创建容器的选项
[root@mast ~]# docker container run --help Usage: docker container run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options:
--add-host list Add a custom host-to-IP mapping (host:ip)
-a, --attach list Attach to STDIN, STDOUT or STDERR
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list Block IO weight (relative device weight) (default [])
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--cgroup-parent string Optional parent cgroup for the container
--cidfile string Write the container ID to the file
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys string Override the key sequence for detaching a container
--device list Add a host device to the container
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--expose list Expose a port or a range of ports
--group-add list Add additional groups to join
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage
-h, --hostname string Container host name
--init Run an init inside the container that forwards signals and reaps processes
-i 交互式, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--ipc string IPC mode to use
--isolation string Container isolation technology
--kernel-memory bytes Kernel memory limit
-l, --label list Set meta data on a container
--label-file list Read in a line delimited file of labels
--link list Add link to another container
--link-local-ip list Container IPv4/IPv6 link-local addresses
--log-driver string Logging driver for the container
--log-opt list Log driver options
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container
--name string Assign a name to the container
--network string Connect a container to a network (default "default")
--network-alias list Add network-scoped alias for the container
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--privileged Give extended privileges to this container
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt list Security Options
--shm-size bytes Size of /dev/shm
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container (default "SIGTERM")
--stop-timeout int Timeout (in seconds) to stop a container
--storage-opt list Storage driver options for the container
--sysctl map Sysctl options (default map[])
--tmpfs list Mount a tmpfs directory
-t, --tty 分配一个伪终端 Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-w, --workdir string Working directory inside the container
启动一个容器并在前台运行
[root@localhost ~]# docker run -it centos /bin/bash
[root@4279c14287c1 /]#
后台创建一个容器
[root@localhost ~]# docker run -d centos
53dfa07e6f2c1f514cfe04c7943790692dd385e920ba56561c5b82160089fb33
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53dfa07e6f2c centos "/bin/bash" 3 seconds ago Exited (0) 2 seconds ago unruffled_pare
创建容器并设置端口映射-p 将容器端口映射成指定端口
[root@localhost ~]# docker run --name web -d -e test=123 -p 88:80 -h web nginx
d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMESd2394de6c3a1 nginx "nginx -g 'daemon of…" 15 seconds ago
Up 11 seconds 0.0.0.0:88->80/tcp web[root@localhost ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
users:(("sshd",pid=921,fd=3))LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1310,fd=13))LISTEN 0 128 :::22 :::*
users:(("sshd",pid=921,fd=4))LISTEN 0 128 :::88 :::*
users:(("docker-proxy",pid=19507,fd=4))LISTEN 0 100 ::1:25 :::*
users:(("master",pid=1310,fd=14))
进入后台运行的容器
[root@localhost ~]# docker exec -it web bash
root@web:/#
将容器端口映射成随机的端口 -P
[root@localhost ~]# docker run -d --name web-1 -e test=chenxi -P -h cx nginx
a3bdc2062cd738acc717da093c5de736c2170d88a9fd310e0c0de0c20fdb855f
[root@localhost ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
users:(("sshd",pid=921,fd=3))LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1310,fd=13))LISTEN 0 128 :::32768 :::*
users:(("docker-proxy",pid=19781,fd=4))LISTEN 0 128 :::22 :::*
users:(("sshd",pid=921,fd=4))LISTEN 0 128 :::88 :::*
users:(("docker-proxy",pid=19507,fd=4))LISTEN 0 100 ::1:25 :::*
users:(("master",pid=1310,fd=14))
创建容器设置容器允许使用500m内存,允许使用600m的swap分区,并禁用oom-kill
[root@localhost ~]# docker run --name web-9 --memory="500m" --memory-swap="600m" --oom-kill-disable -d -P nginx
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
25aff37e7dd0 nginx "nginx -g 'daemon of…" 7 minutes ago Up 7 minutes 0.0.0.0:32769->80/tcp web-9
创建容器时设置容器最大使用一个半的cpu资源
[root@localhost ~]# docker run -d --name web-cx --cpus="1.5" -P nginx
0771848dd42e79499e6c43e28cecea79f03b80bae56daf7e1aa2c140304c2789
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES0771848dd42e nginx "nginx -g 'daemon of…" 15 seconds ago
Up 12 seconds 0.0.0.0:32770->80/tcp web-cx
创建容器时设置容器最多使用半个cpu
[root@localhost ~]# docker run -d --name web-cx1 --cpus=".5" -P nginx
7638633dc06af3e335179e49b81a08959ec83e50362cb80f71188d652a86e37f
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES7638633dc06a nginx "nginx -g 'daemon of…" 4 seconds ago
Up 2 seconds 0.0.0.0:32771->80/tcp web-cx1
动态查看容器的资源限制
[root@localhost ~]# docker stats web-cx
查看最后创建的一个容器
