Docker系列(三)容器管理
阿新 • • 發佈:2017-12-04
mozilla http 格式 file tor centos determine dia 進程
3.1 新建容器並啟動
所需要的命令主要為docker run
[root@localhost ~]# docker run centos /bin/echo "syavingc" syavingc
3.2 交互式啟動容器
[root@localhost ~]# docker run --name syavingc -it centos /bin/bash ##啟動一個bash終端,允許用戶進行交互。 [root@fe233ef7ae00 /]# pwd / [root@fe233ef7ae00 /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
--name:給容器定義一個名稱
-i:則讓容器的標準輸入保持打開。
-t:讓Docker分配一個偽終端,並綁定到容器的標準輸入上
/bin/bash:執行一個命令
當利用docker run來創建容器時,Docker在後臺運行的標準操作包括:
檢查本地是否存在指定的鏡像,不存在就從公有倉庫下載
利用鏡像創建並啟動一個容器
分配一個文件系統,並在只讀的鏡像層外面掛在一層可讀寫層
從宿主主機配置的網橋接口中橋接一個虛擬接口到容器中去
從地址池配置一個ip地址給容器
執行用戶指定的應用程序
執行完畢後容器被終止
[root@fe233ef7ae00 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root1 0.0 0.1 11756 1892 ? Ss 16:17 0:00 /bin/bash root 17 0.0 0.0 47452 1672 ? R+ 16:19 0:00 ps aux
註意!
容器不是一個虛擬機,因為他就是一個進程,如果我們退出,這個進程就退出了。
如果我們執行創建容器的時候,裏面沒有我們指定的鏡像,那麽他會從dockerhub上進行下載然後在啟動
3.3 查看容器啟動情況
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 3 minutes ago Exited (127) 16 seconds ago syavingc cd5c192a27f1 centos "/bin/echo syavingc" 4 minutes ago Exited (0) 4 minutes ago berserk_swartz 0fd3287c3a0a centos "/bin/echo hahha" 5 minutes ago Exited (0) 5 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 41 minutes ago Exited (0) 41 minutes ago jolly_mccarthy
3.4 容器的啟動與停止
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 6 minutes ago Exited (127) 3 minutes ago syavingc 0fd3287c3a0a centos "/bin/echo hahha" 9 minutes ago Exited (0) 9 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 45 minutes ago Exited (0) 45 minutes ago jolly_mccarthy [root@localhost ~]# docker start fe233ef7ae00 ##容器啟動 fe233ef7ae00 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 7 minutes ago Up 1 seconds syavingc 0fd3287c3a0a centos "/bin/echo hahha" 9 minutes ago Exited (0) 9 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 45 minutes ago Exited (0) 45 minutes ago jolly_mccarthy [root@localhost ~]# docker stop fe233ef7ae00 ##容器停止 fe233ef7ae00 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 7 minutes ago Exited (137) 1 seconds ago syavingc 0fd3287c3a0a centos "/bin/echo hahha" 9 minutes ago Exited (0) 9 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 45 minutes ago Exited (0) 45 minutes ago jolly_mccarthy
3.5 刪除容器
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 4 minutes ago Exited (127) About a minute ago syavingc cd5c192a27f1 centos "/bin/echo syavingc" 5 minutes ago Exited (0) 5 minutes ago berserk_swartz 0fd3287c3a0a centos "/bin/echo hahha" 7 minutes ago Exited (0) 7 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 43 minutes ago Exited (0) 43 minutes ago jolly_mccarthy [root@localhost ~]# docker rm cd5c192a27f1 ##註意,容器必須停止後才能刪除 cd5c192a27f1 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 5 minutes ago Exited (127) 2 minutes ago syavingc 0fd3287c3a0a centos "/bin/echo hahha" 8 minutes ago Exited (0) 8 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 43 minutes ago Exited (0) 43 minutes ago jolly_mccarthy
3.6 進入容器
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 11 minutes ago Up 3 seconds syavingc 0fd3287c3a0a centos "/bin/echo hahha" 13 minutes ago Exited (0) 13 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 49 minutes ago Exited (0) 49 minutes ago jolly_mccarthy [root@localhost ~]# docker attach fe233ef7ae00 [root@fe233ef7ae00 /]# pwd / [root@fe233ef7ae00 /]# hostname fe233ef7ae00
##這樣進入容器的缺點就是如果在開一個窗口就會同步操作,類似於單用戶模式(windows遠程桌面)
提示:生產場景是不使用docker attach的,需要我們使用nsenter這個工具,這個工具包含在util-linux軟件包裏面
[root@localhost ~]# yum install util-linux -y
Centos7默認最小化已經安裝
我們通過nsenter就可以進入容器,但是nsenter是通過pid進入容器裏,所以我們需要知道容器的pid。我們可以通過docker inspect來獲取到pid
