docker学习一（常用命令）

2016 / 03 / 13 docker

docker

官网

下载linux

查询需要下载的镜像
```
docker search centos
```
下载centos
```
docker pull blalor/centos
```

* 运行并挂载本地路径

docker run -it -v ~/Downloads:/usr/Downloads:ro 8d74077f3b19 /bin/bash


## 常用软件
### nginx

下载nginx

docker pull daocloud.io/nginx

// 挂载本地的硬盘并映射端口80到8080
docker run -v ~/Downloads/高校缴费V2.0/:/usr/share/nginx/html:ro -d -p 8080:80 daocloud.io/nginx


### mysql

docker pull mysql
//设置mysql的root密码为123456 并随机映射本机端口
docker run –name some-mysql -e MYSQL_ROOT_PASSWORD=123456 -d -P mysql:latest



### jdk
设置jdk环境

vi + /etc/profile

JAVA_HOME=/usr/local/jdk1.7.0_79
JRE_HOME=/usr/local/jdk1.7.0_79/jre
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export JAVA_HOME JRE_HOME PATH CLASSPATH

source /etc/profile
echo $PATH //查看PATH值


## 常用命令
* docker images

docker images


* 查看正在运行的容器

docker ps
docker ps -a为查看所有的容器，包括已经停止的。


* 删除单个容器

docker rm <容器名orID>


* 停止、启动、杀死一个容器

docker stop <容器名orID>
docker start <容器名orID>
docker kill <容器名orID>

* 一个容器连接到另一个容器

docker run -i -t –name sonar -d -link mmysql:db tpires/sonar-server


* 导入导出镜像

docker save busybox-1 > /home/save.tar
docker load < /home/save.tar

* 从container中拷贝文件出来

sudo docker cp 4e9bc8d685f0:/usr/local .



## docker参数介绍

$ sudo docker # docker命令帮助
Usage: docker [OPTIONS] COMMAND [arg…]
-H=[unix:///var/run/docker.sock]: tcp://host:port to bind/connect to or unix://path/to/socket to use

A self-sufficient runtime for linux containers.

Commands:
attach Attach to a running container # 当前shell下attach连接指定运行镜像
build Build an image from a Dockerfile # 通过Dockerfile定制镜像
commit Create a new image from a container’s changes # 提交当前容器为新的镜像
cp Copy files/folders from the containers filesystem to the host path
# 从容器中拷贝指定文件或者目录到宿主机中
diff Inspect changes on a container’s filesystem # 查看docker容器变化
events Get real time events from the server # 从docker服务获取容器实时事件
export Stream the contents of a container as a tar archive
# 导出容器的内容流作为一个tar归档文件[对应import]
history Show the history of an image # 展示一个镜像形成历史
images List images # 列出系统当前镜像
import Create a new filesystem image from the contents of a tarball
# 从tar包中的内容创建一个新的文件系统映像[对应export]
info Display system-wide information # 显示系统相关信息
inspect Return low-level information on a container # 查看容器详细信息
kill Kill a running container # kill指定docker容器
load Load an image from a tar archive # 从一个tar包中加载一个镜像[对应save]
login Register or Login to the docker registry server
# 注册或者登陆一个docker源服务器
logs Fetch the logs of a container # 输出当前容器日志信息
port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
# 查看映射端口对应的容器内部源端口
pause Pause all processes within a container # 暂停容器
ps List containers # 列出容器列表
pull Pull an image or a repository from the docker registry server
# 从docker镜像源服务器拉取指定镜像或者库镜像
push Push an image or a repository to the docker registry server
# 推送指定镜像或者库镜像至docker源服务器
restart Restart a running container # 重启运行的容器
rm Remove one or more containers # 移除一个或者多个容器
rmi Remove one or more images
# 移除一个或多个镜像[无容器使用该镜像才可删除，否则需删除相关容器才可继续或-f强制删除]
run Run a command in a new container
# 在一个新的容器中运行一个命令
save Save an image to a tar archive # 保存一个镜像为一个tar包[对应load]
search Search for an image in the docker index # 在docker index中搜索镜像
start Start a stopped containers # 启动容器
stop Stop a running containers # 停止容器
tag Tag an image into a repository # 给源中镜像打标签
top Lookup the running processes of a container # 查看容器中运行的进程信息
unpause Unpause a paused container # 取消暂停容器
version Show the docker version information # 查看docker版本号
wait Block until a container stops, then print its exit code
# 截取容器停止时的退出状态值


