 1031 0 15:02 ? 00:00:00 /usr/bin/docker-containerd-shim-current 5ce05336bf647c5e804587fb28a8533e5d30ce3c8923a64b4eac2d3ec1e79e21 /var/run/docker/libcontainerd/5ce05336bf647c5e804587fb28a8533e5d30ce3c8923a64b4eac2d3ec1e79e21 /usr/libexec/docker/docker-runc-current
root 13740 3697 0 15:03 pts/1 00:00:00 grep --color=auto docker
[root@master docker]# ps -axjf -p 1002
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 2 0 0 ? -1 S 0 0:00 [kthreadd]
2 3 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/0]
2 6 0 0 ? -1 S 0 0:00 \_ [kworker/u2:0]
2 7 0 0 ? -1 S 0 0:00 \_ [migration/0]
2 8 0 0 ? -1 S 0 0:00 \_ [rcu_bh]
2 9 0 0 ? -1 R 0 0:00 \_ [rcu_sched]
2 10 0 0 ? -1 S 0 0:00 \_ [watchdog/0]
2 12 0 0 ? -1 S< 0 0:00 \_ [khelper]
2 13 0 0 ? -1 S 0 0:00 \_ [kdevtmpfs]
2 14 0 0 ? -1 S< 0 0:00 \_ [netns]
2 15 0 0 ? -1 S 0 0:00 \_ [khungtaskd]
2 16 0 0 ? -1 S< 0 0:00 \_ [writeback]
2 17 0 0 ? -1 S< 0 0:00 \_ [kintegrityd]
2 18 0 0 ? -1 S< 0 0:00 \_ [bioset]
2 19 0 0 ? -1 S< 0 0:00 \_ [kblockd]
2 20 0 0 ? -1 S< 0 0:00 \_ [md]
2 21 0 0 ? -1 S 0 0:02 \_ [kworker/0:1]
2 26 0 0 ? -1 S 0 0:00 \_ [kswapd0]
2 27 0 0 ? -1 SN 0 0:00 \_ [ksmd]
2 28 0 0 ? -1 SN 0 0:00 \_ [khugepaged]
2 29 0 0 ? -1 S 0 0:00 \_ [fsnotify_mark]
2 30 0 0 ? -1 S< 0 0:00 \_ [crypto]
2 38 0 0 ? -1 S< 0 0:00 \_ [kthrotld]
2 40 0 0 ? -1 S< 0 0:00 \_ [kmpath_rdacd]
2 41 0 0 ? -1 S< 0 0:00 \_ [kpsmoused]
2 42 0 0 ? -1 S< 0 0:00 \_ [ipv6_addrconf]
2 62 0 0 ? -1 S< 0 0:00 \_ [deferwq]
2 95 0 0 ? -1 S 0 0:00 \_ [kauditd]
2 263 0 0 ? -1 S< 0 0:00 \_ [ata_sff]
2 284 0 0 ? -1 S 0 0:00 \_ [scsi_eh_0]
2 285 0 0 ? -1 S< 0 0:00 \_ [scsi_tmf_0]
2 286 0 0 ? -1 S 0 0:00 \_ [scsi_eh_1]
2 287 0 0 ? -1 S 0 0:00 \_ [kworker/u2:2]
2 288 0 0 ? -1 S< 0 0:00 \_ [scsi_tmf_1]
2 289 0 0 ? -1 S 0 0:00 \_ [scsi_eh_2]
2 290 0 0 ? -1 S< 0 0:00 \_ [scsi_tmf_2]
2 363 0 0 ? -1 S< 0 0:00 \_ [kdmflush]
2 364 0 0 ? -1 S< 0 0:00 \_ [bioset]
2 375 0 0 ? -1 S< 0 0:00 \_ [kdmflush]
2 376 0 0 ? -1 S< 0 0:00 \_ [bioset]
2 389 0 0 ? -1 S< 0 0:00 \_ [xfsalloc]
2 390 0 0 ? -1 S< 0 0:00 \_ [xfs_mru_cache]
2 391 0 0 ? -1 S< 0 0:00 \_ [xfs-buf/dm-0]
2 392 0 0 ? -1 S< 0 0:00 \_ [xfs-data/dm-0]
2 393 0 0 ? -1 S< 0 0:00 \_ [xfs-conv/dm-0]
2 394 0 0 ? -1 S< 0 0:00 \_ [xfs-cil/dm-0]
2 395 0 0 ? -1 S< 0 0:00 \_ [xfs-reclaim/dm-]
2 396 0 0 ? -1 S< 0 0:00 \_ [xfs-log/dm-0]
2 397 0 0 ? -1 S< 0 0:00 \_ [xfs-eofblocks/d]
2 398 0 0 ? -1 S 0 0:06 \_ [xfsaild/dm-0]
2 487 0 0 ? -1 S< 0 0:00 \_ [rpciod]
2 574 0 0 ? -1 S< 0 0:00 \_ [xfs-buf/sda1]
2 575 0 0 ? -1 S< 0 0:00 \_ [xfs-data/sda1]
2 576 0 0 ? -1 S< 0 0:00 \_ [xfs-conv/sda1]
2 577 0 0 ? -1 S< 0 0:00 \_ [xfs-cil/sda1]
2 578 0 0 ? -1 S< 0 0:00 \_ [xfs-reclaim/sda]
2 579 0 0 ? -1 S< 0 0:00 \_ [xfs-log/sda1]
2 580 0 0 ? -1 S< 0 0:00 \_ [xfs-eofblocks/s]
2 581 0 0 ? -1 S 0 0:00 \_ [xfsaild/sda1]
2 1124 0 0 ? -1 S< 0 0:00 \_ [nfsd4_callbacks]
2 1126 0 0 ? -1 S 0 0:00 \_ [lockd]
2 1141 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1144 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1148 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1149 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1151 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1154 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1155 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 1157 0 0 ? -1 S 0 0:00 \_ [nfsd]
