• Docker 的基本指令及用法详解

    Docker 的基本指令及用法详解

    Docker官方为了让用户快速了解Docker,提供了一个交互式教程,旨在帮助用户掌握Docker命令行的使用方法。但是由于Docker技术的快速发展,此交互式教程已经无法满足Docker用户的实际使用需求,所以让我们一起开始一次真正的命令行学习之旅。首先,Docker的命令清单可以通过运行 docker ,或者 docker help 命令得到:

    1. $ sudo docker --help
    2. Usage: docker [OPTIONS] COMMAND [arg...]
    3. A self-sufficient runtime for linux containers.
    4. Options:
    5. --add-registry=[] Registry to query before a public one
    6. --api-cors-header= Set CORS headers in the remote API
    7. -b, --bridge= Attach containers to a network bridge
    8. --bip= Specify network bridge IP
    9. --block-registry=[] Don't contact given registry
    10. --confirm-def-push=true Confirm a push to default registry
    11. -D, --debug=false Enable debug mode
    12. -d, --daemon=false Enable daemon mode
    13. --default-gateway= Container default gateway IPv4 address
    14. --default-gateway-v6= Container default gateway IPv6 address
    15. --default-ulimit=[] Set default ulimits for containers
    16. --dns=[] DNS server to use
    17. --dns-search=[] DNS search domains to use
    18. -e, --exec-driver=native Exec driver to use
    19. --exec-opt=[] Set exec driver options
    20. --exec-root=/var/run/docker Root of the Docker execdriver
    21. --fixed-cidr= IPv4 subnet for fixed IPs
    22. --fixed-cidr-v6= IPv6 subnet for fixed IPs
    23. -G, --group=docker Group for the unix socket
    24. -g, --graph=/var/lib/docker Root of the Docker runtime
    25. -H, --host=[] Daemon socket(s) to connect to
    26. -h, --help=false Print usage
    27. --icc=true Enable inter-container communication
    28. --insecure-registry=[] Enable insecure registry communication
    29. --ip=0.0.0.0 Default IP when binding container ports
    30. --ip-forward=true Enable net.ipv4.ip_forward
    31. --ip-masq=true Enable IP masquerading
    32. --iptables=true Enable addition of iptables rules
    33. --ipv6=false Enable IPv6 networking
    34. -l, --log-level=info Set the logging level
    35. --label=[] Set key=value labels to the daemon
    36. --log-driver=json-file Default driver for container logs
    37. --log-opt=map[] Set log driver options
    38. --mtu=0 Set the containers network MTU
    39. -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file
    40. --registry-mirror=[] Preferred Docker registry mirror
    41. -s, --storage-driver= Storage driver to use
    42. --selinux-enabled=false Enable selinux support
    43. --storage-opt=[] Set storage driver options
    44. --tls=false Use TLS; implied by --tlsverify
    45. --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA
    46. --tlscert=~/.docker/cert.pem Path to TLS certificate file
    47. --tlskey=~/.docker/key.pem Path to TLS key file
    48. --tlsverify=false Use TLS and verify the remote
    49. --userland-proxy=true Use userland proxy for loopback traffic
    50. -v, --version=false Print version information and quit
    51. Commands:
    52. attach Attach to a running container
    53. build Build an image from a Dockerfile
    54. commit Create a new image from a container's changes
    55. cp Copy files/folders from a container's filesystem to the host path
    56. create Create a new container
    57. diff Inspect changes on a container's filesystem
    58. events Get real time events from the server
    59. exec Run a command in a running container
    60. export Stream the contents of a container as a tar archive
    61. history Show the history of an image
    62. images List images
    63. import Create a new filesystem image from the contents of a tarball
    64. info Display system-wide information
    65. inspect Return low-level information on a container or image
    66. kill Kill a running container
    67. load Load an image from a tar archive
    68. login Register or log in to a Docker registry server
    69. logout Log out from a Docker registry server
    70. logs Fetch the logs of a container
    71. pause Pause all processes within a container
    72. port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
    73. ps List containers
    74. pull Pull an image or a repository from a Docker registry server
    75. push Push an image or a repository to a Docker registry server
    76. rename Rename an existing container
    77. restart Restart a running container
    78. rm Remove one or more containers
    79. rmi Remove one or more images
    80. run Run a command in a new container
    81. save Save an image to a tar archive
    82. search Search for an image on the Docker Hub
    83. start Start a stopped container
    84. stats Display a stream of a containers' resource usage statistics
    85. stop Stop a running container
    86. tag Tag an image into a repository
    87. top Lookup the running processes of a container
    88. unpause Unpause a paused container
    89. version Show the Docker version information
    90. wait Block until a container stops, then print its exit code
    91. Run 'docker COMMAND --help' for more information on a command.

