云原生之docker常用的容器管理命令 |
您所在的位置:网站首页 › docker start命令 › 云原生之docker常用的容器管理命令 |
|
docker容器的生命周期管理命令
一、docker create二、docker run2.1、常用选项2.2、系统2.3、网络2.4、健康检查
三、docker start/stop/restart四、docker kill五、docker rm六、docker pause/unpause总结后言
一、docker create
创建一个新的容器但不启动它。语法同docker run。 docker create [OPTIONS] CONTAINER示例: 在一个终端执行docker create,在另一个终端执行docker events。 # 第一个终端 fly@fly:~$ docker create nginx ae61ef82b9477f32607a6f4a438d1f02711ad0c77309808f075fa0a8c7e7a35a # 第二个终端 fly@fly:~$ docker events 2022-12-08T14:58:30.633969517Z container create ae61ef82b9477f32607a6f4a438d1f02711ad0c77309808f075fa0a8c7e7a35a (image=nginx, maintainer=NGINX Docker Maintainers , name=pedantic_poincare) 二、docker run创建一个新的容器并运行一个命令。 docker run [OPTIONS] IMAGE [COMMAND] [ARG...]帮助: fly@fly:~$ docker run --help Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: --add-host list Add a custom host-to-IP mapping (host:ip) -a, --attach list Attach to STDIN, STDOUT or STDERR --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --blkio-weight-device list Block IO weight (relative device weight) (default []) --cap-add list Add Linux capabilities --cap-drop list Drop Linux capabilities --cgroup-parent string Optional parent cgroup for the container --cgroupns string Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default) --cidfile string Write the container ID to the file --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit CPU real-time period in microseconds --cpu-rt-runtime int Limit CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID --detach-keys string Override the key sequence for detaching a container --device list Add a host device to the container --device-cgroup-rule list Add a rule to the cgroup allowed devices list --device-read-bps list Limit read rate (bytes per second) from a device (default []) --device-read-iops list Limit read rate (IO per second) from a device (default []) --device-write-bps list Limit write rate (bytes per second) to a device (default []) --device-write-iops list Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns list Set custom DNS servers --dns-option list Set DNS options --dns-search list Set custom DNS search domains --domainname string Container NIS domain name --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env list Set environment variables --env-file list Read in a file of environment variables --expose list Expose a port or a range of ports --gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs) --group-add list Add additional groups to join --health-cmd string Command to run to check health --health-interval duration Time between running the check (ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy --health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name --init Run an init inside the container that forwards signals and reaps processes -i, --interactive Keep STDIN open even if not attached --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC mode to use --isolation string Container isolation technology --kernel-memory bytes Kernel memory limit -l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels --link list Add link to another container --link-local-ip list Container IPv4/IPv6 link-local addresses --log-driver string Logging driver for the container --log-opt list Log driver options --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --mount mount Attach a filesystem mount to the container --name string Assign a name to the container --network network Connect a container to a network --network-alias list Add network-scoped alias for the container --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) --pid string PID namespace to use --pids-limit int Tune container pids limit (set -1 for unlimited) --platform string Set platform if server is multi-platform capable --privileged Give extended privileges to this container -p, --publish list Publish a container's port(s) to the host -P, --publish-all Publish all exposed ports to random ports --pull string Pull image before running ("always"|"missing"|"never") (default "missing") --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt list Security Options --shm-size bytes Size of /dev/shm --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout int Timeout (in seconds) to stop a container --storage-opt list Storage driver options for the container --sysctl map Sysctl options (default map[]) --tmpfs list Mount a tmpfs directory -t, --tty Allocate a pseudo-TTY --ulimit ulimit Ulimit options (default []) -u, --user string Username or UID (format: [:]) --userns string User namespace to use --uts string UTS namespace to use -v, --volume list Bind mount a volume --volume-driver string Optional volume driver for the container --volumes-from list Mount volumes from the specified container(s) -w, --workdir string Working directory inside the container 2.1、常用选项 –add-host:容器中hosts文件添加 host:ip 映射记录。 docker run --rm -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts -a, --attach:附加到 STDIN, STDOUT 或 STDERR。 docker run --rm -a stdin -a stdout -i -t ubuntu /bin/bash –cidfile:将容器id写入到指定文件。 docker run --rm --cidfile /tmp/idfile ubuntu -d, --detach:后台运行容器并打印容器id。–detach-keys:指定将容器切回后台的按键,默认:CTRL-p+CTRL-q。–disable-content-trust:跳过镜像验证,默认为TRUE。–domainname:设置容器网络服务域名。–entrypoint:覆盖镜像默认程序入口。 docker run --rm -it --entrypoint /bin/bash nginx -e, --env:设置环境变量。–env-file:从文件中读取环境变量。–expose:暴露一个或多个端口。–group-add:为容器用户添加更多用户组。 docker run --rm --group-add audio --group-add nogroup --group-add 777 ubuntu id -h, --hostname string:设置主机名。–init 在容器内运行init,转发信号并捕获进程。 # ps 对比容器的元祖进程 docker run --rm -it ubuntu bash docker run --rm -it --init ubuntu bash -i, --interactive:保持标准输入设备处于打开状态。-l, --label list:设置容器元数据labels。–label-file list:从文件中读取以换行作为分隔符的label。–link:添加一个其他容器的链接,及修改当容器的/etc/hosts文件。–log-driver:容器日志驱动,none、local、json-file、syslog、journald、gelf、fluentd、awslogs、splunk、etwlogs、gcplogs、logentries。–log-opt:日志驱动选项。–mount:将文件系统挂载到容器,与 -v 类似。 # 挂载volume docker run -t -i --rm --mount type=volume,target=/data ubuntu bash # 创建目录 mkdir /tmp/data # 修改目录所有权,仅当使用userns的情况下需要 sudo chown 165536:root /tmp/data # bind 磁盘已存在目录 docker run -t -i --rm --mount type=bind,src=/tmp/data,dst=/data ubuntu bash –name:指定容器名称。–privileged:授予容器超级权限。-p, --publish:发布容器端口都主机端口。-P, --publish-all:将所有暴露的端口发布到主机随机端口。–pull:运行前拉取图像,(always|missing|never),默认 missing。–pids-limit:限制容器中pid个数。–read-only :将容器跟文件系统装载为只读。–restart:当容器退出时的重启策略,默认为no。 no:当容器退出时,不要自动重新启动 on-failure[:max-retries]:仅当容器以非零退出状态退出时才重新启动。 always:无论退出状态如何,始终重新启动容器。无论容器的当前状态如何,容器也将始终在守护程序 启动时启动 unless-stopped:论退出状态如何,始终重新启动容器,包括守护程序启动时,除非容器在Docker守护 程序停止之前处于停止状态。 –rm:当容器退出时,自动删除容器。–sig-proxy:将接收到的信号代理到进程(默认为true)。–stop-signal:停止容器的信号(默认为“SIGTERM”)。–stop-timeout:容器停止超时时长,单位s。–tmpfs:装载tmpfs目录。 docker run -dit --rm --tmpfs /run1:rw,noexec,nosuid,size=65536k ubuntu bash -t, --tty:分配一个伪终端设备。-u, --user: 用户名或用户ID (格式: [:])。-v, --volume :绑定数据卷。–volume-driver:容器的可选卷驱动程序。–volumes-from:从指定的容器装载数据卷。-w, --workdir:容器内的工作目录。 2.2、系统 –cap-add:添加linux功能–cap-drop:删除linux功能 docker run --cap-add=ALL --cap-drop=MKNOD ... docker run --cap-add=SYS_ADMIN ... docker run --cap-add=CAP_SYS_ADMIN ... #示例: fly@fly:~$ docker run --cap-add=ALL --cap-drop=MKNOD nginx /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2022/12/09 14:44:55 [notice] 1#1: using the "epoll" event method 2022/12/09 14:44:55 [notice] 1#1: nginx/1.23.2 2022/12/09 14:44:55 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2022/12/09 14:44:55 [notice] 1#1: OS: Linux 5.4.0-135-generic 2022/12/09 14:44:55 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2022/12/09 14:44:55 [notice] 1#1: start worker processes 2022/12/09 14:44:55 [notice] 1#1: start worker process 29 2022/12/09 14:44:55 [notice] 1#1: start worker process 30 ^C2022/12/09 14:45:05 [notice] 1#1: signal 2 (SIGINT) received, exiting 2022/12/09 14:45:05 [notice] 30#30: exiting 2022/12/09 14:45:05 [notice] 29#29: exiting 2022/12/09 14:45:05 [notice] 30#30: exit 2022/12/09 14:45:05 [notice] 29#29: exit 2022/12/09 14:45:05 [notice] 1#1: signal 17 (SIGCHLD) received from 30 2022/12/09 14:45:05 [notice] 1#1: worker process 29 exited with code 0 2022/12/09 14:45:05 [notice] 1#1: worker process 30 exited with code 0 2022/12/09 14:45:05 [notice] 1#1: exit –isolation:指定容器的隔离技术。