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7638633dc06a nginx "nginx -g 'daemon of…" 16 minutes ago Up 16 minutes 0.0.0.0:32771->80/tcp web-cx1
查看当前系统所有容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7638633dc06a nginx "nginx -g 'daemon of…" 17 minutes ago Up 17 minutes 0.0.0.0:32771->80/tcp web-cx1
0771848dd42e nginx "nginx -g 'daemon of…" 20 minutes ago Up 20 minutes 0.0.0.0:32770->80/tcp web-cx
25aff37e7dd0 nginx "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:32769->80/tcp web-9
ab4b909c4e68 nginx "nginx -g 'daemon of…" About an hour ago Exited (0) About an hour ago cx
a3bdc2062cd7 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:32768->80/tcp web-1
d2394de6c3a1 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:88->80/tcp web
53dfa07e6f2c centos "/bin/bash" 2 hours ago Exited (0) 2 hours ago unruffled_pare
4279c14287c1 centos "/bin/bash" 2 hours ago Exited (127) 2 hours ago determined_chatterjee
dc2a611dae83 centos "/bin/bash" 2 hours ago Created reverent_elion
查看当前运行的容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7638633dc06a nginx "nginx -g 'daemon of…" 19 minutes ago Up 19 minutes 0.0.0.0:32771->80/tcp web-cx1
0771848dd42e nginx "nginx -g 'daemon of…" 21 minutes ago Up 21 minutes 0.0.0.0:32770->80/tcp web-cx
25aff37e7dd0 nginx "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:32769->80/tcp web-9
a3bdc2062cd7 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:32768->80/tcp web-1
d2394de6c3a1 nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:88->80/tcp web
查看容器详细信息
[root@localhost ~]# docker inspect web
[
{
"Id": "d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f",
"Created": "2019-02-22T02:09:09.984595885Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 19532,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-02-22T02:09:12.789486607Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:f09fe80eb0e75e97b04b9dfb065ac3fda37a8fac0161f42fca1e6fe4d0977c80",
"ResolvConfPath": "/var/lib/docker/containers/d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f/hostname",
"HostsPath": "/var/lib/docker/containers/d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f/hosts",
"LogPath": "/var/lib/docker/containers/d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f/d2394de6c3a11151bfc1697493a8012a132763b2bfa045b55d7f657704e47f6f-json.log",
"Name": "/web",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": [
"cad7ed32fa3444fb65f4dcf7007ce4af807b57554cb20325c57e38bc0ca4601c"
],
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "88"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/036314137e1525f686243ae5d6fd2861ab91e41d7bad36ac8a416aadb50e5302-init/diff:/var/lib/docker/overlay2/1491a86a89f7d4721b73639455d75fb153bc1
2c6cdaee687039d2e9317215741/diff:/var/lib/docker/overlay2/808c5a465c27497cb57ea709b083e855b6e11e2efa70887b1e3d6f2ece944ab3/diff:/var/lib/docker/overlay2/97f2bebcc1413f092415377b6d7e31dec473bd074f23afcde2d2394c65feed65/diff", "MergedDir": "/var/lib/docker/overlay2/036314137e1525f686243ae5d6fd2861ab91e41d7bad36ac8a416aadb50e5302/merged",
"UpperDir": "/var/lib/docker/overlay2/036314137e1525f686243ae5d6fd2861ab91e41d7bad36ac8a416aadb50e5302/diff",
"WorkDir": "/var/lib/docker/overlay2/036314137e1525f686243ae5d6fd2861ab91e41d7bad36ac8a416aadb50e5302/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "web",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"test=123",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.15.8-1~stretch",
"NJS_VERSION=1.15.8.0.2.7-1~stretch"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"ArgsEscaped": true,
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "fe9ee0aed5e4eb0b9813211dc2d5fb27ee4bf03ea613b50e9c67d2e6d2204beb",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "88"
}
]
},
"SandboxKey": "/var/run/docker/netns/fe9ee0aed5e4",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "1ebbb49fc6565721fdb915fc659f4c5c5cb62c4b7b2190ad9a9aac3b3dbb2f0d",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "3b2c8016eb022a0e3a9896ff22b7aee66d3034fef8b301b91dc791ff184eef13",
"EndpointID": "1ebbb49fc6565721fdb915fc659f4c5c5cb62c4b7b2190ad9a9aac3b3dbb2f0d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
交互式进入容器
[root@localhost ~]# docker exec -it web bash
root@web:/#
利用容器创建镜像
[root@localhost ~]# docker commit web nginx:web4
sha256:58f1e3f2b46e047322fb302ca87d4c3748f02ba3609bac222ec7122937b0b030
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx web4 58f1e3f2b46e 28 seconds ago 109MB
nginx latest f09fe80eb0e7 2 weeks ago 109MB
centos latest 1e1148e4cc2c 2 months ago 202MB
从宿主机往容器里复制文件
[root@localhost ~]# docker cp nginx-1.15.8.tar.gz web:/
[root@localhost ~]# docker exec -it web ls /
1 bin etc lib64 nginx-1.15.8.tar.gz root srv usr
12 boot home media opt run sys var
123 dev lib mnt proc sbin tmp
查看指定容器里的进程
[root@localhost ~]# docker top web
UID PID PPID C STIME TTY TIME CMD
root 19532 19514 0 10:09 ? 00:00:00 nginx: master process nginx -g daemon off;
101 19565 19532 0 10:09 ? 00:00:00 nginx: worker process
root 19734 19514 0 10:11 pts/0 00:00:00 bash