容器(Container)是Docker中最重要的概念之一,他是镜像的运行实体,是一个应用运行和所需运行环境的结合体。从现在开始,忘掉“臃肿”的虚拟机吧,对容器进行操作就跟直接操作应用一样简单、快速。
docker create
docker create 命令可以用来创建一个容器,该命令支持的参数纷繁复杂,可以输入 docker create --help 来查看该命令的使用方法
[root@localhost go]# docker create --help
Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
Create a new container
-a, --attach=[] Attach to STDIN, STDOUT or STDERR
--add-host=[] Add a custom host-to-IP mapping (host:ip)
--blkio-weight=0 Block IO (relative weight), between 10 and 1000
-c, --cpu-shares=0 CPU shares (relative weight)
--cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities
--cgroup-parent= Optional parent cgroup for the container
--cidfile= Write the container ID to the file
--cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota=0 Limit the CPU CFS quota
--cpuset-cpus= CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems= MEMs in which to allow execution (0-3, 0,1)
--device=[] Add a host device to the container
--dns=[] Set custom DNS servers
--dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables
--entrypoint= Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports
-h, --hostname= Container host name
--help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached
--ipc= IPC namespace to use
-l, --label=[] Set meta data on a container
--label-file=[] Read in a line delimited file of labels
--link=[] Add link to another container
--log-driver= Logging driver for container
--log-opt=[] Log driver options
--lxc-conf=[] Add custom lxc options
-m, --memory= Memory limit
--mac-address= Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-swap= Total memory (memory + swap), '-1' to disable swap
--name= Assign a name to the container
--net=bridge Set the Network mode for the container
--oom-kill-disable=false Disable OOM Killer
-P, --publish-all=false Publish all exposed ports to random ports
-p, --publish=[] Publish a container's port(s) to the host
--pid= PID namespace to use
--privileged=false Give extended privileges to this container
--read-only=false Mount the container's root filesystem as read only
--restart=no Restart policy to apply when a container exits
--security-opt=[] Security Options
-t, --tty=false Allocate a pseudo-TTY
-u, --user= Username or UID (format: <name|uid>[:<group|gid>])
--ulimit=[] Ulimit options
--uts= UTS namespace to use
-v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir= Working directory inside the container
[root@localhost go]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos v7.0 fae454d6fc7b 2 weeks ago 434.5 MB
mysql 5.6.37 c6d1fd492efc 3 weeks ago 299 MB
ubuntu 14.04 b44ce450cb60 4 weeks ago 188 MB
quay.io/coreos/etcd v3.0.4 3b17a5f34e6c 14 months ago 43.3 MB
hub.c.163.com/public/ubuntu 14.04 f6a575b7c805 19 months ago 237.1 MB
[root@localhost go]# docker create -it centos:v7.0 "/bin/bash"
20fb80443f2a6dc8b9e2eaca96301f3d89688b1013caf7b7a226041a96ebc557
-t 参数 用来分配一个伪终端并绑定到容器的标准输入上,-i 和 -t 通常配合使用,让我们可以在容器中执行shell命令
docker ps
docker ps 命令可以列出当前已经创建的容器,默认只列出正在运行的容器,加上 -a 参数可以列出所有
[root@localhost go]# docker ps --help
Usage: docker ps [OPTIONS]
List containers
-a, --all=false Show all containers (default shows just running)
--before= Show only container created before Id or Name
-f, --filter=[] Filter output based on conditions provided
--help=false Print usage
-l, --latest=false Show the latest created container, include non-running
-n=-1 Show n last created containers, include non-running
--no-trunc=false Don't truncate output
-q, --quiet=false Only display numeric IDs
-s, --size=false Display total file sizes
--since= Show created since Id or Name, include non-running
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost go]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20fb80443f2a centos:v7.0 "/bin/bash" 11 minutes ago distracted_lumiere
aa670a3b8038 ubuntu:14.04 "/bin/bash" 2 weeks ago Exited (0) 2 weeks ago grave_lovelace
bf2565b8f666 hub.c.163.com/public/ubuntu:14.04 "/bin/sh -c '/usr/sb 2 weeks ago Exited (130) 2 weeks ago silly_pare
3bef58fab95a quay.io/coreos/etcd:v3.0.4 "/usr/local/bin/etcd 3 weeks ago Exited (0) 3 weeks ago adoring_turing
当然创建和启动容器也可以一步完成,使用docker run 命令,该命令相当于docker create + docker start命令,docker run 命令支持的参数和docker create 基本一致。
docker run命令的执行步骤大致如下:
·检查本地是否存在指定的镜像,不存在就从公有仓库下载;
·利用镜像创建一个容器,并启动该容器;
·分配一个文件系统给容器,并在只读的镜像层外面挂载一层可读写层;
·从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中;
·从网桥的地址池配置一个IP地址给容器;
·执行用户指定的应用程序;
·执行完毕后容器被自动终止。
[root@localhost go]# docker run centos:v7.0 /bin/echo "hello world"
hello wrold
[root@localhost go]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bfec95da73a6 centos:v7.0 "/bin/echo 'hello wo 6 seconds ago Exited (0) 5 seconds ago silly_sinoussi
docker run 命令如果没有指定COMMAND,则会用镜像指定的默认COMMAND,如果镜像也没有指定COMMAND,则会抛出错误。
[root@localhost go]# docker run -d nginx:latest
3882e9573be8c85a42c4a46d3c2bd4e42c8fd01f0491ae053296bc2b517bf342
[root@localhost go]# docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3882e9573be8c85a42c4a46d3c2bd4e42c8fd01f0491ae053296bc2b517bf342 nginx:latest "nginx -g 'daemon off;'" 21 seconds ago
[root@localhost go]# docker run centos:v7.0
Error response from daemon: No command specified
-d 参数可以让容器在后台运行。可以看到这里的nginx镜像的默认COMMAND 为 “nginx -g 'daemon off;'”,而centos镜像没有指定默认的COMMAND,所以不指定COMMAND会报错,可以用上篇提到的docker inspect 命令来查看镜像的默认COMMAND
使用前面提到的 -it 参数可以打开一个伪终端来供我们在容器中执行shell命令,像操作本地机器一样方便
[root@localhost ~]# docker exec -it centos:v7.0 /bin/bash
[root@4b9028589de7 /]# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
17 ? 00:00:00 ps
[root@4b9028589de7 /]# whoami
root
[root@4b9028589de7 /]# ls
bin boot dev etc fastboot home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@4b9028589de7 /]# exit
exit
docker logs
对于运行在后台的容器(使用 docker run -d),容器的标准输出会被重定向写入相应的日志文件中,这时如果我们想要看这个容器的标准输出,可以使用 docker logs 命令
[root@localhost ~]# docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
-f, --follow=false Follow log output
--help=false Print usage
--since= Show logs since timestamp
-t, --timestamps=false Show timestamps
--tail=all Number of lines to show from the end of the logs
#!/bin/sh
while [[ 1 ]]
do
echo "hello docker"
sleep 2
done
[root@localhost ~]# docker run -d centos:hello-docker /bin/sh /usr/local/bin/hello.sh
e2fa608635bddaca537a2a850f6d25259f6f54f98428be6a0fc96a771ad478f6
[root@localhost ~]# docker logs -f e2f
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
docker start/stop
docker stop 命令停止一个或多个容器的运行,实现机制是先向容器发送一个SIGTERM信号,过一段时间再发送一个SIGKILL信号,这样就确保了能够结束进程。
[root@localhost go]# docker stop 20f
20f
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
docker start 命令可以重新启动停止了的一个或多个容器
[root@localhost go]# docker start --help
Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
Start one or more stopped containers
-a, --attach=false Attach STDOUT/STDERR and forward signals
--help=false Print usage
-i, --interactive=false Attach container's STDIN
[root@localhost go]# docker start 20fb
20fb
[root@localhost go]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20fb80443f2a centos:v7.0 "/bin/bash" 25 minutes ago Up 4 seconds distracted_lumiere
docker exec
对于容器来说,通常我们都是让其在后台运行,比如对于nginx来说,我们通常这样启动容器
[root@localhost ~]# docker run -d -p 8080:80 nginx:latest nginx -g 'daemon off;'
