目录
- 创建容器
- 启动容器
- 停止容器
- 进入容器
- 删除容器
- 容器迁移
1. 创建容器
docker创建容器可以用docker create命令来执行。
[root@docker-node1 ~]# docker create -it debian:latest
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
a719479f5894: Pull complete
91bac885982d: Pull complete
Digest: sha256:a1577aa9dde28e51fb56dbad63b86b7db3ea44d4474ef656671c5a6596073d8c
Status: Downloaded newer image for debian:latest
f4086492e895f3203f56ec545990bc0b5da69be3c3e3c70e2ce1188d685c9c16
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4086492e895 debian:latest "/bin/bash" 5 seconds ago Created elegant_curie
[root@docker-node1 ~]#
通过docker create命令创建的容器是停止的,我们可以用docker ps -a -q
命令来查看哪些是停止状态的容器。
[root@docker-node1 ~]# docker ps -a -q
f4086492e895
[root@docker-node1 ~]#
2. 启动容器
2.1 创建容器
上面说过了通过docker create创建的容器是停止状态的,那么我们就可以用docker start命令来启动容器。
[root@docker-node1 ~]# docker start f4086492e895
f4086492e895
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4086492e895 debian:latest "/bin/bash" 8 minutes ago Up 6 seconds elegant_curie
[root@docker-node1 ~]#
2.2 创建启动容器
其实这样有点繁琐,先创建容器再进行启动,其实我们可以用docker run命令来实现直接创建启动一个容器的,其实docker run命令等价于先执行docker create然后执行docker start命令。
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker-node1 ~]# docker run debian:latest /bin/echo -e "\n\nHello, Here is Legion Blog."
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
a719479f5894: Pull complete
91bac885982d: Pull complete
Digest: sha256:a1577aa9dde28e51fb56dbad63b86b7db3ea44d4474ef656671c5a6596073d8c
Status: Downloaded newer image for debian:latest
Hello, Here is Legion Blog.
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 7 seconds ago Exited (0) 7 seconds ago loving_nobel
[root@docker-node1 ~]# docker images |grep debian
debian latest 91bac885982d 5 days ago 125.1 MB
[root@docker-node1 ~]# docker ps -a -q
68e25a09499d
[root@docker-node1 ~]#
当使用docker run命令创建启动容器时,Docker在后台运行的标准操作有下面几个步骤:
- 检测本地是否存在指定的镜像,不存在就从公有仓库下载
- 利用镜像创建并启动一个容器
- 分配一个文件系统,并在只读的镜像层外面挂载一层可读写层
- 从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中去
- 从地址池配置一个IP地址给容器
- 执行用户指定的应用程序
- 执行完毕后终止容器
2.3 容器的守护状态运行。
在实际应用中我们更多的是需要容器在后台以守护状态(Daemonized)形式运行,我们可以使用-d参数来实现容器的后台守护状态运行。
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a578b01bc9bd debian:latest "/bin/bash" 15 minutes ago Exited (0) 8 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 34 minutes ago Exited (0) 34 minutes ago loving_nobel
[root@docker-node1 ~]# docker run -d debian /bin/bash -c "while true; do echo hello docker; sleep 3;done"
a2bda91ae015d5166a31af082fb78126d054633cc381cc75dbd5e7894d5dac6e
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 4 seconds ago Up 3 seconds loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 17 minutes ago Exited (0) 9 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 35 minutes ago Exited (0) 35 minutes ago loving_nobel
[root@docker-node1 ~]# docker logs a2bda91ae015
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
上面我们就是用Debian镜像运行了一个容器,容器在后台以守护进程的方式运行着while true; do echo hello docker; sleep 3;done循环,最后我们通过docker logs a2bda91ae015命令可以看到容器的输出信息,证实这个容器一直在后台运行着。
3. 停止容器
我们可以使用docker stop
命令来停止一个运行中的容器
命令用法:docker stop [-t|--time[=10]]
它会首先向容器发送SIGTERM信号,等待一段时间后(默认为10秒),再发送SIGKILL信号来终止容器。
当docker容器中指定的应用终结时,容器也自动终止。例如上面我用用exit命令退出那个终端的时候所创建的容器也立刻终止了。
我们可以用docker stop
命令终止一个容器也可以使用docker start
命令来重新启动,也可以使用docker restart
命令来将一个运行终端额容器终止后再重新启动它。
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 11 minutes ago Up 11 minutes loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 29 minutes ago Exited (0) 21 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 47 minutes ago Exited (0) 47 minutes ago loving_nobel
[root@docker-node1 ~]# docker stop a2bda91ae015
a2bda91ae015
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 12 minutes ago Exited (137) 4 seconds ago loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 29 minutes ago Exited (0) 22 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 48 minutes ago Exited (0) 48 minutes ago loving_nobel
[root@docker-node1 ~]# docker start a2bda91ae015
a2bda91ae015
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 12 minutes ago Up 2 seconds loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 29 minutes ago Exited (0) 22 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 48 minutes ago Exited (0) 48 minutes ago loving_nobel
[root@docker-node1 ~]# docker restart a2bda91ae015
a2bda91ae015
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 12 minutes ago Up 3 seconds loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 30 minutes ago Exited (0) 22 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 48 minutes ago Exited (0) 48 minutes ago loving_nobel
[root@docker-node1 ~]# docker stop --time=2 a2bda91ae015
a2bda91ae015
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2bda91ae015 debian "/bin/bash -c 'while " 13 minutes ago Exited (137) 3 seconds ago loving_chandrasekhar
a578b01bc9bd debian:latest "/bin/bash" 30 minutes ago Exited (0) 23 minutes ago sick_lalande
68e25a09499d debian:latest "/bin/echo -e '\\n\\nHe" 48 minutes ago Exited (0) 48 minutes ago loving_nobel
[root@docker-node1 ~]#
4. 进入容器
在使用docker run -d
参数时候,容器启动后会进入后台,用户无法看到容器中的信息。某些时候我们是需要进入容器进行操作的,这里我们就可以使用 docker attach、docker exec
命令或者nsenter
工具等来完成。
4.1 attach命令
docker attach是一个Docker自带的命令,下面来说说attach命令的使用方法:
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker-node1 ~]# docker run -t -i -d debian
7f16264f7ab46e68b70dc8d982300c3a277d273cb425be6be739915c563ccb3c
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 3 seconds ago Up 2 seconds tender_raman
[root@docker-node1 ~]# docker attach 7f1
root@7f16264f7ab4:/#
root@7f16264f7ab4:/# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
6 ? 00:00:00 ps
root@7f16264f7ab4:/# exit
exit
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" About a minute ago Exited (0) 2 seconds ago tender_raman
[root@docker-node1 ~]#
其实使用docker attach命令有时候很不方便,当多个窗口同时attach到同一个容器的时候,所有窗口都会同步显示,当某个窗口因命令阻塞的时候,其他窗口也无法执行操作了。
4.2 exec命令
在Docker1.3版本开始,提供了一个更方便的命令exec。可以直接在容器内运行命令。
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 5 minutes ago Exited (0) 4 minutes ago tender_raman
[root@docker-node1 ~]# docker start 7f16264f7ab4
7f16264f7ab4
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 5 minutes ago Up 2 seconds tender_raman
[root@docker-node1 ~]# docker exec -ti 7f16264f7ab4 /bin/bash
root@7f16264f7ab4:/# ps
PID TTY TIME CMD
6 ? 00:00:00 bash
10 ? 00:00:00 ps
root@7f16264f7ab4:/# date
Sun Nov 15 07:59:29 UTC 2015
root@7f16264f7ab4:/#
4.3 nsenter工具
1. nsenter的安装
nsenter工具在util-linux包的2.23版本后都包含。如果系统中的util-linux包中没有这个命令,那么可以通过源码编译安装。
检查是否安装nsenter工具:
[root@docker-node1 ~]# which nsenter
/usr/bin/nsenter
[root@docker-node1 ~]# nsenter -V
nsenter,?? util-linux 2.23.2
[root@docker-node1 ~]#
下载并编译安装:
[root@docker-node1 ~]# wget https://www.kernel.org/pub/linux/utils/util-linux/v2.27/util-linux-2.27.tar.xz
[root@docker-node1 ~]# tar xf util-linux-2.27.tar.xz
[root@docker-node1 ~]# cd util-linux-2.27/
[root@docker-node1 ~/util-linux-2.27]# ./configure --without-ncurses
[root@docker-node1 ~/util-linux-2.27]# make nsenter
[root@docker-node1 ~/util-linux-2.27]# \cp nsenter /usr/bin/
