1. 操作容器
run
$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
使用指定的镜像来运行容器,并可选地在容器中运行指定的命令。
分离模式:通过 -d 选项指定;容器会在任务(进程)结束时退出。 前台模式:可以将控制台连接到容器中进程的标准输入、输出、错误;通过 -t 选项可以为其分配一个伪终端;通过 -i 选项可以保持标准输入处于打开状态。
--rm 选项能够在容器退出时自动删除容器。
[ming@localhost ~]$ sudo docker run -it --rm ubuntu:latest /bin/bash
root@2258471ee542:/# ls
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
root@2258471ee542:/# exit
exit
[ming@localhost ~]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ps
$ docker ps [OPTIONS]
罗列容器。
-a 选项可以列出所有的容器。
[ming@localhost ~]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83d375a4271d ubuntu:latest "top -b" 3 minutes ago Exited (0) 3 minutes ago stupefied_sammet
inspect
docker inspect [OPTIONS] CONTAINER [CONTAINER...]
查看容器的详细信息。
[ming@localhost ~]$ sudo docker inspect 1f749a6ec815
[
{
"Id": "1f749a6ec815b28cef0e94d1ad654c3240efd33d887fed563b32776724df9145",
"Created": "2021-10-06T03:34:57.910631294Z",
...
"State": {
"Status": "running",
...
"Pid": 5512,
"ExitCode": 0,
"Error": "",
...
},
"Image": "sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2",
...
"LogPath": "/var/lib/docker/containers/1f749a6ec815b28cef0e94d1ad654c3240efd33d887fed563b32776724df9145/1f749a6ec815b28cef0e94d1ad654c3240efd33d887fed563b32776724df9145-json.log",
"Name": "/hungry_chandrasekhar",
...
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/bacb628d91b4725954c6371f1b5abb58047cc50abd01db2db3c55d0fd76756de-init/diff:/var/lib/docker/overlay2/b48052cfd14e2413218757fb03e0997a600912f9e29dc45db045c8d214fdf026/diff",
"MergedDir": "/var/lib/docker/overlay2/bacb628d91b4725954c6371f1b5abb58047cc50abd01db2db3c55d0fd76756de/merged",
"UpperDir": "/var/lib/docker/overlay2/bacb628d91b4725954c6371f1b5abb58047cc50abd01db2db3c55d0fd76756de/diff",
"WorkDir": "/var/lib/docker/overlay2/bacb628d91b4725954c6371f1b5abb58047cc50abd01db2db3c55d0fd76756de/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "1f749a6ec815",
...
"Cmd": [
"top",
"-b"
],
"Image": "ubuntu:latest",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
...
"Networks": {
"bridge": {
...
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
...
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
top
$ docker top CONTAINER [ps OPTIONS]
查看容器中运行的进程。
[ming@localhost ~]$ sudo docker top 1f749a6ec815
UID PID PPID C STIME TTY TIME CMD
root 5512 5492 0 23:46 ? 00:00:00 top -b
stats
$ docker stats [OPTIONS] [CONTAINER...]
持续输出容器的资源使用情况。
[ming@localhost ~]$ sudo docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c8dac7e11479 boring_shannon 0.06% 440KiB / 3.701GiB 0.01% 737B / 0B 0B / 0B 1
^C
port
$ docker port CONTAINER [PRIVATE_PORT[/PROTO]]
查看容器的端口映射。
# 将容器的 80/tcp 端口映射到主机的 8080 端口
[ming@localhost ~]$ sudo docker run -d -p 8080:80/tcp ubuntu:latest top -b
c8dac7e11479b8da9c467054a24da8c52ff28f2b687b501408f1d31fa3c7af98
[ming@localhost ~]$ sudo docker port c8dac7e1
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
[ming@localhost ~]$ sudo docker port c8dac7e1 80/tcp
0.0.0.0:8080
:::8080
logs
$ docker logs [OPTIONS] CONTAINER
查看容器的日志(标准输出、错误的内容)。
-f 选项可以持续输出容器的日志。
[ming@localhost ~]$ sudo docker logs 1f749a6ec815
top - 03:34:58 up 25 min, 0 users, load average: 0.14, 0.08, 0.20
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.7 us, 13.3 sy, 0.0 ni, 80.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 3789.5 total, 1045.0 free, 852.5 used, 1891.9 buff/cache
MiB Swap: 3968.0 total, 3968.0 free, 0.0 used. 2669.9 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 5960 1716 1296 R 0.0 0.0 0:00.03 top
...