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 16 minutes ago Exited (0) 52 seconds ago syavingc 0fd3287c3a0a centos "/bin/echo hahha" 18 minutes ago Exited (0) 18 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 54 minutes ago Exited (0) 54 minutes ago jolly_mccarthy [root@localhost ~]# docker start fe233ef7ae00 fe233ef7ae00 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 16 minutes ago Up 1 seconds syavingc 0fd3287c3a0a centos "/bin/echo hahha" 19 minutes ago Exited (0) 19 minutes ago determined_roentgen e068dff5ee86 hello-world "/hello" 54 minutes ago Exited (0) 54 minutes ago jolly_mccarthy [root@localhost ~]# docker inspect -f "{{ .State.Pid }}" fe233ef7ae00 16178 [root@localhost ~]# nsenter -t 16178 -m -u -i -n -p [root@fe233ef7ae00 /]# hostname fe233ef7ae00
docker inspect -f {{.State.Pid}}容器名或者容器id
#每一個容器都有.State.Pid,所以這個命令除了容器的id需要我們根據docker ps -a去查找,其他的全部為固定的格式
nsenter --target上面查到的進程id --mount --uts --ipc --net --pid #輸入該命令便進入到容器中
解釋nsenter指令中進程id之後的參數的含義:
* –mount參數是進去到mount namespace中
* –uts參數是進入到uts namespace中
* –ipc參數是進入到System V IPC namaspace中
* –net參數是進入到network namespace中
* –pid參數是進入到pid namespace中
* –user參數是進入到user namespace中
以下是以nsenter啟動的進程
[root@fe233ef7ae00 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11780 1684 ? Ss+ 16:34 0:00 /bin/bash root 14 0.0 0.1 15212 2000 ? S 16:34 0:00 -bash root 28 0.0 0.0 50884 1804 ? R+ 16:36 0:00 ps aux
/bin/bash是我們運行容器產生的進程
-bash 是我們使用nsenter產生的,這樣如果我們退出容器,容器就不會退出,因為-bash還在運行
[root@fe233ef7ae00 /]# exit logout [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 20 minutes ago Up 3 minutes syavingc
因為每次進入容器都需要輸入那兩條命令,所以我們可以寫一個腳本來獲取。
腳本內容如下:
[root@localhost ~]# cat docker_in.sh #!/bin/bash # Use nsenter to access docker docker_in(){ NAME_ID=$1 PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID) nsenter -t $PID -m -u -i -n -p } docker_in $1
執行結果如下:
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 22 minutes ago Up 5 minutes syavingc [root@localhost ~]# ./docker_in.sh syavingc [root@fe233ef7ae00 /]# hostname fe233ef7ae00 [root@fe233ef7ae00 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11780 1684 ? Ss+ 16:34 0:00 /bin/bash root 29 0.0 0.1 15212 2000 ? S 16:40 0:00 -bash root 43 0.0 0.0 50884 1800 ? R+ 16:40 0:00 ps aux [root@fe233ef7ae00 /]# exit logout [root@localhost ~]# docker ps ##退出容器後,進程還在 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fe233ef7ae00 centos "/bin/bash" 22 minutes ago Up 6 minutes syavingc [root@localhost ~]#
我們也可以不進入容器進行查看
[root@localhost ~]# docker exec syavingc ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 16:34 ? 00:00:00 /bin/bash root 44 0 0 16:42 ? 00:00:00 ps -ef [root@localhost ~]# docker exec syavingc ls / anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
提示:可以使用exec參數,不進入容器查看內容
我們還可以使用exec進入docker容器中
[root@localhost ~]# docker exec -it syavingc /bin/bash [root@fe233ef7ae00 /]# hostname fe233ef7ae00
但是最好還是少使用exec,有可能會對容器造成一些意外的影響
3.7 查看日誌
[root@localhost ~]# docker run -d -p 80:80 --name web nginx 879aee833d293856dbe6c35947fca84afe214096fa34975723dd90003b551213 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 879aee833d29 nginx "nginx -g ‘daemon off" 5 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp web fe233ef7ae00 centos "/bin/bash" 52 minutes ago Up 35 minutes syavingc [root@localhost ~]# docker logs 879aee833d29 10.0.0.1 - - [24/Oct/2017:17:10:30 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-" 10.0.0.1 - - [24/Oct/2017:17:10:30 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://10.0.0.30/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-" 2017/10/24 17:10:30 [error] 7#7: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.30", referrer: "http://10.0.0.30/"
Docker系列(三)容器管理