b0a3266aaf05a9b7b5a7d910716c37a32330f0a5f9a34481679619c7217b5bb9
[root@localhost ~]# curl '127.0.0.1:8080'
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-p 参数可以将容器的端口映射到宿主机的指定端口
我们知道,一个容器通常只能运行一个COMMAND,这时如果我还想在容器中执行其他命令该怎么办呢,比如在nginx容器中运行bash,docker exec命令可以实现该功能
[root@localhost ~]# docker exec --help
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
-d, --detach=false Detached mode: run command in the background
--help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached
-t, --tty=false Allocate a pseudo-TTY
-u, --user= Username or UID (format: <name|uid>[:<group|gid>])
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0a3266aaf05 nginx:latest "nginx -g 'daemon of 13 minutes ago Up 13 minutes 0.0.0.0:8080->80/tcp cocky_lumiere
[root@localhost ~]# docker exec -it b0a /bin/bash
root@b0a3266aaf05:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@b0a3266aaf05:/# cd /etc/
root@b0a3266aaf05:/etc# ls
adduser.conf debconf.conf fonts gshadow- issue.net localtime mtab pam.d rc1.d rcS.d shadow subuid
alternatives debian_version fstab host.conf kernel login.defs nginx passwd rc2.d resolv.conf shadow- systemd
apt default gai.conf hostname ld.so.cache logrotate.d nsswitch.conf passwd- rc3.d rmt shells terminfo
bash.bashrc deluser.conf group hosts ld.so.conf machine-id opt profile rc4.d securetty skel timezone
bindresvport.blacklist dpkg group- init.d ld.so.conf.d mke2fs.conf os-release profile.d rc5.d security staff-group-for-usr-local ucf.conf
cron.daily environment gshadow issue libaudit.conf motd pam.conf rc0.d rc6.d selinux subgid update-motd.d
root@b0a3266aaf05:/etc# cat nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
root@b0a3266aaf05:/etc# exit
exit
上面我们进入到容器中,查看了nginx的配置文件然后退出,整个过程没有影响到容器的运行。
docker rm
docker rm 命令可以删除一个或多个容器,默认只能删除已停止的容器,如果想删除正在运行的容器,可以加 -f 参数,这样docker会先尝试终止容器运行,然后再删除容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0a3266aaf05 nginx:latest "nginx -g 'daemon of 17 minutes ago Exited (0) 3 seconds ago cocky_lumiere
4b9028589de7 centos:v7.0 "/bin/bash" 50 minutes ago Exited (0) 48 minutes ago happy_heisenberg
aa670a3b8038 ubuntu:14.04 "/bin/bash" 2 weeks ago Exited (0) 2 weeks ago grave_lovelace
bf2565b8f666 hub.c.163.com/public/ubuntu:14.04 "/bin/sh -c '/usr/sb 3 weeks ago Exited (130) 3 weeks ago silly_pare
3bef58fab95a quay.io/coreos/etcd:v3.0.4 "/usr/local/bin/etcd 3 weeks ago Exited (0) 3 weeks ago adoring_turing
[root@localhost ~]# docker rm b0a 4b9
b0a
4b9
docker commit
当我们在一个容器中做了一些更改之后,想要保存这些更改方便以后使用,我们可以使用 docker commit 提交更改,这样会在本地生成一个新的镜像,这个镜像保存了你之前所做的所有修改。
[root@localhost sshd_ubuntu]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
-a, --author= Author (e.g., "John Hannibal Smith <[email protected]>")
-c, --change=[] Apply Dockerfile instruction to the created image
--help=false Print usage
-m, --message= Commit message
-p, --pause=true Pause container during commit
[root@localhost sshd_ubuntu]# docker run -d -p 8080:80 nginx:latest
ffa8237fe81a34e13c0ef7c13ec0dd52775fee0e2e9f377e6924929ac4eb7915
[root@localhost sshd_ubuntu]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffa8237fe81a nginx:latest "nginx -g 'daemon of 3 seconds ago Up 3 seconds 0.0.0.0:8080->80/tcp compassionate_lumiere
[root@localhost sshd_ubuntu]# docker exec -it ffa /bin/bash
root@ffa8237fe81a:/# echo "Hello,docker!" > /usr/share/nginx/html/test.html
root@ffa8237fe81a:/# ls /usr/share/nginx/html/test.html
/usr/share/nginx/html/test.html
root@ffa8237fe81a:/# exit
[root@localhost sshd_ubuntu]# curl '127.0.0.1:8080/test.html'
Hello,docker!