[root@docker-node1 ~/util-linux-2.27]# which nsenter
/usr/bin/nsenter
[root@docker-node1 ~/util-linux-2.27]# nsenter -V
nsenter,来自 util-linux 2.27
[root@docker-node1 ~/util-linux-2.27]#
2. nsenter的使用
为了使用nsenter工具连接到容器,我们首先需要找到容器的进程PID号,可以通过下面的命令获取。
获取PID:
f-docker-pid() { docker inspect --format "{{ .State.Pid}}" $1; }
docker-pid <CONTAINER ID>
nsenter --target <PID> --mount --uts --ipc --net --pid
操作步骤:
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 34 minutes ago Up 29 minutes tender_raman
[root@docker-node1 ~]# f-docker-pid() { docker inspect --format "{{ .State.Pid}}" $1; }
[root@docker-node1 ~]# nsenter --target $(f-docker-pid 7f16264f7ab4) --mount --uts --ipc --net --pid
root@7f16264f7ab4:/# date
Sun Nov 15 08:29:37 UTC 2015
root@7f16264f7ab4:/# logout
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 36 minutes ago Up 31 minutes tender_raman
[root@docker-node1 ~]#
为了以后方便使用我这做了shell函数写到.bashrc文件了。
[root@docker-node1 ~]# echo 'tools-nsenter() { nsenter --target $(docker inspect --format "{{ .State.Pid}}" $1) --mount --uts --ipc --net --pid; }' >> ~/.bashrc
[root@docker-node1 ~]# source ~/.bashrc
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7f16264f7ab4 debian "/bin/bash" 58 minutes ago Up 53 minutes tender_raman
[root@docker-node1 ~]# tools-nsenter 7f16264f7ab4
root@7f16264f7ab4:/# date
Sun Nov 15 08:53:22 UTC 2015
root@7f16264f7ab4:/# ps
PID TTY TIME CMD
216 ? 00:00:00 bash
253 ? 00:00:00 ps
root@7f16264f7ab4:/# logout
[root@docker-node1 ~]#
这样以后就可以更方便的使用nsenter命令来连接容器。
5. 删除容器
删除容器我们可以使用docker rm
命令,被删除的容器需要是终止状态的。
命令用法:docker rm [OPTIONS] CONTAINER [CONTINER...]
options:
- -f, --force=false:强项终止并删除一个运行中的容器。
- -l, --link=false:删除容器的连接,但保留容器。
- -v, --volumes=false:删除容器挂载的数据卷。
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b8971dc66962 debian "/bin/bash" 9 seconds ago Up 8 seconds agitated_chandrasekhar
[root@docker-node1 ~]# docker rm b8971dc66962
Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
Error: failed to remove containers: [b8971dc66962]
[root@docker-node1 ~]# docker rm -f b8971dc66962
b8971dc66962
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker-node1 ~]#
六. 容器迁移
6.1 导出容器
导出容器是指一个已经创建的容器导出到一个文件,不管此时这个容器是否处于运行状态,可以使用docker export
命令。
命令用法:docker export CONTAINER
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker-node1 ~]# docker run -t -i -d debian
0291b910e062dd348696386875f3e73e55a32366540bad1742f45bfcc987a455
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0291b910e062 debian "/bin/bash" 2 seconds ago Up 1 seconds gloomy_galileo
[root@docker-node1 ~]# docker export 0291b910e062 > debian-2015_11_15.tar
[root@docker-node1 ~]# ls -l debian-2015_11_15.tar
0644 -rw-r--r-- 1 root root 130947584 11月 15 09:16 debian-2015_11_15.tar
[root@docker-node1 ~]#
6.2 导入容器
导入容器是指将一个指定的文件导入到容器,可以使用命令docker import。
命令用法:docker import CONTAINER
[root@docker-node1 ~]# docker export 0291b910e062 > debian-2015_11_15.tar
[root@docker-node1 ~]# ls -l debian-2015_11_15.tar
0644 -rw-r--r-- 1 root root 130947584 11月 15 09:16 debian-2015_11_15.tar
[root@docker-node1 ~]# cat debian-2015_11_15.tar | docker import - runbash/debian:v1.0
0b1d5532571e3f829a2c90e7353262c1f6f18bf0cbdd1930fa324344bf5cebc8
[root@docker-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
runbash/debian v1.0 0b1d5532571e 13 seconds ago 125.1 MB
ubuntu latest d1b426312675 14 hours ago 286.2 MB
lookback/ubuntu baseos d1b426312675 14 hours ago 286.2 MB
ubuntu 14.04 e9ae3c220b23 5 days ago 187.9 MB
debian latest 91bac885982d 5 days ago 125.1 MB
centos 6.7 7e8fbd86f46d 4 weeks ago 190.6 MB
[root@docker-node1 ~]#