Bootstrap

容器运行应用及Docker命令

一、使用容器运行Nginx应用

1_使用docker run命令运行Nginx应用

1 观察下载容器镜像过程

查找本地容器镜像文件

执行命令过程一:下载容器镜像

[root@localhost ~]# docker run -d nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a2abf6c4d29d: Downloading  1.966MB/31.36MB 下载中
a9edb18cadd1: Downloading  1.572MB/25.35MB
589b7251471a: Download complete 下载完成
186b1aaa4aa6: Download complete
b4df32aa5a72: Waiting 等待下载
a0bcbecc962e: Waiting

执行命令过程二:下载容器镜像

[root@localhost ~]# docker run -d nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a2abf6c4d29d: Downloading  22.87MB/31.36MB
a9edb18cadd1: Downloading  22.78MB/25.35MB
589b7251471a: Waiting
186b1aaa4aa6: Waiting
b4df32aa5a72: Waiting

执行命令过程三:下载容器镜像

[root@localhost ~]# docker run -d nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a2abf6c4d29d: Pull complete 下载完成
a9edb18cadd1: Pull complete
589b7251471a: Pull complete
186b1aaa4aa6: Pull complete
b4df32aa5a72: Waiting 等待下载

2 观察容器运行情况

[root@localhost ~]# docker run -d nginx:latest
9834c8c18a7c7c89ab0ea4119d11bafe9c18313c8006bc02ce57ff54d9a1cc0c
命令解释说明
docker run启动一个容器
-d把容器镜像中需要执行的命令以daemon(守护进程)的方式运行
nginx应用容器镜像的名称,通常表示该镜像为某一个软件
latest表示上述容器镜像的版本,表示最新版本,用户可自定义其标识,例如v1或v2等
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE        COMMAND                  CREATED          STATUS        PORTS     NAMES
9834c8c18a7c   nginx:latest "/docker-entrypoint.…"   24 seconds ago   Up 23 seconds 80/tcp condescending_pare

命令解释

docker ps 类似于Linux系统的ps命令,查看正在运行的容器,如果想查看没有运行的容器,需要在此命令后使用 --all

输出内容解释

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
9834c8c18a7cnginx:latest“/docker-entrypoint.…”24 seconds agoUp 23 seconds80/tcpcondescending_pare
容器ID容器镜像容器中运行的命令容器创建时间容器状态容器提供访问应用端口容器名称

2_访问容器中运行的Nginx服务

1 确认容器IP地址

实际工作中不需要此步操作,9834 是容器ID缩写。

[root@localhost ~]# docker inspect 9834c8c18a7c
 
 "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2", 容器IP地址
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "d3de2fdbc30ee36a55c1431ef3ae4578392e552009f00b2019b4720735fe5a60",
                    "EndpointID": "d91f47c9f756ff22dc599a207164f2e9366bd0c530882ce0f08ae2278fb3d50c",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",   容器IP地址
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

命令解释

docker inspect 为查看容器结构信息命令

9834 为前面生成的容器ID号前4位,使用这个ID号时,由于其较长,使用时能最短识别即可。

2 容器网络说明

在这里插入图片描述

查看系统网络接口信息

ip a s # ip addr show

docker0网桥,用于为容器提供桥接,转发到主机之外的网络

5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:d5:c3:d4:cc brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:d5ff:fec3:d4cc/64 scope link
       valid_lft forever preferred_lft forever

与容器中的虚拟网络设备在同一个命名空间中,用于把容器中的网络连接到主机

9: veth393dece@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 02:e3:11:58:54:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::e3:11ff:fe58:540f/64 scope link
       valid_lft forever preferred_lft forever

3 使用curl命令访问

返回结果,表示访问成功!