    在Docker容器技术不断演化的过程中,Docker的子命令已经达到39个之多,其中核心子命令(例如:run)还会有复杂的参数配置。笔者通过结合功能和应用场景方面的考虑,把命令行划分为4个部分,方便我们快速概览Docker命令行的组成结构:

    功能划分 命令
    环境信息相关 info version
    系统运维相关 attach build commit cp diff export images import
    save/load inspect kill port pause/unpause
    ps rm rmi run start/stop/restart tag top
    日志信息相关 events history logs
    仓库服务相关 login pull push search

    1.参数约定

    单个字符的参数可以放在一起组合配置,例如

    1. $ sudo docker run -t -i --name test centos sh

    可以用这样的方式等同:

    1. $ sudo docker run -ti --name test centos sh

    2.Boolean

    Boolean参数形式如: -d=false。注意,当你声明这个Boolean参数时,比如 docker run -d=true,它将直接把启动的Container挂起放在后台运行。

    3.字符串和数字

    参数如 —name=“” 定义一个字符串,它仅能被定义一次。同类型的如-c=0 定义一个数字,它也只能被定义一次。

    4.后台进程

    Docker后台进程是一个常驻后台的系统进程,值得注意的是Docker使用同一个文件来支持客户端和后台进程,其中角色切换通过-d来实现。这个后台进程是用来管理容器的:

    参数 解释
    —add-registry=[] Registry to query before a public one
    —api-cors-header= Set CORS headers in the remote API
    -b, —bridge= 挂载已经存在的网桥设备到 Docker 容器里。注意,使用 none 可以停用容器里的网络。
    —bip= 使用 CIDR 地址来设定网络桥的 IP。注意,此参数和 -b 不能一起使用。
    —block-registry=[] Don’t contact given registry
    —confirm-def-push=true Confirm a push to default registry
    -D, —debug=false 开启Debug模式。例如:docker -d -D
    -d, —daemon=false 开启Daemon模式。
    —default-gateway= Container default gateway IPv4 address
    —default-gateway-v6= Container default gateway IPv6 address
    —default-ulimit=[] Set default ulimits for containers
    —dns=[] 强制容器使用DNS服务器。例如: docker -d —dns 8.8.8.8
    —dns-search=[] 强制容器使用指定的DNS搜索域名。例如: docker -d —dns-search example.com
    -e, —exec-driver=native 强制容器使用指定的运行时驱动。例如:docker -d -e lxc
    —exec-opt=[] Set exec driver options
    —exec-root=/var/run/docker Root of the Docker execdriver
    —fixed-cidr= IPv4 subnet for fixed IPs
    —fixed-cidr-v6= IPv6 subnet for fixed IPs
    -G, —group=docker 在后台运行模式下,赋予指定的Group到相应的unix socket上。注意,当此参数 —group 赋予空字符串时,将去除组信息。
    -g, —graph=/var/lib/docker 配置Docker运行时根目录
    -H, —host=[] Daemon socket(s) to connect to
    -h, —help=false 在后台模式下指定socket绑定,可以绑定一个或多个 tcp://host:port, unix:///path/to/socket, fd://* 或 fd://socketfd。例如:
    $ docker -H tcp://0.0.0.0:2375 ps 或者
    $ export DOCKER_HOST=”tcp://0.0.0.0:2375”
    $ docker ps
    —icc=true 启用内联容器的通信。
    —insecure-registry=[] Enable insecure registry communication
    —ip=0.0.0.0 容器绑定IP时使用的默认IP地址
    —ip-forward=true Enable net.ipv4.ip_forward
    —ip-masq=true Enable IP masquerading
    —iptables=true 启动Docker容器自定义的iptable规则
    —ipv6=false Enable IPv6 networking
    -l, —log-level=info Set the logging level
    —label=[] Set key=value labels to the daemon
    —log-driver=json-file Default driver for container logs
    —log-opt=map[] Set log driver options
    —mtu=0 设置容器网络的MTU值,如果没有这个参数,选用默认 route MTU,如果没有默认route,就设置成常量值 1500。
    -p, —pidfile=/var/run/docker.pid 后台进程PID文件路径。
    —registry-mirror=[] Preferred Docker registry mirror
    -s, —storage-driver= 强制容器运行时使用指定的存储驱动,例如,指定使用devicemapper, 可以这样:
    $ sudo docker -d -s devicemapper
    —selinux-enabled=false 启用selinux支持
    —storage-opt=[] 配置存储驱动的参数
    —tls=false 启动TLS认证开关
    —tlscacert=~/.docker/ca.pem 通过CA认证过的的certificate文件路径
    —tlscert=~/.docker/cert.pem TLS的certificate文件路径
    —tlskey=~/.docker/key.pem TLS的key文件路径
    —tlsverify=false 使用TLS并做后台进程与客户端通讯的验证
    —userland-proxy=true Use userland proxy for loopback traffic
    -v, —version=false 显示版本信息

    注意,其中带有[] 的启动参数可以指定多次,例如:

    1. $ sudo docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash