Docker使用小记

docker常用命令

环境:

CentOS 7.2

docker-engine-1.11.2

导入image(import)

[root@ct7 ~]# docker import centos7.xz centos:7.2

sha256:8f2b523f4f8a2b0640ae58b443b07537e5340c329fe743633be9044c43d24a03

查看image(images)

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

centos 7.2 8f2b523f4f8a 4 seconds ago 434.8 MB

查看image历史记录(history)

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

centos 7.2 8557cab7403a 28 minutes ago 434.8 MB

localhost:5000/centos 7.2 8557cab7403a 28 minutes ago 434.8 MB

[root@ct7 ~]# docker history 8557cab7403a

IMAGE CREATED CREATED BY SIZE COMMENT

8557cab7403a 28 minutes ago 434.8 MB Imported from -

tag到指定registry(tag)

[root@ct7 ~]# docker tag centos:7.2 localhost:5000/centos:7.2

上传已经tag好的image到指定registry(push)

[root@ct7 ~]# docker push localhost:5000/centos:7.2

The push refers to a repository [localhost:5000/centos]

6b93a697efc9: Pushed

7.2: digest: sha256:58d4c29d47ad39cf11a0cff64c84329417da66306f581fd64caf7b750eaa3272 size: 529

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

centos 7.2 8557cab7403a 4 minutes ago 434.8 MB

localhost:5000/centos 7.2 8557cab7403a 4 minutes ago 434.8 MB

运行容器(run)

[root@ct7 ~]# docker run -idt centos:7.2 /bin/bash

46a559d88c3f5c2c9a56a2d03637ec0e11ae6d762ba3560eee346ad0fca55642

连接到指定容器console

i.attach

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

f7cd476208ec centos:7 "/bin/bash" 6 seconds ago Up 5 seconds agitated_meitner

[root@ct7 ~]# docker attach f7cd476208ec

[root@f7cd476208ec /]# cd

[root@f7cd476208ec ~]# uname -a

Linux f7cd476208ec 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@f7cd476208ec ~]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

提示:Ctl+P+Q可以退出交互式shell后，容器仍后台运行

或

ii.exec

注意:exec一定要接上-it这两个参数

root@router:~#docker exec -it zookeeper1 /bin/bash

bash-4.3# ls

CHANGES.txt README.txt build.xml dist-maven ivysettings.xml src zookeeper-3.4.8.jar.md5

LICENSE.txt README_packaging.txt conf docs lib zookeeper-3.4.8.jar zookeeper-3.4.8.jar.sha1

NOTICE.txt bin contrib ivy.xml recipes zookeeper-3.4.8.jar.asc

bash-4.3# root@router:~#

查看容器(ps,top)

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

46a559d88c3f centos:7.2 "/bin/bash" 7 minutes ago Up 7 minutes dreamy_knuth

[root@ct7 ~]# docker top myfirst_centos7

UID PID PPID C STIME TTY TIME CMD

root 2997 2983 0 23:01 pts/1 00:00:00 /bin/bash

容器重命名(rename)

[root@ct7 ~]# docker rename 46a559d88c3f myfirst_centos7

[root@ct7 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

46a559d88c3f centos:7.2 "/bin/bash" 8 minutes ago Up 8 minutes myfirst_centos7

实时资源状态(stats)

[root@ct7 ~]# docker stats

CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS

46a559d88c3f 0.00% 4.768 MB / 1.52 GB 0.31% 0 B / 648 B 4.711 MB / 0 B 0

停止容器(stop)

在发送SIGTERM后等待10s，如果未正常停止随及发送SIGKILL，默认等待时间10s

[root@ct7 ~]# docker stop myfirst_centos7

myfirst_centos7

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

46a559d88c3f centos:7.2 "/bin/bash" 14 minutes ago Exited (137) 8 seconds ago myfirst_centos7

强制摧毁容器(kill)

[root@ct7 ~]# docker kill 46a559d88c3f

docker kill $(docker ps -a -q) #kill掉所有

导出容器(export)

[root@ct7 ~]# docker export 46a559d88c3f|xz - >centos7.2.xz

[root@ct7 ~]# ll -h centos7.2.xz

-rw-r--r--. 1 root root 76M 6月 11 23:47 centos7.2.xz

容器另存为镜像(commit)

root@router:~#docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

748a175ceb0a shipyard/shipyard:latest "/bin/controller serv" 2 hours ago Up 2 hours 0.0.0.0:8080->8080/tcp shipyard-controller

44f09f936dcd rethinkdb "rethinkdb --bind all" 2 hours ago Up 2 hours 0.0.0.0:28015->28015/tcp, 8080/tcp, 0.0.0.0:29015->29015/tcp shipyard-rethinkdb

5081f73ccfe1 swarm:latest "/swarm manage --host" 2 hours ago Up 2 hours 2375/tcp, 0.0.0.0:3375->3375/tcp swarm-manager

root@router:~#docker commit 748a175ceb0a container2image

sha256:d66074af31ebda0285e585085f99ae2c41c17d3d4e500d235811f431a73ce748

root@router:~#docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

container2image latest d66074af31eb 5 seconds ago 58.89 MB

swarm latest a180b24e38ed 8 days ago 19.34 MB

rethinkdb latest bda7967b3714 8 days ago 184.2 MB

shipyard/shipyard latest ab940e847950 2 weeks ago 58.89 MB

consul latest 55e81aa6b87d 6 weeks ago 32.4 MB

localhost:5000/consul latest 55e81aa6b87d 6 weeks ago 32.4 MB

导出image(save)

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.8.254:5000/elasticsearch 2.3.3 15930a3e11bf 3 days ago 346.5 MB

[root@ct7 ~]# docker save $(docker images -q)|xz - >elasticsearch.xz

[root@ct7 ~]# ll -h elasticsearch.xz

-rw-r--r--. 1 root root 103M 6月 13 22:31 elasticsearch.xz

载入image(load)

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

[root@ct7 ~]# docker load -i elasticsearch.xz

4dcab49015d4: Loading layer 130.9 MB/130.9 MB

c751e06f6a36: Loading layer 45.57 MB/45.57 MB

a1f0f0d373ba: Loading layer 1.686 MB/1.686 MB

78e3064012ad: Loading layer 3.584 kB/3.584 kB

20e1c27db3cb: Loading layer 3.584 kB/3.584 kB

5203ce9caf88: Loading layer 141.3 MB/141.3 MB

86df4b52a65a: Loading layer 426 kB/426 kB

3107ee86e723: Loading layer 2.703 MB/2.703 MB

8fd4a68bcb66: Loading layer 5.632 kB/5.632 kB

cc850bd59217: Loading layer 3.584 kB/3.584 kB

9a408a27d247: Loading layer 31.79 MB/31.79 MB

63a90f5c074e: Loading layer 4.608 kB/4.608 kB

18ec3e989c31: Loading layer 5.12 kB/5.12 kB

a0d7cd401a94: Loading layer 2.56 kB/2.56 kB

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

15930a3e11bf 3 days ago 346.5 MB

[root@ct7 ~]# docker tag 15930a3e11bf elasticsearch:2.3.2

[root@ct7 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

elasticsearch 2.3.2 15930a3e11bf 3 days ago 346.5 MB

注意:load是载入save出来的image,如果用import来导入save出来的image可能会出现问题，如出现如下问题，请inspect看下镜像配置

docker: Error response from daemon: No command specified.

See 'docker run --help'.

还可以直接从标准输入载入image

root@router:~#curl -u vadmin:123 ftp://192.168.8.254/elasticsearch.xz|docker load

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 102M 100 102M 0 0 5277k 0 0:00:19 0:00:19 --:--:-- 9647k

4dcab49015d4: Loading layer 130.9 MB/130.9 MB

c751e06f6a36: Loading layer 45.57 MB/45.57 MB

a1f0f0d373ba: Loading layer 1.686 MB/1.686 MB

78e3064012ad: Loading layer 3.584 kB/3.584 kB

20e1c27db3cb: Loading layer 3.584 kB/3.584 kB

5203ce9caf88: Loading layer 141.3 MB/141.3 MB

86df4b52a65a: Loading layer 426 kB/426 kB

3107ee86e723: Loading layer 2.703 MB/2.703 MB

8fd4a68bcb66: Loading layer 5.632 kB/5.632 kB

cc850bd59217: Loading layer 3.584 kB/3.584 kB

9a408a27d247: Loading layer 31.79 MB/31.79 MB

63a90f5c074e: Loading layer 4.608 kB/4.608 kB

18ec3e989c31: Loading layer 5.12 kB/5.12 kB

a0d7cd401a94: Loading layer 2.56 kB/2.56 kB

root@router:~#docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

15930a3e11bf 4 days ago 346.5 MB

copy文件(cp)

提示:cp可以在docker宿主机与容器之间进行文件拷贝,非常有用

[root@ela-client ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

437a8f09aac9 elasticsearch:2.3.2 "/docker-entrypoint.s" 7 minutes ago Up 7 minutes 0.0.0.0:9200->9200/tcp, 9300/tcp elasticsearch-client

[root@ela-client ~]# docker cp elasticsearch-client:/usr/share/elasticsearch/config/elasticsearch.yml .