[root@localhost sshd_ubuntu]# docker commit -m "创建test.html" ffa nginx:myself
ffbf82fc975d8804bdd0f219e038be0c4f788303938671ae1db61be9bb6703e0
[root@localhost sshd_ubuntu]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
nginx myself ffbf82fc975d 40 seconds ago 108.3 MB
docker export/import
有时我们需要将一个容器迁移到另一个容器上,这时我们使用docker提供的导入导出命令(docker import/export)就可以很方便的将容器导出成备份文件,然后再从备份文件导入成镜像。
[root@localhost ~]# docker export --help
Usage: docker export [OPTIONS] CONTAINER
Export a filesystem as a tar archive (streamed to STDOUT by default)
--help=false Print usage
-o, --output= Write to a file, instead of STDOUT
[root@localhost containers]# docker export -o nginx-1017.tar 1b6
[root@localhost containers]# ls
nginx-1017.tar
[root@localhost containers]# docker import --help
Usage: docker import [OPTIONS] URL|- [REPOSITORY[:TAG]]
Create an empty filesystem image and import the contents of the
tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then
optionally tag it.
-c, --change=[] Apply Dockerfile instruction to the created image
--help=false Print usage
docker import URL 表示从某个URL读取镜像文件
docker import - 表示从标准输入读取镜像文件
比如导入之前的nginx-1017.tar
[root@localhost containers]# cat nginx-1017.tar | docker import - nginx:backup
410962fdbc386075569f135b725baaf684708947aee2f3e0f4b4281522f73b49
[root@localhost containers]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
nginx backup 410962fdbc38 7 seconds ago 106.6 MB
nginx latest 2ecc072be0ec 6 days ago 108.3 MB
ubuntu 14.04 b44ce450cb60 4 weeks ago 188 MB
[root@localhost containers]#
文章浏览阅读645次。这个肯定是末尾的IDAT了,因为IDAT必须要满了才会开始一下个IDAT,这个明显就是末尾的IDAT了。,对应下面的create_head()代码。,对应下面的create_tail()代码。不要考虑爆破,我已经试了一下,太多情况了。题目来源:UNCTF。_攻防世界困难模式攻略图文
文章浏览阅读2.9k次,点赞3次,收藏10次。偶尔会用到,记录、分享。1. 数据库导出1.1 切换到dmdba用户su - dmdba1.2 进入达梦数据库安装路径的bin目录,执行导库操作 导出语句:./dexp cwy_init/[email protected]:5236 file=cwy_init.dmp log=cwy_init_exp.log 注释: cwy_init/init_123..._达梦数据库导入导出
文章浏览阅读1.9k次。1. 在官网上下载KindEditor文件,可以删掉不需要要到的jsp,asp,asp.net和php文件夹。接着把文件夹放到项目文件目录下。2. 修改html文件,在页面引入js文件:<script type="text/javascript" src="./kindeditor/kindeditor-all.js"></script><script type="text/javascript" src="./kindeditor/lang/zh-CN.js"_kindeditor.js