[root@localhost ~]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

二、Docker命令

1_Docker命令获取帮助方法

[root@localhost ~]# docker -h
Flag shorthand -h has been deprecated, use --help

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Common Commands:
  run         Create and run a new container from an image
  exec        Execute a command in a running container
  ps          List containers
  build       Build an image from a Dockerfile
  pull        Download an image from a registry
  push        Upload an image to a registry
  images      List images
  login       Authenticate to a registry
  logout      Log out from a registry
  search      Search Docker Hub for images
  version     Show the Docker version information
  info        Display system-wide information

Management Commands:
  builder     Manage builds
  buildx*     Docker Buildx
  compose*    Docker Compose
  container   Manage containers
  context     Manage contexts
  image       Manage images
  manifest    Manage Docker image manifests and manifest lists
  network     Manage networks
  plugin      Manage plugins
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes

Swarm Commands:
  swarm       Manage Swarm

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  import      Import the contents from a tarball to create a filesystem image
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes

Global Options:
      --config string      Location of client config files (default "/root/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket to connect to
  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Run 'docker COMMAND --help' for more information on a command.

For more help on how to use Docker, head to https://docs.docker.com/go/guides/

2_Docker官网提供的命令说明

网址链接:https://docs.docker.com/reference/

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

3_docker命令应用

1 docker run

docker run -i -t --name c1 centos:latest bash
[root@948f234e22a1 /]#
命令解释
docker run运行一个命令在容器中,命令是主体,没有命令容器就会消亡
-i交互式
-t提供终端
–name c1把将运行的容器命名为c1
centos:latest使用centos最新版本容器镜像
bash在容器中执行的命令

注意看主机名

[root@948f234e22a1 /]#

查看网络信息

[root@948f234e22a1 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

查看进程

[root@948f234e22a1 /]# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.1  12036  2172 pts/0    Ss   09:58   0:00 bash
root         16  0.0  0.0  44652  1784 pts/0    R+   10:02   0:00 ps aux

查看用户

[root@948f234e22a1 /]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin

查看目录(跟我们系统基本一样)

[root@948f234e22a1 /]# pwd
/
[root@948f234e22a1 /]# ls
bin  etc   lib    lost+found  mnt  proc  run   srv  tmp  var
dev  home  lib64  media       opt  root  sbin  sys  usr

退出命令执行,观察容器运行情况

[root@948f234e22a1 /]# exit
exit
[root@localhost ~]#

2 docker ps

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

命令解释

docker ps 查看正在运行的容器,本案例由于没有命令在容器中运行,因此容器被停止了,所以本次查看没有结果。

[root@localhost ~]# docker ps --all
CONTAINER ID   IMAGE           COMMAND     CREATED             STATUS                         PORTS     NAMES
948f234e22a1   centos:latest   "bash"    10 minutes ago      Exited (0) 2 minutes ago                    c1
CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
948f234e22a1centos:latest“bash”10 minutes agoExited (0) 2 minutes agoc1

命令解释

docker ps --all 可以查看正在运行的和停止运行的容器

3 docker inspect

[root@localhost ~]# docker run -it --name c2 centos:latest bash
[root@b4182fd1f2cc /]# 

操作说明

在上述提示符处按住ctrl键,再按p键与q键,可以退出交互式的容器,容器会处于运行状态。

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED              STATUS              PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"    About a minute ago   Up About a minute             c2

命令解释

可以看到容器处于运行状态

[root@localhost ~]# docker inspect c2
"Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "d3de2fdbc30ee36a55c1431ef3ae4578392e552009f00b2019b4720735fe5a60",
                    "EndpointID": "d1a2b7609f2f73a6cac67229a4395eef293f695c0ac4fd6c9c9e6913c9c85c1c",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

命令解释

docker inpect 查看容器详细信息

4 docker exec

[root@localhost ~]# docker exec -it c2 ls /root
anaconda-ks.cfg  anaconda-post.log  original-ks.cfg
命令解释
docker exec在容器外实现与容器交互执行某命令
-it交互式
c2正在运行的容器名称
ls /root在正在运行的容器中运行相关的命令

下面命令与上面命令执行效果一致

[root@localhost ~]# docker exec c2 ls /root
anaconda-ks.cfg
anaconda-post.log
original-ks.cfg

5 docker attach

查看正在运行的容器

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED         STATUS         PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"    8 minutes ago   Up 8 minutes             c2
ef02ada6ba49   nginx:latest    "/docker-entrypoint.…"   2 hours ago      Up 4 seconds   80/tcp    cool_bardeen

进入容器内部

[root@localhost ~]# docker attach c2
[root@b4182fd1f2cc /]# 
命令解释
docker attach类似于ssh命令,可以进入到容器中
c2正在运行的容器名称

