docker container 容器管理

• Docker 管理命令
  • 容器管理
  • 镜像管理
  • 网络管理
  • 系统管理
  • 数据卷管理
  • 快照管理
  • 插件管理
  • 其他
  • swarmkit 管理
    • 模式管理
    • 节点管理
    • 秘钥管理
    • 服务管理
    • 服务栈管理

Docker 的每一级命令都可以使用--help 的参数来查看帮助信息

Docker 一级命令

root@ubuntu:~# docker --help

Usage:	docker COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -D, --debug              Enable debug mode
      --help               Print usage
  -H, --host list          Daemon socket(s) to connect to (default [])
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  container   Manage containers
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  volume      Manage volumes

Commands:
  attach      Attach to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

在 Docker1.13版本之前, 是没有二级管理命令的, 随着 Docker 的功能越来越多, 命令参数也越来越多, 到1.13版本后, Docker 终于对他们做出了归类, 之前的语法也兼容, 但是 Docker 推荐使用最新的语法格式.

1.13版本后, Docker 对命令做出了如下归类:

• container Manage containers
• image Manage images
• network Manage networks
• node Manage Swarm nodes
• plugin Manage plugins
• secret Manage Docker secrets
• service Manage services
• stack Manage Docker stacks
• swarm Manage Swarm
• system Manage Docker
• volume Manage volumes

容器管理 container

root@ubuntu:~# docker container --help

Usage:	docker container COMMAND

Manage containers

Options:
      --help   Print usage

Commands:
  attach      Attach to a running container
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  inspect     Display detailed information on one or more containers
  kill        Kill one or more running containers
  logs        Fetch the logs of a container
  ls          List containers
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  run         Run a command in a new container
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker container COMMAND --help' for more information on a command.

attach

进入容器的方式之一, 翻译过来叫”附着”到运行的容器中. 他与exec 有本质的区别, exec 进入容器是在主进程的基础之上, 再开通一个进程实现的进入容器. 而 attach 则意味着进入到容器的主进程中. 产生的后果也不一样, 由于 attach 进入到了主进程, 一旦 Ctrl+C 退出终端, 将导致主进程退出, 从而容器也随之退出. 而 exec 的方式进入容器是单独开启了一个进程, 该进程的产生于销毁并不影响主进程, 所以不会因为终端的退出而导致容器退出.

root@ubuntu:~# docker run -d centos ping 123.57.233.243
2ad157c779469961faabec0e836f7d2ab03a7e6193d932647e83626231fa0560
root@ubuntu:~# 
root@ubuntu:~# docker container attach 2ad
64 bytes from 123.57.233.243: icmp_seq=40 ttl=127 time=8.05 ms
64 bytes from 123.57.233.243: icmp_seq=41 ttl=127 time=7.46 ms
64 bytes from 123.57.233.243: icmp_seq=42 ttl=127 time=8.86 ms
64 bytes from 123.57.233.243: icmp_seq=43 ttl=127 time=9.80 ms
64 bytes from 123.57.233.243: icmp_seq=44 ttl=127 time=6.24 ms
64 bytes from 123.57.233.243: icmp_seq=45 ttl=127 time=6.01 ms
^C
--- 123.57.233.243 ping statistics ---
62 packets transmitted, 62 received, 0% packet loss, time 61130ms
rtt min/avg/max/mdev = 5.407/18.181/204.154/32.140 ms
root@ubuntu:~#

exec

在一个运行中的容器内执行命令. 就如上面所说, 使用 exec 执行命令意味着在主进程的基础之上, 再启动其他的进程, 其他进程的启动与销毁不会直接影响容器的退出.

exec 的用法很多, 使用频率最高的是进入容器的操作

root@ubuntu:~# docker container exec -it b9704931408c /bin/bash
root@b9704931408c:/#

也可以运行任何bash命令

root@ubuntu:~# docker container exec 11610baab1ce echo "haha"
haha
root@ubuntu:~# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
b9704931408c        nginx               "nginx -g 'daemon ..."   About an hour ago   Up About an hour    0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp   my-third-nginx
d0a4936e940e        nginx               "nginx -g 'daemon ..."   About an hour ago   Up About an hour    443/tcp, 0.0.0.0:8800->80/tcp                my-second-nginx
11610baab1ce        nginx               "nginx -g 'daemon ..."   About an hour ago   Up 12 minutes       80/tcp, 443/tcp                              my-first-nginx

commit

基于一个现有的容器创建新的镜像. commit 多用在做容器迁移的时候, 当容器为由状态时, 我们需要保存现有容器的所有运行状态以保证迁移后的一致性, 这时 commit 就派上了用场.

运行一个初始的镜像, 我们通过 exec 进入到容器, 并做了一些修改, 当需要迁移此容器时, 可以把当前修改过后的容器保存为一个新的镜像. 然后将镜像迁移至新主机, 再 run 起来.

# 修改容器内容
root@ubuntu:~# docker exec -it my-first-nginx /bin/bash
root@11610baab1ce:/# cd /tmp/
root@11610baab1ce:/tmp# ls
root@11610baab1ce:/tmp# echo "commit test" > /tmp/c.txt
root@11610baab1ce:/tmp# ls
c.txt
root@11610baab1ce:/tmp# cat /tmp/c.txt 
commit test
root@11610baab1ce:/tmp# exit
exit
# commit 镜像
root@ubuntu:~# docker commit my-first-nginx nginx2:0.1
sha256:7cb5220c81d58a56471b6ce69e40bf4d15f89652b4b4bd78ec4579b6473bfc91
root@ubuntu:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx2              0.1                 7cb5220c81d5        4 seconds ago       204MB
centos              latest              a8493f5f50ff        35 hours ago        192MB
nginx               latest              5766334bdaa0        39 hours ago        183MB
hello-world         latest              48b5124b2768        2 months ago        1.84kB
# 基于新镜像运行新容器
root@ubuntu:~# docker exec -it new-first-nginx /bin/bash
root@b4e6f8620ba3:/# cd /tmp/
root@b4e6f8620ba3:/tmp# ls
c.txt
root@b4e6f8620ba3:/tmp# cat c.txt 
commit test
root@b4e6f8620ba3:/tmp#

注意: 挂载的数据是不会被 commit 到镜像中的. 迁移之后需要用相同的参数启动起来

迁移有两种方式:

• 一种是导入导出的方式(通过 tar.gz 文件)
• 一种是通过 Registry 的方式 push 和 pull

如果是通过 Registry 的方式的话, 需要在 commit 时, 镜像名字中加入 Registry 地址

docker container commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]

注意: commit 的过程中, 容器处于 pause 的状态, 类似于 MySQL 的排它锁

cp

通过 cp 命令可以把容器中的文件拷贝到宿主机(把文件拿出来)

root@ubuntu:~# docker container cp --help

Usage:	docker container cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
	docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH

Copy files/folders between a container and the local filesystem

Options:
  -L, --follow-link   Always follow symbol link in SRC_PATH
      --help          Print usage
root@ubuntu:~# docker container cp my-first-nginx:/tmp/c.txt ./
root@ubuntu:~# ls
c.txt  web

注意: 两种执行方式的语法不同

diff

列出与原始镜像相比,容器中变化的内容.

• A: 增加
• D: 删除
• C: 修改

root@ubuntu:~# docker container diff  --help

Usage:	docker container diff CONTAINER

Inspect changes to files or directories on a container's filesystem

Options:
      --help   Print usage
root@ubuntu:~# docker container diff  my-second-nginx
C /run
A /run/nginx.pid
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/client_temp
A /var/cache/nginx/fastcgi_temp
A /var/cache/nginx/proxy_temp
A /var/cache/nginx/scgi_temp
A /var/cache/nginx/uwsgi_temp