[root@ela-client ~]# ls

elasticsearch.yml

暂停容器(pause)

[root@ct7 ~]# docker pause afe3c167ad5e

afe3c167ad5e

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

afe3c167ad5e centos:7.2 "/bin/bash" 4 minutes ago Up 4 minutes (Paused) prickly_booth

恢复暂停容器(unpause)

[root@ct7 ~]# docker unpause afe3c167ad5e

afe3c167ad5e

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

afe3c167ad5e centos:7.2 "/bin/bash" 5 minutes ago Up 5 minutes prickly_booth

删除容器(rm)

[root@ct7 ~]# docker rm -f myfirst_centos7

myfirst_centos7

[root@ct7 ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

删除image(rmi)

[root@ct7 ~]# docker rmi -f 8f2b523f4f8a

Untagged: centos:7.2

Deleted: sha256:8f2b523f4f8a2b0640ae58b443b07537e5340c329fe743633be9044c43d24a03

Deleted: sha256:6b93a697efc9d799ade79afe50b1be48cbe41c3533681bb7d4f8143839379af6

查看容器日志(logs)

[root@ela-client ~]# docker logs $(docker ps -q)

[2016-06-13 16:09:51,308][INFO ][node ] [Sunfire] version[2.3.3], pid[1], build[218bdf1/2016-05-17T15:40:04Z]

[2016-06-13 16:09:51,311][INFO ][node ] [Sunfire] initializing ...

... ...

[2016-06-13 16:09:56,408][INFO ][node ] [Sunfire] started

[2016-06-13 16:09:56,417][INFO ][gateway ] [Sunfire] recovered [0] indices into cluster_state

docker环境基本信息(info)

[root@ct7 ~]# docker info

Containers: 1

Running: 1

Paused: 0

Stopped: 0

Images: 1

Server Version: 1.11.2

Storage Driver: devicemapper

Pool Name: docker-253:1-894992-pool

Pool Blocksize: 65.54 kB

Base Device Size: 10.74 GB

Backing Filesystem: xfs

Data file: /dev/loop0

Metadata file: /dev/loop1

Data Space Used: 508.9 MB

Data Space Total: 107.4 GB

Data Space Available: 2.52 GB

Metadata Space Used: 954.4 kB

Metadata Space Total: 2.147 GB

Metadata Space Available: 2.147 GB

Udev Sync Supported: true

Deferred Removal Enabled: false

Deferred Deletion Enabled: false

Deferred Deleted Device Count: 0

Data loop file: /var/lib/docker/devicemapper/devicemapper/data

WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.

Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata

Library Version: 1.02.107-RHEL7 (2015-12-01)

Logging Driver: json-file

Cgroup Driver: cgroupfs

Plugins:

Volume: local

Network: null host bridge

Kernel Version: 3.10.0-229.el7.x86_64

Operating System: CentOS Linux 7 (Core)

OSType: linux

Architecture: x86_64

CPUs: 4

Total Memory: 1.416 GiB

Name: ct7.example.com

ID: QFBN:O5KD:SGNG:SMHQ:PRCR:PRIF:SRCZ:RBAE:N627:WV5Z:7WWG:FG5C

Docker Root Dir: /var/lib/docker

Debug mode (client): false

Debug mode (server): false

Registry: https://index.docker.io/v1/

WARNING: bridge-nf-call-iptables is disabled

WARNING: bridge-nf-call-ip6tables is disabled

查看容器或镜像配置(inspect)

[root@ct7 ~]# docker inspect e70a2b3c08cf

[

{

"Id": "e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a",

"Created": "2016-06-12T05:39:29.246795305Z",

"Path": "/usr/local/bin/run",

"Args": [],

"State": {

"Running": true,

"Paused": false,

"Restarting": false,

"OOMKilled": false,

"Dead": false,

"Pid": 12924,

"ExitCode": 0,

"Error": "",

"StartedAt": "2016-06-12T06:15:19.635211813Z",

"FinishedAt": "2016-06-12T06:04:46.333042454Z"