## docker选项帮助

$ sudo docker –help
Usage of docker:
–api-enable-cors=false Enable CORS headers in the remote API # 远程API中开启CORS头
-b, –bridge=”” Attach containers to a pre-existing network bridge # 桥接网络
use ‘none’ to disable container networking
–bip=”” Use this CIDR notation address for the network bridge’s IP, not compatible with -b
# 和-b选项不兼容，具体没有测试过
-d, –daemon=false Enable daemon mode # daemon模式
-D, –debug=false Enable debug mode # debug模式
–dns=[] Force docker to use specific DNS servers # 强制docker使用指定dns服务器
–dns-search=[] Force Docker to use specific DNS search domains # 强制docker使用指定dns搜索域
-e, –exec-driver=”native” Force the docker runtime to use a specific exec driver # 强制docker运行时使用指定执行驱动器
-G, –group=”docker” Group to assign the unix socket specified by -H when running in daemon mode
use ‘’ (the empty string) to disable setting of a group
-g, –graph=”/var/lib/docker” Path to use as the root of the docker runtime # 容器运行的根目录路径
-H, –host=[] The socket(s) to bind to in daemon mode # daemon模式下docker指定绑定方式[tcp or 本地socket]
specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
–icc=true Enable inter-container communication # 跨容器通信
–ip=”0.0.0.0” Default IP address to use when binding container ports # 指定监听地址，默认所有ip
–ip-forward=true Enable net.ipv4.ip_forward # 开启转发
–iptables=true Enable Docker’s addition of iptables rules # 添加对应iptables规则
–mtu=0 Set the containers network MTU # 设置网络mtu
if no value is provided: default to the default route MTU or 1500 if no default route is available
-p, –pidfile=”/var/run/docker.pid” Path to use for daemon PID file # 指定pid文件位置
-r, –restart=true Restart previously running containers # 重新启动以前运行的容器
-s, –storage-driver=”” Force the docker runtime to use a specific storage driver # 强制docker运行时使用指定存储驱动
–selinux-enabled=false Enable selinux support # 开启selinux支持
–storage-opt=[] Set storage driver options # 设置存储驱动选项
–tls=false Use TLS; implied by tls-verify flags # 开启tls
–tlscacert=”/root/.docker/ca.pem” Trust only remotes providing a certificate signed by the CA given here
–tlscert=”/root/.docker/cert.pem” Path to TLS certificate file # tls证书文件位置
–tlskey=”/root/.docker/key.pem” Path to TLS key file # tls key文件位置
–tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) # 使用tls并确认远程控制主机
-v, –version=false Print version information and quit # 输出docker版本信息


## docker run

$ sudo docker run

Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG…]

Run a command in a new container

-a, –attach=[] Attach to stdin, stdout or stderr.
-c, –cpu-shares=0 CPU shares (relative weight) # 设置cpu使用权重
–cidfile=”” Write the container ID to the file # 把容器id写入到指定文件
–cpuset=”” CPUs in which to allow execution (0-3, 0,1) # cpu绑定
-d, –detach=false Detached mode: Run container in the background, print new container id # 后台运行容器
–dns=[] Set custom dns servers # 设置dns
–dns-search=[] Set custom dns search domains # 设置dns域搜索
-e, –env=[] Set environment variables # 定义环境变量
–entrypoint=”” Overwrite the default entrypoint of the image # ？
–env-file=[] Read in a line delimited file of ENV variables # 从指定文件读取变量值
–expose=[] Expose a port from the container without publishing it to your host # 指定对外提供服务端口
-h, –hostname=”” Container host name # 设置容器主机名
-i, –interactive=false Keep stdin open even if not attached # 保持标准输出开启即使没有attached
–link=[] Add link to another container (name:alias) # 添加链接到另外一个容器[这个会专门章节讲解]
–lxc-conf=[] (lxc exec-driver only) Add custom lxc options –lxc-conf=”lxc.cgroup.cpuset.cpus = 0,1”
-m, –memory=”” Memory limit (format: , where unit = b, k, m or g) # 内存限制
–name=”” Assign a name to the container # 设置容器名
–net=”bridge” Set the Network mode for the container # 设置容器网络模式
‘bridge’: creates a new network stack for the container on the docker bridge
‘none’: no networking for this container
‘container:<name|id>’: reuses another container network stack
‘host’: use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-P, –publish-all=false Publish all exposed ports to the host interfaces # 自动映射容器对外提供服务的端口
-p, –publish=[] Publish a container’s port to the host # 指定端口映射
format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort
(use ‘docker port’ to see the actual mapping)
–privileged=false Give extended privileges to this container # 提供更多的权限给容器
–rm=false Automatically remove the container when it exits (incompatible with -d) # 如果容器退出自动移除和-d选项冲突
–sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. # ？
-t, –tty=false Allocate a pseudo-tty # 分配伪终端
-u, –user=”” Username or UID # 指定运行容器的用户uid或者用户名
-v, –volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)
# 挂载卷
–volumes-from=[] Mount volumes from the specified container(s) # 从指定容器挂载卷
-w, –workdir=”” Working directory inside the container # 指定容器工作目录

## Dockerfile

命令参数说明

注释说明
FROM [:
] 从一个已有镜像创建，例如ubuntu:latest
MAINTAINER Author some-one@example.com 镜像作者名字，如Max Liu some-one@example.com
RUN
或者[‘cmd1’, ‘cmd2’…] 在镜像创建用的临时容器里执行单行命令
ADD
将本地的添加到镜像容器中的位置
VOLUME 或者[‘/var’, ‘home’] 将指定的路径挂载为数据卷
EXPOSE […] 将指定的端口暴露给主机
ENV 或者 = 指定环境变量值
CMD [“executable”,”param1”,”param2”] 容器启动时默认执行的命令。注意一个Dockerfile中只有最后一个CMD生效。
ENTRYPOINT [“executable”, “param1”, “param2”] 容器的进入点
## 参考 [http://docs.daocloud.io/faq/what-is-docker](http://docs.daocloud.io/faq/what-is-docker) [http://linuxwiki.github.io/Services/Docker.html](http://linuxwiki.github.io/Services/Docker.html)