attach
$ docker attach [OPTIONS] CONTAINER
将本地终端的标准输入、输出、错误连接到容器。
[ming@localhost ~]$ sudo docker run -d ubuntu:latest top -b
83d375a4271d6fb4d340925d604771b408e12f00a40d639b7a6020a87291ffb8
[ming@localhost ~]$ sudo docker attach 83d375a4271d6fb4d340925d604771b408e12f00a40d639b7a6020a87291ffb8
top - 03:24:00 up 14 min, 0 users, load average: 0.11, 0.34, 0.36
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
%Cpu(s): 7.7 us, 3.4 sy, 0.0 ni, 88.9 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 3789.5 total, 1034.7 free, 862.9 used, 1891.9 buff/cache
MiB Swap: 3968.0 total, 3968.0 free, 0.0 used. 2659.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 5960 1712 1296 R 0.0 0.0 0:00.04 top
...
exec
$ docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
在运行的容器中执行指定的命令。
[ming@localhost ~]$ sudo docker run -d ubuntu:latest top -b
1f749a6ec815b28cef0e94d1ad654c3240efd33d887fed563b32776724df9145
[ming@localhost ~]$ sudo docker exec -it 1f749a6e /bin/bash
root@1f749a6ec815:/# ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 0 80 0 - 1490 poll_s 03:34 ? 00:00:00 top -b
4 S root 7 0 0 80 0 - 1025 do_wai 03:35 pts/0 00:00:00 /bin/bash
0 R root 17 7 0 80 0 - 1472 - 03:35 pts/0 00:00:00 ps -elf
pause, unpause
$ docker pause CONTAINER [CONTAINER...]
使用 freezer cgroup 挂起容器中的所有进程(进程对挂起操作是无感知的)。
$ docker unpause CONTAINER [CONTAINER...]
恢复容器中挂起的进程。
[ming@localhost ~]$ sudo docker pause 1f749a6ec815
1f749a6ec815
[ming@localhost ~]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f749a6ec815 ubuntu:latest "top -b" 6 minutes ago Up 6 minutes (Paused) hungry_chandrasekhar
[ming@localhost ~]$ sudo docker unpause 1f749a6ec815
1f749a6ec815
[ming@localhost ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f749a6ec815 ubuntu:latest "top -b" 6 minutes ago Up 6 minutes hungry_chandrasekhar
stop
$ docker stop [OPTIONS] CONTAINER [CONTAINER...]
停止容器,终止容器中的进程:首先发送 SIGTERM 信号给容器中的进程,一段时间之后发送 SIGKILL 信号。
[ming@localhost ~]$ sudo docker stop 1f749a6ec815
1f749a6ec815
[ming@localhost ~]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f749a6ec815 ubuntu:latest "top -b" 9 minutes ago Exited (0) 2 seconds ago hungry_chandrasekhar
start
$ docker start [OPTIONS] CONTAINER [CONTAINER...]
启动停止的容器(还是运行之前给定的命令)。
[ming@localhost ~]$ sudo docker start 1f749a6ec815
1f749a6ec815
[ming@localhost ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f749a6ec815 ubuntu:latest "top -b" 11 minutes ago Up 2 seconds hungry_chandrasekhar
rm
$ docker rm [OPTIONS] CONTAINER [CONTAINER...]
删除指定的容器。
--force 选项可以强制性删除运行的容器。
[ming@localhost ~]$ sudo docker rm 83d375a4271d
83d375a4271d
cp
$ docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
$ docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
在容器和主机之间拷贝文件、目录。
[ming@localhost ~]$ echo "hello" > hello.txt
[ming@localhost ~]$ sudo docker cp hello.txt 1f749a6ec815:/root/
[ming@localhost ~]$ sudo docker exec 1f749a6ec815 cat /root/hello.txt
hello
[ming@localhost ~]$ sudo docker cp 1f749a6ec815:/root/hello.txt .
[ming@localhost ~]$ cat hello.txt
hello
export
$ docker export [OPTIONS] CONTAINER
将容器的文件系统(不包括卷的内容)导出为 tar 文件,后续可通过 docker import 来加载镜像。
[ming@localhost ~]$ sudo docker export -o ubuntu2.tar 1f749a6ec815
[ming@localhost ~]$ ls -lh ubuntu2.tar
-rw-------. 1 root root 72M Oct 6 03:00 ubuntu2.tar
2. 操作镜像
images
$ docker images [OPTIONS] [REPOSITORY[:TAG]]
查看所有的顶层镜像。
-a 选项可以查看所有的镜像。
[ming@localhost ~]$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 597ce1600cf4 5 days ago 72.8MB
search
$ docker search [OPTIONS] TERM
搜索 docker hub。
[ming@localhost ~]$ sudo docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6786 [OK]
ansible/centos7-ansible Ansible on Centos7 135 [OK]
consol/centos-xfce-vnc Centos container with "headless" VNC session… 130 [OK]
jdeathe/centos-ssh OpenSSH / Supervisor / EPEL/IUS/SCL Repos - … 120 [OK]
...
pull
$ docker pull [OPTIONS] NAME[:TAG|@DIGEST]
拉取镜像。
$ sudo docker pull debian:jessie
tag
$ docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
基于源镜像创建一个包含 tag 的镜像。
$ sudo docker tag 0e5574283393 fedora/httpd:version1.0
push
$ docker push [OPTIONS] NAME[:TAG]
推送镜像。
$ sudo docker image tag rhel-httpd:latest registry-host:5000/myadmin/rhel-httpd:latest
$ sudo docker image push registry-host:5000/myadmin/rhel-httpd:latest
import
$ docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
从 tar 文件中加载镜像。
[ming@localhost ~]$ sudo docker import ubuntu2.tar ubuntu2:v1
sha256:649f9cf75008bc2bf84cfa97a008883530b9384029a53e3d7f5262556e07fcae
[ming@localhost ~]$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu2 v1 649f9cf75008 6 seconds ago 72.8MB
ubuntu latest 597ce1600cf4 5 days ago 72.8MB
save
$ docker save [OPTIONS] IMAGE [IMAGE...]
保存镜像为 tar 文件,后续可通过 docker load 来加载。
可通过 -o 选项将镜像保存至指定的文件,默认输出到标准输出。
[ming@localhost ~]$ sudo docker save ubuntu:latest | gzip > ubuntu3.tar.gz
[ming@localhost ~]$ ls -hl ubuntu3.tar.gz
-rw-rw-r--. 1 ming ming 27M Oct 6 03:17 ubuntu3.tar.gz
load
$ docker load [OPTIONS]
从标准输入或 tar 文件中加载镜像。
-i 选项指定从 tar 文件中加载镜像。
[ming@localhost ~]$ sudo docker load -i ubuntu3.tar.gz
Loaded image: ubuntu:latest
rmi
$ docker rmi [OPTIONS] IMAGE [IMAGE...]
删除本地镜像。如果 IMAGE 包含了 tag,且该镜像具有多个 tags,则此命令只是移除该 tag,而不会删除镜像。
-f 选项可强制删除运行容器所用的镜像。
[ming@localhost ~]$ sudo docker rmi ubuntu2:v1
Untagged: ubuntu2:v1
Deleted: sha256:649f9cf75008bc2bf84cfa97a008883530b9384029a53e3d7f5262556e07fcae
Deleted: sha256:d01576ff475bf2c2cac6231b7c3e0c4b977b463238d23fdd70bceb911c3e1b04