"Image": "68102ad1785d019b337cd65366085c9f9bb5d66a8e4dd6f6650849e6ea71e70b",

"NetworkSettings": {

"Bridge": "",

"EndpointID": "e88fe632b62d5bb3fd7babc6c43a59be65a13b444467c2fcc2486032a9f034e7",

"Gateway": "172.17.42.1",

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

"HairpinMode": false,

"IPAddress": "172.17.0.2",

"IPPrefixLen": 16,

"IPv6Gateway": "",

"LinkLocalIPv6Address": "",

"LinkLocalIPv6PrefixLen": 0,

"MacAddress": "02:42:ac:11:00:02",

"NetworkID": "02ce8fd5b42fae0295f721736985105fa7d56c2134b5cc8c865f41276c50985d",

"PortMapping": null,

"Ports": {

"2375/tcp": [

{

"HostIp": "0.0.0.0",

"HostPort": "2375"

}

]

"SandboxKey": "/var/run/docker/netns/e70a2b3c08cf",

"SecondaryIPAddresses": null,

"SecondaryIPv6Addresses": null

"ResolvConfPath": "/var/lib/docker/containers/e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a/resolv.conf",

"HostnamePath": "/var/lib/docker/containers/e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a/hostname",

"HostsPath": "/var/lib/docker/containers/e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a/hosts",

"LogPath": "/var/lib/docker/containers/e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a/e70a2b3c08cf06f7f13c7f9a9059837d8d6c6ccabafa92755890fb2dcedbdf5a-json.log",

"Name": "/shipyard-proxy",

"RestartCount": 0,

"Driver": "devicemapper",

"ExecDriver": "native-0.2",

"MountLabel": "",

"ProcessLabel": "",

"Volumes": {

"/var/run/docker.sock": "/var/run/docker.sock"

"VolumesRW": {

"/var/run/docker.sock": true

"AppArmorProfile": "",

"ExecIDs": null,

"HostConfig": {

"Binds": [

"/var/run/docker.sock:/var/run/docker.sock"

"ContainerIDFile": "",

"LxcConf": [],

"Memory": 0,

"MemorySwap": 0,

"CpuShares": 0,

"CpuPeriod": 0,

"CpusetCpus": "",

"CpusetMems": "",

"CpuQuota": 0,

"BlkioWeight": 0,

"OomKillDisable": false,

"Privileged": false,

"PortBindings": {

"2375/tcp": [

{

"HostIp": "",

"HostPort": "2375"

}

]

"Links": null,

"PublishAllPorts": false,

"Dns": null,

"DnsSearch": null,

"ExtraHosts": null,

"VolumesFrom": null,

"Devices": [],

"NetworkMode": "bridge",

"IpcMode": "",

"PidMode": "",

"UTSMode": "",

"CapAdd": null,

"CapDrop": null,

"RestartPolicy": {

"Name": "always",

"MaximumRetryCount": 0

"SecurityOpt": null,

"ReadonlyRootfs": false,

"Ulimits": null,

"LogConfig": {

"Type": "json-file",

"Config": {}

"CgroupParent": ""

"Config": {

"Hostname": "node-a",

"Domainname": "example.com",

"User": "",

"AttachStdin": false,

"AttachStdout": false,

"AttachStderr": false,

"PortSpecs": null,

"ExposedPorts": {

"2375/tcp": {}

"Tty": true,

"OpenStdin": true,

"StdinOnce": false,

"Env": [

"PORT=2375",

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

"Cmd": null,

"Image": "shipyard/docker-proxy:latest",

"Volumes": null,

"VolumeDriver": "",

"WorkingDir": "",

"Entrypoint": [

"/usr/local/bin/run"

"NetworkDisabled": false,

"MacAddress": "",

"OnBuild": null,

"Labels": {}

}

]

报错:

Error response from daemon: driver failed programming external connectivity on endpoint prickly_turing (081405caf9fe991605f89d0ada69f3cbbd54e0526b9a85fa9b8ea6619e5161ee): iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8888 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)
Error: failed to start containers: 29683c3b68ac

原因:

docker服务启动时定义的自定义链DOCKER由于某种原因被清掉
重启docker服务及可重新生成自定义链DOCKER
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all -- 0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all -- 0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE all -- 172.17.0.0/16        0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all -- 0.0.0.0/0            0.0.0.0/0
DNAT       tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080
root@router:playbook#iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all -- 0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all -- 0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE all -- 172.17.0.0/16        0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all -- 0.0.0.0/0            0.0.0.0/0
DNAT       tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

解决:

重启docker服务后再启动容器
systemctl restart docker
docker start foo