文章浏览阅读2.3k次,点赞6次,收藏14次。SPI的详情简介不必赘述。假设我们通过SPI发送0xAA,我们的数据线就会变为10101010,通过修改不同的内容,即可修改SPI中0和1的持续时间。比如0xF0即为前半周期为高电平,后半周期为低电平的状态。在SPI的通信模式中,CPHA配置会影响该实验,下图展示了不同采样位置的SPI时序图[1]。CPOL = 0,CPHA = 1:CLK空闲状态 = 低电平,数据在下降沿采样,并在上升沿移出CPOL = 0,CPHA = 0:CLK空闲状态 = 低电平,数据在上升沿采样,并在下降沿移出。_stm32g431cbu6
文章浏览阅读1.2k次,点赞2次,收藏8次。数据链路层习题自测问题1.数据链路(即逻辑链路)与链路(即物理链路)有何区别?“电路接通了”与”数据链路接通了”的区别何在?2.数据链路层中的链路控制包括哪些功能?试讨论数据链路层做成可靠的链路层有哪些优点和缺点。3.网络适配器的作用是什么?网络适配器工作在哪一层?4.数据链路层的三个基本问题(帧定界、透明传输和差错检测)为什么都必须加以解决?5.如果在数据链路层不进行帧定界,会发生什么问题?6.PPP协议的主要特点是什么?为什么PPP不使用帧的编号?PPP适用于什么情况?为什么PPP协议不_接收方收到链路层数据后,使用crc检验后,余数为0,说明链路层的传输时可靠传输
文章浏览阅读587次。软件测试工程师移民加拿大 无证移民,未受过软件工程师的教育(第1部分) (Undocumented Immigrant With No Education to Software Engineer(Part 1))Before I start, I want you to please bear with me on the way I write, I have very little gen...
文章浏览阅读304次。Thinkpad X250笔记本电脑,装的是FreeBSD,进入BIOS修改虚拟化配置(其后可能是误设置了安全开机),保存退出后系统无法启动,显示:secure boot failed ,把自己惊出一身冷汗,因为这台笔记本刚好还没开始做备份.....根据错误提示,到bios里面去找相关配置,在Security里面找到了Secure Boot选项,发现果然被设置为Enabled,将其修改为Disabled ,再开机,终于正常启动了。_安装完系统提示secureboot failure
文章浏览阅读10w+次,点赞93次,收藏352次。1、用strtok函数进行字符串分割原型: char *strtok(char *str, const char *delim);功能:分解字符串为一组字符串。参数说明:str为要分解的字符串,delim为分隔符字符串。返回值:从str开头开始的一个个被分割的串。当没有被分割的串时则返回NULL。其它:strtok函数线程不安全,可以使用strtok_r替代。示例://借助strtok实现split#include <string.h>#include <stdio.h&_c++ 字符串分割
文章浏览阅读2.3k次。1 .高斯日记 大数学家高斯有个好习惯:无论如何都要记日记。他的日记有个与众不同的地方,他从不注明年月日,而是用一个整数代替,比如:4210后来人们知道,那个整数就是日期,它表示那一天是高斯出生后的第几天。这或许也是个好习惯,它时时刻刻提醒着主人:日子又过去一天,还有多少时光可以用于浪费呢?高斯出生于:1777年4月30日。在高斯发现的一个重要定理的日记_2013年第四届c a组蓝桥杯省赛真题解答
文章浏览阅读851次,点赞17次,收藏22次。摘要:本文利用供需算法对核极限学习机(KELM)进行优化,并用于分类。
文章浏览阅读1.1k次。一、系统弱密码登录1、在kali上执行命令行telnet 192.168.26.1292、Login和password都输入msfadmin3、登录成功,进入系统4、测试如下:二、MySQL弱密码登录:1、在kali上执行mysql –h 192.168.26.129 –u root2、登录成功,进入MySQL系统3、测试效果:三、PostgreSQL弱密码登录1、在Kali上执行psql -h 192.168.26.129 –U post..._metasploitable2怎么进入
文章浏览阅读257次。本文将为初学者提供Python学习的详细指南,从Python的历史、基础语法和数据类型到面向对象编程、模块和库的使用。通过本文,您将能够掌握Python编程的核心概念,为今后的编程学习和实践打下坚实基础。_python人工智能开发从入门到精通pdf