1. 创建容器的常用选项
创建容器的常用选项
[root@localhost ~]# docker container run -itd -e test=123456 -p 88:80 --name web -h web nginx
---在nginx镜像中创建一个名为web的容器,不加d的话是创建容器并进入该容器,-e定义变量test=123456,-p把宿主机的88端口转发到容器的80端口,-h指定主机名
4dc7b59c8eef9afb04aedffedb02f30a4a90ddd6222a9b63dfb9cd279ead3d6c
[root@localhost ~]# docker ps -l ---查看最近打开的一个容器的状态,目前状态为Up
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dc7b59c8eef nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:88->80/tcp web
[root@localhost ~]# docker top 4dc7b59c8eef ---查看一个正在运行的容器进程
UID PID PPID C STIME TTY TIME CMD
root 8640 8624 0 13:25 pts/0 00:00:00 /bin/bash
---每个容器要后台运行,必须有一个前台进程来守护这个容器,所以一个容器尽量只跑一个应用进程
创建容器时使用-itd分配一个伪终端,上面示例的伪终端为/bin/bash
[root@localhost ~]# docker logs web ---查看web容器的日志,刚创建所以没有日志
[root@localhost ~]# docker exec -it web bash ---进入到容器
root@web:/# echo $test
123456
root@web:/# hostname
web
root@web:/# ifconfig ---查看ip,发现没有该命令
bash: 1: ifconfig: not found
root@web:/# apt-get update && apt-get install net-tools ---安装ifconfig命令相关包
root@web:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.4 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:04 txqueuelen 0 (Ethernet)
RX packets 3265 bytes 9212801 (8.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3018 bytes 169581 (165.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@web:/# exit ---退出容器
通过宿主机的88端口访问web容器
[root@localhost ~]# docker logs web ---发现有日志了
192.168.150.1 - - [17/Aug/2019:05:41:59 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"
2019/08/17 05:42:00 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.150.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.150.139:88", referrer: "http://192.168.150.139:88/"
192.168.150.1 - - [17/Aug/2019:05:42:00 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.150.139:88/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"
192.168.150.1 - - [17/Aug/2019:05:42:59 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"
[root@localhost ~]# docker container run -d --name web2 -P nginx ---怕指定的转发端口被占用,可以使用-P随机指定一个端口
2dd1300152d56b7317fd6da97aa7207791b6fd7e2e59bc0f3b53538ca415cd26
[root@localhost ~]# docker ps -l ---可以看到指定了32768端口
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2dd1300152d5 nginx "nginx -g 'daemon of…" 5 seconds ago Up 5 seconds 0.0.0.0:32768->80/tcp web2
[root@localhost ~]# docker container run -d --name web3 --restart always -P nginx
---重启宿主机,容器会自动挂掉,不会自动开启,如果要自动开启,需要在创建的时候加--restart always参数
d7123e29b0be872cc256da6649480356df3547f8a8a7a2891f62b43496e17bc7
2. 容器资源限制
容器资源限制
示例:
内存限额:
允许容器最多使用500M内存和100M的Swap,并禁用OOM Killer
docker run -d --name nginx03 --memory="500M" --memory-swap="600M" --oom-kill-disable nginx
---可用swap大小为“--memory-swap”减去“--memory”的大小
[root@localhost ~]# docker run -d --name web03 --memory="500M" --memory-swap="600M" --oom-kill-disable nginx
23688554bc1fe0aad6bcfeb0dea71ec34a7f8d600e169ea2f54d6dfc85c47e4e
[root@localhost ~]# docker stats --no-stream web03 ---加--no-stream参数是静态显示容器使用状况
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
23688554bc1f web03 0.00% 1.387MiB / 500MiB 0.28% 656B / 0B 0B / 0B 2
[root@localhost ~]# docker stats --no-stream web ---不作限制的话,内存可以使用到内存最大值
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
4dc7b59c8eef web 0.00% 1.41MiB / 972.6MiB 0.14% 9.22MB / 174kB 83.5MB / 8.25MB 2
注意:--oom-kill-disable选项一定要配合-m/--memory选项使用,否则,出现 out-of-memory 错误时,系统会通过杀死宿主机进程来获取更大内存
CPU限额:
允许容器最多使用一个半的CPU
docker run -d --name nginx04 --cpus="1.5" nginx
允许容器最多使用50%的CPU
docker run -d --name nginx05 --cpus=".5" nginx
[root@localhost ~]# docker run -d --name web05 --cpus=".5" nginx
2645100be04d08dc832d876b17af917e4b17b2acd1bb445ef76aedf9a6924a4c
[root@localhost ~]# docker stats --no-stream web05
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
2645100be04d web05 0.00% 1.379MiB / 972.6MiB 0.14% 656B / 0B 0B / 0B 2
为什么要做资源限制?因为如果一个容器被黑客攻击了,如果没有做资源限制的话,就会消耗所有的物理资源,非常危险。
3. 管理容器的常用命令
管理容器的常用命令
[root@localhost ~]# docker container ps -l ---列出最新创建的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2645100be04d nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp web05
[root@localhost ~]# docker container ps -a ---列出所有的容器(包括停止的和运行的)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
18d4c647e781 centos "/bin/bash" 2 minutes ago Up 2 minutes centos01
e5db91264080 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago ecstatic_fermat
[root@localhost ~]# docker container inspect web05
[
{
"Id": "2645100be04d08dc832d876b17af917e4b17b2acd1bb445ef76aedf9a6924a4c",
"Created": "2019-08-17T06:46:24.006890967Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 10745,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-08-17T06:46:24.275299763Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
---省略若干---
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9b0c47d98e40776558f5df49ac8fbabcb03762418cf742b90c6042495c6946f9",
"EndpointID": "316247d7fb039ef63784af5259b4a9a16f06a1881288440549d164ca0db9d1fc",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.10",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:0a",
"DriverOpts": null
}
}
}
}
]
[root@localhost ~]# docker exec -it web04 bash ---进入容器中
root@0dab09030fd2:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0dab09030fd2:/# pwd
/
root@0dab09030fd2:/# touch {1..4} ---创建4个文件
root@0dab09030fd2:/# ls
1 2 3 4 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0dab09030fd2:/# exit
exit
[root@localhost ~]# docker commit web04 nginx:web04 ---把刚才修改过的web04容器提交成新镜像nginx:web04
sha256:2e68e90e2560ca0780614f37f245a7716e1a6219baee4ef8e6157b8c17ed7db0
[root@localhost ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx web04 2e68e90e2560 8 seconds ago 126MB
nginx latest 5a3221f0137b 34 hours ago 126MB
nginx v1 5a3221f0137b 34 hours ago 126MB
centos latest 9f38484d220f 5 months ago 202MB
hello-world latest fce289e99eb9 7 months ago 1.84kB
[root@localhost ~]# docker run -d --name web04-1 nginx:web04 ---用新镜像创建容器
b75a5892d442f97f387ba6ac7c85e36cc481d832649864dc118dbd552d23c6e6
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b75a5892d442 nginx:web04 "nginx -g 'daemon of…" 5 seconds ago Up 5 seconds 80/tcp web04-1
[root@localhost ~]# docker exec -it web04-1 bash
root@b75a5892d442:/# ls ---发现有刚才新添加的文件
1 2 3 4 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@b75a5892d442:/# exit
exit
[root@localhost ~]# docker cp nginx.tar web04-1:/ ---把nginx.tar拷贝到web04-1容器中
[root@localhost ~]# docker exec -it web04-1 ls /
1 3 bin dev home lib64 mnt opt root sbin sys usr
2 4 boot etc lib media nginx.tar proc run srv tmp var
网友评论