2 2563 0 0 ? -1 S< 0 0:00 \_ [kworker/0:2H]
2 14180 0 0 ? -1 S 0 0:08 \_ [kworker/0:3]
2 14714 0 0 ? -1 S 0 0:00 \_ [kworker/0:0]
2 9579 0 0 ? -1 S< 0 0:00 \_ [kworker/0:0H]
2 13467 0 0 ? -1 S 0 0:00 \_ [kworker/0:2]
0 1 1 1 ? -1 Ss 0 0:11 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
1 468 468 468 ? -1 Ss 0 0:11 /usr/lib/systemd/systemd-journald
1 491 491 491 ? -1 Ss 0 0:00 /usr/sbin/lvmetad -f
1 497 497 497 ? -1 Ss 0 0:00 /usr/lib/systemd/systemd-udevd
1 598 598 598 ? -1 Ss 0 0:00 /usr/sbin/rpc.idmapd
1 599 599 599 ? -1 S<sl 0 0:00 /sbin/auditd
1 619 619 619 ? -1 Ss 0 0:00 /usr/lib/systemd/systemd-logind
1 620 620 620 ? -1 Ssl 998 0:00 /usr/lib/polkit-1/polkitd --no-debug
1 622 622 622 ? -1 Ss 81 0:02 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-ac
1 624 623 623 ? -1 S 997 0:00 /usr/sbin/chronyd
1 626 626 626 ? -1 Ss 32 0:00 /sbin/rpcbind -w
1 630 630 630 ? -1 Ssl 0 0:00 /usr/sbin/NetworkManager --no-daemon
630 12475 12475 630 ? -1 S 0 0:00 \_ /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient
1 662 662 662 ? -1 Ssl 0 0:00 /usr/sbin/gssproxy -D
1 682 682 682 ? -1 Ss 0 0:00 /usr/sbin/crond -n
1 686 686 686 tty1 686 Ss+ 0 0:00 /sbin/agetty --noclear tty1 linux
1 1000 1000 1000 ? -1 Ssl 0 0:02 /usr/bin/python -Es /usr/sbin/tuned -l -P
1 1002 1002 1002 ? -1 Ssl 0 0:45 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-
1002 1031 1031 1031 ? -1 Ssl 0 0:13 \_ /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd
1031 13555 13555 1031 ? -1 Sl 0 0:00 \_ /usr/bin/docker-containerd-shim-current 5ce05336bf647c5e804587fb28a853
13555 13566 13566 13566 ? -1 Ss 0 0:00 \_ ping baidu.com
1 1003 1003 1003 ? -1 Ssl 0 0:03 /usr/sbin/rsyslogd -n
1 1010 1010 1010 ? -1 Ss 29 0:00 /usr/sbin/rpc.statd
1 1012 1012 1012 ? -1 Ss 0 0:00 /usr/sbin/sshd
1012 2411 2411 2411 ? -1 Ss 0 0:00 \_ sshd: root@pts/0
2411 2413 2413 2413 pts/0 3354 Ss 0 0:00 | \_ -bash
2413 3354 3354 2413 pts/0 3354 Sl+ 0 2:42 | \_ java -jar jenkins.war --httpPort=8090
1012 3695 3695 3695 ? -1 Ss 0 0:00 \_ sshd: root@pts/1
3695 3697 3697 3697 pts/1 13885 Ss 0 0:00 \_ -bash
3697 13885 13885 3697 pts/1 13885 R+ 0 0:00 \_ ps -axjf -p 1002
1 1020 1020 1020 ? -1 Ss 0 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
1020 1024 1020 1020 ? -1 S 995 0:00 \_ nginx: worker process
1 1026 1026 1026 ? -1 Ss 0 0:00 /usr/sbin/rpc.mountd
1 1533 1533 1533 ? -1 Ss 0 0:00 /usr/libexec/postfix/master -w
1533 1542 1533 1533 ? -1 S 89 0:00 \_ qmgr -l -t unix -u
1533 3949 1533 1533 ? -1 S 89 0:00 \_ pickup -l -t unix -u
[root@master docker]#Namespaces
- 命名空间,Linux内核提供的一种对进程资源隔离的机制,例如进程、网络、挂载点等资源。
CGroups
- 控制组,Linux内核提供的一种限制进程资源的机制;例如CPU、内存等资源。
UnionFS
- 联合文件系统,支持将不同位置的目录挂载到同一虚拟文件系统,形成一种分层的模型。
镜像
- 导入、导出docker镜像
1
2
3
4
5[root@master docker]# docker image save prom/prometheus:v1.0.1 > prometheusv1.0.1.tar
[root@master docker]# ls
prometheusv1.0.1.tar
[root@master docker]# docker load < prometheusv1.0.1.tar
Loaded image: prom/prometheus:v1.0.1 - 导出容器
1
2
3
4
5
6[root@master docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ce05336bf64 busybox "ping baidu.com" 29 minutes ago Up 29 minutes compassionate_hawking
[root@master docker]# docker export 5ce05336bf64 > busybox.tar
[root@master docker]# ls
busybox.tar prometheusv1.0.1.tar - 导入镜像
1
2[root@master docker]# docker image import busybox.tar
sha256:adf4cc49c966f75a1231a8339bbdc466717210ecbbb4e337953a8c0b4a74efeb - 导入并自定义名称和tag
1
2[root@master docker]# docker image import busybox.tar busybox:import
sha256:698d271e727f80212f8aff73b58fc5f10d771890e9c90c0df8df3c708dc5f16c
docker常用命令
- 常用命令
- 常用选项
--restart- 通过–restart选项,可以设置容器的重启策略,以决定在容器退出时Docker守护进程是否重启刚刚退出的容器
- –restart选项通常只用于detached模式的容器
1 | docker run -d --restart=always busybox |
- 查看容器重启信息
1 | # inspect 查看详情 |
-f是将docker inspect容器id查看到的详情format后显示出来--add-host一个container再启动时,在/etc/hosts文件里面将会存在包括localhost在内的一些hostname信息。我们也可以使用–add-host这个参数来动态添加/etc/hosts里面的数据
1
2
3
4
5
6
7
8
9[root@master docker]# docker run -ti --add-host gitlab.local.in:192.168.57.40 busybox cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.57.40 gitlab.local.in
172.17.0.2 a408d1b4d501
挂载
-v挂载目录1
2
3
4
5[root@master docker]# docker run -it -v /root/docker/test:/data busybox ls /
bin data dev etc home proc root run sys tmp usr var
[root@master docker]# docker run -it -v /root/docker/test:/vol-mount busybox ls /
bin etc proc run tmp var
dev home root sys usr vol-mount/root/docker/test本地目录/vol-mount容器目录1
2# 查看目录挂载
docker inspect -f {{.Mounts}} df84745f2523-volumes-from授权一个容器访问另一个容器的Volume1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19# 启动一个容器后台运行 并挂载目录
[root@master docker]# docker run -itd --name vol2 -v /root/docker/test:/data-vol busybox
6c43ee0d968f595f1d0d09f613dc0772ff89eaa94f9f592a0412194834d3f31d
[root@master docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c43ee0d968f busybox "sh" 2 seconds ago Up 2 seconds vol2
# 往挂载目录写入点东西, 写入的是本地目录,已挂载容器一`vol2`
[root@master docker]# echo 333 > test/3.txt
[root@master docker]# cat test/3.txt
333
# 再启动一个容器制定挂载来源容器
[root@master docker]# docker run -it --name vol5 --volumes-from vol2 busybox cat /data-vol/3.txt
333
[root@master docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c43ee0d968f busybox "sh" 3 minutes ago Up 3 minutes vol2
df84745f2523 busybox "sh" 18 minutes ago Up 18 minutes dreamy_payne
数据卷
创建数据卷
1
2
3
4
5[root@localhost ~]# docker volume create vol1
vol1
[root@localhost ~]# docker volume ls
DRIVER VOLUME NAME
local vol1启动容器制定使用卷
1
2
3
4
5
6
7[root@localhost ~]# docker run -itd --name=box1 --mount src=vol1,dst=/vol-1 busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
07a152489297: Pull complete
Digest: sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47
Status: Downloaded newer image for busybox:latest
8265e17234d670ca955f495c711b03b1dd72ddfaa52391c574cadeec2d4a27bc删除卷
1
2
3
4
5
6[root@localhost ~]# docker container stop box1
box1
[root@localhost ~]# docker container rm box1
box1
[root@localhost ~]# docker volume rm vol1
vol1如果没有指定卷,自动创建
建议使用—mount,更通用
如果源文件/目录没有存在,不会自动创建,会抛出一个错误。
如果挂载目标在容器中非空目录,则该目录现有内容将被隐藏。
资源销毁
1 | # 停止运行容器 |