export&import/save&load

Docker 的导入导出

https://docs.lvrui.io/2017/02/19/docker的导入导出/

export&import 操作的对象是容器, 导出到一个新的镜像, 该镜像只有一层

save&load 操作对象是镜像, 原镜像层数保留

如果导出容器还需要保留层数, 那就需要使用 commit+save+load 黄金组合啦

inspect

查看容器详细信息

root@ubuntu:~# docker container inspect my-third-nginx
[
    {
        "Id": "b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6",
        "Created": "2017-04-08T06:22:29.186834559Z",
        "Path": "nginx",
        "Args": [
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 2648,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2017-04-08T06:22:29.555131293Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:5766334bdaa0bc37f1f0c02cb94c351f9b076bcffa042d6ce811b0fd9bc31f3b",
        "ResolvConfPath": "/var/lib/docker/containers/b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6/hostname",
        "HostsPath": "/var/lib/docker/containers/b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6/hosts",
        "LogPath": "/var/lib/docker/containers/b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6/b9704931408c6d054bc9c510878e10467a71d412bef065afa7414403982001b6-json.log",
        "Name": "/my-third-nginx",
        "RestartCount": 0,
        "Driver": "aufs",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/root/web:/usr/share/nginx/html:ro"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "443/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "8080"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Data": null,
            "Name": "aufs"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/root/web",
                "Destination": "/usr/share/nginx/html",
                "Mode": "ro",
                "RW": false,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "b9704931408c",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "443/tcp": {},
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.11.13-1~jessie"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "ArgsEscaped": true,
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "916a8bef0178b4e8e2ff1c246a9e04c85686b8ddf8493946de7103577ff8158b",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "443/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8080"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/916a8bef0178",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "7a9c71aae5980ccd513c1e7a4e8cefaf56a87e1d796669bbfb70ffc728d1e0bb",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.4",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:04",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "26d72edf89c3ae77e1de636d4357b819a12c24ae64ab0da4d9b2d43610c44f24",
                    "EndpointID": "7a9c71aae5980ccd513c1e7a4e8cefaf56a87e1d796669bbfb70ffc728d1e0bb",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.4",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:04"
                }
            }
        }
    }
]

ls/ps/list

查看 container 列表

• docker ps
• docker container ls
• docker container list

以上三条命令的用法和作用都是一样的, 之间做了别名

最实用的参数-s 可以显示出容器占用空间大小, 括号中的是镜像大小, 前面是可写层(容器)大小

root@ubuntu:~# docker container list -s
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES               SIZE
b4e6f8620ba3        nginx2:0.1          "nginx -g 'daemon ..."   29 minutes ago      Up 29 minutes       80/tcp, 443/tcp                              new-first-nginx     413B (virtual 204MB)
b9704931408c        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp   my-third-nginx      7B (virtual 183MB)
d0a4936e940e        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          443/tcp, 0.0.0.0:8800->80/tcp                my-second-nginx     2B (virtual 183MB)
11610baab1ce        nginx               "nginx -g 'daemon ..."   2 hours ago         Up About an hour    80/tcp, 443/tcp                              my-first-nginx      21.3MB (virtual 204MB)
root@ubuntu:~#

logs

查看容器的前台回显日志. 由于容器必须以阻塞前台的方式运行, 那么我们就可以通过 logs 命令来查看容器前台的回显(在默认是 json-file 日志引擎下)

root@ubuntu:~# docker run -d centos ping 123.57.233.243
791a4ad7ffa83f81a78e2bba1a5d5366a099be443beb19f66ee0d51e83cd020d
root@ubuntu:~# 
root@ubuntu:~# 
root@ubuntu:~# docker logs -f 791a4ad7ffa8
PING 123.57.233.243 (123.57.233.243) 56(84) bytes of data.
64 bytes from 123.57.233.243: icmp_seq=1 ttl=127 time=7.89 ms
64 bytes from 123.57.233.243: icmp_seq=2 ttl=127 time=6.66 ms
64 bytes from 123.57.233.243: icmp_seq=3 ttl=127 time=6.55 ms
64 bytes from 123.57.233.243: icmp_seq=4 ttl=127 time=6.46 ms
64 bytes from 123.57.233.243: icmp_seq=5 ttl=127 time=175 ms
64 bytes from 123.57.233.243: icmp_seq=6 ttl=127 time=267 ms

kill/start/stop/restart/rm/pause/unpause/prune

• kill 给容器发送 kill 信号, 非正常退出容器
• start 启动退出状态的容器
• stop 退出运行状态的容器
• restart 重启容器
• rm 删除退出状态的容器
• pause 暂停运行中的容器(处于阻塞状态)
• unpause 恢复暂停的容器至运行状态
• prune 删除所有 stopped 状态的容器(1.13的新特性, 救世主!)

port

查看端口的映射关系

root@ubuntu:~# docker container port my-third-nginx
443/tcp -> 0.0.0.0:443
80/tcp -> 0.0.0.0:8080
root@ubuntu:~# docker container port my-second-nginx
80/tcp -> 0.0.0.0:8800
root@ubuntu:~# docker container port my-first-nginx
root@ubuntu:~# docker container port my-second-nginx 80/tcp
0.0.0.0:8800

rename

更改容器名称

root@ubuntu:~# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
b4e6f8620ba3        nginx2:0.1          "nginx -g 'daemon ..."   About an hour ago   Up About an hour    80/tcp, 443/tcp                              new-first-nginx
b9704931408c        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp   my-third-nginx
d0a4936e940e        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          443/tcp, 0.0.0.0:8800->80/tcp                my-second-nginx
11610baab1ce        nginx               "nginx -g 'daemon ..."   2 hours ago         Up About an hour    80/tcp, 443/tcp                              my-first-nginx
root@ubuntu:~# docker container rename --help

Usage:	docker container rename CONTAINER NEW_NAME

Rename a container

Options:
      --help   Print usage
root@ubuntu:~# docker container rename new-first-nginx new-first-nginx2
root@ubuntu:~# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
b4e6f8620ba3        nginx2:0.1          "nginx -g 'daemon ..."   About an hour ago   Up About an hour    80/tcp, 443/tcp                              new-first-nginx2
b9704931408c        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp   my-third-nginx
d0a4936e940e        nginx               "nginx -g 'daemon ..."   2 hours ago         Up 2 hours          443/tcp, 0.0.0.0:8800->80/tcp                my-second-nginx
11610baab1ce        nginx               "nginx -g 'daemon ..."   2 hours ago         Up About an hour    80/tcp, 443/tcp                              my-first-nginx
root@ubuntu:~#

stats

实时查看容器资源使用状况

root@ubuntu:~# docker container stats 
CONTAINER           CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
b4e6f8620ba3        0.00%               1.457MiB / 975.1MiB   0.15%               690B / 0B           0B / 4.1kB          2
b9704931408c        0.00%               1.449MiB / 975.1MiB   0.15%               732B / 0B           0B / 0B             2
d0a4936e940e        0.00%               1.512MiB / 975.1MiB   0.16%               1.36kB / 671B       0B / 0B             2
11610baab1ce        0.00%               1.465MiB / 975.1MiB   0.15%               732B / 0B           0B / 0B             2

top

查看容器的进程信息

root@ubuntu:~# docker container top --help

Usage:	docker container top CONTAINER [ps OPTIONS]

Display the running processes of a container

Options:
      --help   Print usage
root@ubuntu:~# docker container top my-third-nginx
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                2648                2631                0                   Apr07               ?                   00:00:00            nginx: master process nginx -g daemon off;
syslog              2669                2648                0                   Apr07               ?                   00:00:00            nginx: worker process

update

调整分配给容器的计算资源, 可以更改该容器可以使用的 CPU 计算资源与内存资源等

root@ubuntu:~# docker container update --help

Usage:	docker container update [OPTIONS] CONTAINER [CONTAINER...]

Update configuration of one or more containers

Options:
      --blkio-weight uint16        Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
      --cpu-period int             Limit CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int              Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int          Limit the CPU real-time period in microseconds
      --cpu-rt-runtime int         Limit the CPU real-time runtime in microseconds
  -c, --cpu-shares int             CPU shares (relative weight)
      --cpuset-cpus string         CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string         MEMs in which to allow execution (0-3, 0,1)
      --help                       Print usage
      --kernel-memory bytes        Kernel memory limit
  -m, --memory bytes               Memory limit
      --memory-reservation bytes   Memory soft limit
      --memory-swap bytes          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --restart string             Restart policy to apply when a container exits

wait

阻塞容器的运行直到停止为止, 然后打印该容器的退出状态码

# 终端1
root@ubuntu:~# docker container wait new-first-nginx2
# 终端被阻塞

# 终端2
root@ubuntu:~# docker container stop new-first-nginx2
new-first-nginx2

# 终端1
root@ubuntu:~# docker container wait new-first-nginx2
0

run

运行一个容器, 这个命令的参数非常多, 可以定制的属性也非常多, 常用参数如下

• -e: 设置环境变量
• -h: 设置 hostname
• -i: 开放标准输入
• -t: 分配伪终端
• -l: 打标签
• -p: 指定映射出来的端口(可随机分配, 可以指定)
• -P: 映射容器内所有开放的端口(端口号随机分配)
• -v: 数据卷的挂载
• --volumes-driver: 指定存储引擎
• -w: 容器运行的工作目录
• --restart: 默认为 no, 容器异常退出后禁止自动重启
  • 设置为 --restart=on-failure:10 , 意味对该容器的非0退出状态进行重启, 最多重启10次
  • 设置为 --restart=always 始终重启
• --network: 指定网络类型
• --name: 指定容器名称
• --log-driver: 指定日志引擎
• --link: 网络层连通指定容器
• --dns: 指定容器内使用的 DNS 服务器
• --privileged: 提权,在容器内获取扩展的执行权限
• --add-host: hosts 配置. 例如: --add-host polarsnow:123.57.233.243