说明

docker attach 退出容器时,如不需要容器再运行,可直接使用exit退出;如需要容器继续运行,可使用ctrl+p+q

另外由于另外一个 nginx 容器并不是交互式的,所以不允许我们进入内部,如果尝试的话会卡住

docker attach cool_bardeen # 卡住,并且Ctrl+c退出时容器也会随之停止

6 docker stop

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED          STATUS          PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"    11 minutes ago   Up 11 minutes             c2
[root@localhost ~]# docker stop b4182
b4182
[root@localhost ~]# docker ps --all
CONTAINER ID   IMAGE           COMMAND                   CREATED             STATUS                         PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"                    12 minutes ago      Exited (0) 28 seconds ago                c2

支持批量停止以及使用容器名称

7 docker start

[root@localhost ~]# docker ps --all
CONTAINER ID   IMAGE           COMMAND                   CREATED             STATUS                         PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"                    12 minutes ago      Exited (0) 28 seconds ago                c2
[root@localhost ~]# docker start b4182
b4182
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED          STATUS          PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"    14 minutes ago   Up 16 seconds             c2

还可以批量开启,以及使用容器名称代替容器ID

8 docker top

在Docker Host查看容器中运行的进程信息

docker top c2

如下输出

UIDPIDPPIDCSTIMETTYTIMECMD
root394835394784018:37pts/000:00:00bash

命令解释

输出信息说明
UID容器中运行的命令用户ID
PID容器中运行的命令PID
PPID容器中运行的命令父PID,由于PPID是一个容器,此可指为容器在Docker Host中进程ID
C占用CPU百分比
STIME启动时间
TTY运行所在的终端
TIME运行时间
CMD执行的命令
[root@localhost ~]# ps aux | grep 394784
root      394784  0.0  0.4 1237928 15756 ?       Sl   05:43   0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id b4182fd1f2ccfea5799bd63206ed562c38e53b18c93def3a56262fd73122e8ab -address /run/containerd/containerd.sock
root      408828  0.0  0.0 221680  2304 pts/0    S+   05:47   0:00 grep --color=auto 394784
[root@localhost ~]# ps aux | grep 394835
root      394835  0.0  0.0  12052  3200 pts/0    Ss+  05:43   0:00 bash
root      399829  0.0  0.0 221680  2304 pts/0    S+   05:44   0:00 grep --color=auto 394835
[root@localhost ~]# docker exec -it c2 ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 21:43 pts/0    00:00:00 bash
root          14       0  0 21:45 pts/1    00:00:00 ps -ef

docker top 查看container内进程信息,指在docker host上查看,与docker exec -it c2 ps -ef不同。

另外一个容器中运行多个进程也是存在的,可以尝试去访问 nginx 看看。

9 docker rm

如果容器已停止,使用此命令可以直接删除;如果容器处于运行状态,则需要提前关闭容器后,再删除容器。

下面演示容器正在运行关闭后删除的方法。

指定删除容器

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED          STATUS          PORTS     NAMES
b4182fd1f2cc   centos:latest   "bash"    30 minutes ago   Up 16 minutes             c2

停止容器

docker stop c2 # 或 docker stop b4182fd1f2cc

删除容器

docker rm c2 # 或 docker rm b4182fd1f2cc

批量删除容器

-a--all 是等价的

[root@localhost ~]# docker ps -a 
CONTAINER ID   IMAGE           COMMAND                   CREATED             STATUS                        PORTS     NAMES
3bd60ca310ca   centos:latest   "bash"                    About an hour ago   Exited (127) 48 minutes ago             c1
c71fb30f25da   nginx:latest    "/docker-entrypoint.…"   2 hours ago         Exited (0) 2 hours ago                  zen_swirles
ef02ada6ba49   nginx:latest    "/docker-entrypoint.…"   2 hours ago         Exited (0) 20 minutes ago               cool_bardeen

批量删除容器:

docker ps --all | awk '{if (NR>=2){print $1}}' | xargs docker rm

上述命令可以把第一个命令执行的结果看作文本作为 awk 输入;awk 将从第二行开始,每行的第一个元素(元素以空格作为分隔)输出作为 xargs 的输入。


;