linux系统:只支持default,即linux命名空间隔离技术。 windows系统:default:表示使用docker守护进程配置的选项,否则默认使用process选项。 process:命名空间隔离 hyperv:基于Hyper-V 管理程序基于分区的隔离 –platform:设置平台,如果服务器支持多个平台。–runtime:用于此容器使用的运行时。–security-opt:通过指定–security opt标志来覆盖每个容器的默认标签方案。–shm-size:设置/dev/shm设备的大小,/dev/shm是一个基于内存的临时文件系统。–storage-opt:容器的存储驱动程序选项–sysctl:设置系统参数,默认 map[]。–ulimit:设置Ulimit选项,默认[]。 2.3、网络 –ip:ip4地址。–ip6:ip6地址。–dns 设置自定义dns服务器,将修改容器中 /etc/resolv.conf 文件。–dns-option:设置DNS选项,将修改容器中 /etc/resolv.conf 文件。–dns-search:设置自定义DNS搜索域名,将修改容器中 /etc/resolv.conf 文件。–link-local-ip:设置一个或多个容器的以太网设备的链路本地IPv4/IPv6地址。–mac-address:容器Mac地址。–network:将容器加入到指定网络。–network-alias:为容器添加网络范围的别名。 2.4、健康检查 –health-cmd:健康检查命令。–health-interval:健康检查频率(ms|s|m|h),默认0s。–health-retries:健康检查重试次数,连续失败指定次数则判断为不健康。–health-start-period:设置启动容器的初始化时间,在此期间的健康检查不作为参考依据,(ms|s|m|h),默认0s。–health-timeout:每一次检查超时时间(ms|s|m|h),默认0s。–no-healthcheck:禁用健康检查。示例: docker run --rm --health-cmd "curl http://localhost" --health-interval 2s --health-retries 5 --health-start-period 10s --health-timeout 1s nginx /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2022/12/09 14:51:51 [notice] 1#1: using the "epoll" event method 2022/12/09 14:51:51 [notice] 1#1: nginx/1.23.2 2022/12/09 14:51:51 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2022/12/09 14:51:51 [notice] 1#1: OS: Linux 5.4.0-135-generic 2022/12/09 14:51:51 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2022/12/09 14:51:51 [notice] 1#1: start worker processes 2022/12/09 14:51:51 [notice] 1#1: start worker process 29 2022/12/09 14:51:51 [notice] 1#1: start worker process 30 127.0.0.1 - - [09/Dec/2022:14:51:53 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.74.0" "-" 127.0.0.1 - - [09/Dec/2022:14:51:55 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.74.0" "-" 127.0.0.1 - - [09/Dec/2022:14:51:57 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.74.0" "-" 三、docker start/stop/restart docker start :启动一个或多个已经被停止的容器。 docker start [OPTIONS] CONTAINER [CONTAINER...] docker stop :停止一个运行中的容器。 docker stop [OPTIONS] CONTAINER [CONTAINER...] docker restart :重启容器。 docker restart [OPTIONS] CONTAINER [CONTAINER...]示例: docker restart mynginx docker stop mynginx docker start mynginx 四、docker kill杀掉一个运行中的容器。 docker kill [OPTIONS] CONTAINER [CONTAINER...]OPTIONS说明: -s :向容器发送一个信号。 命令默认信号量默认信号量的值killTERM15docker killKILL9docker stopTERM15示例: docker kill -s KILL mynginx docker kill -s TERM mynginx如果容器终止时的状态对用户而言很重要,用户可能会想要了解docker kill 和docker stop之间的区别。docker kill 的行为和标准的kill 命令行程序并不相同。kill 程序的默认工作方式是向指定的进程发送 TERM信号(即信号值为15)。这个信号表示程序应该被终止,但是不要强迫程序终止。当这个信号被处理时,大多数程序将执行某种清理工作,但是该程序也可以执行其他操作,包括忽略该信号。 而docker kill 对正在运行的程序使用的是KILL信号,这使得该进程没办法处理终止过程。这就意味着一些诸如包含运行进程ID之类的文件可能会残留在文件系统中。根据应该用程序管理状态的能力,如果再次启动容器,这可能会也可能不会造成问题。docker stop 命令则像kill 命令那样工作,发送的是一个TERM型号。 五、docker rm删除一个或多个容器。 docker rm [OPTIONS] CONTAINER [CONTAINER...]OPTIONS说明: -f :通过 SIGKILL 信号强制删除一个运行中的容器。 -l :移除容器间的网络连接,而非容器本身。 -v :删除与容器关联的卷。 示例: 删除所有的容器。 docker rm `docker ps -f status=exited -q` fly@fly:~$ docker rm `docker ps -f status=exited -q` 002e50006cc4 14ccc9a0dc5a 36f6736b9c62 cf6976e1333f 1f2d1a8d657f 361a3588db08 5b94ae9400df fly@fly:~$ fly@fly:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 六、docker pause/unpause docker pause :暂停容器中所有的进程。docker unpause :恢复容器中所有的进程。 docker pause CONTAINER [CONTAINER...] docker unpause CONTAINER [CONTAINER...] 总结(1)docker的create命令和run命令区别在于create只创建容器,而run命令除了创建容器还会连接网络和启动容器;start命令会连接网络和启动容器。即docker run = docker create + docker start。 (2)docker stop发送的信号值默认是15,但是nginx构建的时候会指定为3;docker kill发送的信号值是9,强制删除。 (3)docker run使用最多的参数: -d, --detach:后台运行容器并打印容器id。-i, --interactive:保持标准输入设备处于打开状态。-t, --tty:分配一个伪终端设备。–rm:当容器退出时,自动删除容器。-p, --publish:发布容器端口和主机端口的映射。-P, --publish-all:将所有暴露的端口发布到主机随机端口。–entrypoint:覆盖镜像默认程序入口。–name:指定容器名称。–health-cmd:健康检查命令。 后言本专栏知识点是通过的系统学习,进行梳理总结写下文章,对c/c++linux系统提升感兴趣的读者,可以点击链接查看详细的服务:C/C++服务器开发 。 |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |