【笔记】Docker入门
2024-09-07 16:24:22
这个文章讲的比较透彻,就不复制粘贴了 《Docker从入门到实践》阅读笔记
Docker安装
环境
root@fudonghai:~# uname -a
Linux fudonghai 4.4.--generic #-Ubuntu SMP Mon Aug :: UTC x86_64 x86_64 x86_64 GNU/Linux
root@fudonghai:~# cat /etc/issue
Ubuntu 16.04. LTS \n \l
卸载旧版本
root@fudonghai:~# apt-get remove docker docker-engine docker.io
由于 apt 源使用 HTTPS 以确保软件下载过程中不被篡改。因此,我们首先需要添加使用 HTTPS 传输的软件包以及 CA 证书。
root@fudonghai:~# apt-get update
鉴于国内网络问题,强烈建议使用国内源,官方源请在注释中查看。为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥。
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # 官方源
# $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
然后,我们需要向 source.list 中添加 Docker 软件源,文件在/etc/apt/sources.list
$ sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \
$(lsb_release -cs) \
stable" # 官方源
# $ sudo add-apt-repository \
# "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
# $(lsb_release -cs) \
# stable"
终于开始安装dock了
root@fudonghai:~# apt-get update
root@fudonghai:~# apt-get install docker-ce
在aws上提示E: Package 'docker-ce' has no installation candidate,使用下面语句解决
sudo echo "deb https://download.docker.com/linux/ubuntu zesty edge" > /etc/apt/sources.list.d/docker.list sudo apt update && sudo apt install docker-ce
启动docker
root@fudonghai:~# systemctl enable docker
Synchronizing state of docker.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable docker
root@fudonghai:~# systemctl start docker
默认情况下,docker 命令会使用 Unix socket 与 Docker 引擎通讯。而只有 root 用户和 docker 组的用户才可以访问 Docker 引擎的 Unix socket。出于安全考虑,一般 Linux 系统上不会直接使用 root 用户。因此,更好地做法是将需要使用 docker 的用户加入 docker 用户组。
建立Docker组:
root@fudonghai:~# groupadd docker
groupadd: group 'docker' already exists
将当前用户加入docker组:
root@fudonghai:~# echo $USER
root
root@fudonghai:~# usermod -aG docker $USER
测试Docker是否安装正确
root@fudonghai:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f
Status: Downloaded newer image for hello-world:latest Hello from Docker!
This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps:
. The Docker client contacted the Docker daemon.
. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal. To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/ For more examples and ideas, visit:
https://docs.docker.com/get-started/
镜像加速器, 国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。
Ubuntu 16.04+、Debian 8+、CentOS 7
对于使用 systemd 的系统,请在 /etc/docker/daemon.json 中写入如下内容(如果文件不存在请新建该文件)
{
"registry-mirrors": [
"https://registry.docker-cn.com"
]
}
之后重启服务
root@fudonghai:~# systemctl daemon-reload
root@fudonghai:~# systemctl restart docker
root@fudonghai:~# docker info
Client:
Debug Mode: false
省略若干
Registry Mirrors:
https://registry.docker-cn.com/ #说明成功
Live Restore Enabled: false
nginx镜像和容器
后台运行nginx容器,如果本机没有镜像,则会先下载
root@fudonghai:~# docker run -d --name mynginx nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
f5d23c7fed46: Pull complete
918b255d86e5: Pull complete
8c0120a6f561: Pull complete
Digest: sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b
Status: Downloaded newer image for nginx:latest
c5a247c65e97cafec001d24f371b627201f3a57a4268fd8a9a26538897ac86ff
查看容器
root@fudonghai:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5a247c65e97 nginx "nginx -g 'daemon of…" minutes ago Up minutes /tcp mynginx
nginx容器使用attach命令进入,不仅进不去还会导致容器退出
root@fudonghai:~# docker attach c5a247c65e97
^C
root@fudonghai:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5a247c65e97 nginx "nginx -g 'daemon of…" minutes ago Exited () seconds ago mynginx
nsenter命令可以使用另外一个进程的命名空间,通过容器pid进入容器中
重新启动
root@fudonghai:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5a247c65e97 nginx "nginx -g 'daemon of…" minutes ago Exited () minutes ago mynginx
root@fudonghai:~# docker start c5a247c65e97
c5a247c65e97
root@fudonghai:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5a247c65e97 nginx "nginx -g 'daemon of…" minutes ago Up seconds /tcp mynginx
获取容器pid
root@fudonghai:~# docker inspect --format "{{.State.Pid}}" mynginx #或者c5a247c65e97
进入容器
root@fudonghai:~# nsenter --target --mount --uts --ipc --net --pid /bin/bash
在容器内找不到ps命令,原因是使用了nginx:latest版本不带,下次选一个带的
root@c5a247c65e97:/# ps -aux
bash: ps: command not found
于是自己装
root@c5a247c65e97:/# apt-get update root@c5a247c65e97:/# apt-get install procps
安装完后可以使用
root@c5a247c65e97:/# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 0.0 0.1 ? Ss : : nginx: master process nginx -g daemon off;
nginx 0.0 0.0 ? S : : nginx: worker process
root 0.0 0.0 ? S : : /bin/bash
root 0.0 0.0 ? R+ : : ps -aux
自己做了一个小试验,把这个容器停掉,重新启动,得到新的PID,然后进入,发现ps仍然可以,说明安装是有持久性的(但是新run起来的nginx镜像里面还是没有ps命令)
root@fudonghai:~# docker stop c5a247c65e97
c5a247c65e97
root@fudonghai:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5a247c65e97 nginx "nginx -g 'daemon of…" minutes ago Exited () seconds ago mynginx root@fudonghai:~# docker start c5a247c65e97
c5a247c65e97
root@fudonghai:~# docker inspect --format "{{.State.Pid}}" c5a247c65e97 root@fudonghai:~# nsenter --target --mount --uts --ipc --net --pid /bin/bash
root@c5a247c65e97:/# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 0.0 0.1 ? Ss : : nginx: master process nginx -g daemon off;
nginx 0.0 0.0 ? S : : nginx: worker process
root 0.0 0.0 ? S : : /bin/bash
root 0.0 0.0 ? R+ : : ps -aux
官方镜像的配置文件放在/etc/nginx
root@c5a247c65e97:/# cd /etc/nginx/
root@c5a247c65e97:/etc/nginx# ls
conf.d fastcgi_params koi-utf koi-win mime.types modules nginx.conf scgi_params uwsgi_params win-utf
root@c5a247c65e97:/etc/nginx# cat nginx.conf user nginx;
worker_processes ; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; events {
worker_connections ;
} http {
include /etc/nginx/mime.types;
default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
#tcp_nopush on; keepalive_timeout ; #gzip on; include /etc/nginx/conf.d/*.conf;
}
root@c5a247c65e97:/etc/nginx# cat conf.d/default.conf
server {
listen ;
server_name localhost; #charset koi8-r;
#access_log /var/log/nginx/host.access.log main; location / {
root /usr/share/nginx/html; #root目录很重要
index index.html index.htm;
} #error_page /.html; # redirect server error pages to the static page /50x.html
#
error_page /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#} # deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
做成一个in.sh脚本,方便使用,如./in.sh mynginx
#!/bin/bash
CNAME=$
CPID=$(docker inspect --format "{{.State.Pid}}" $CNAME)
nsenter --target "$CPID" --mount --uts --ipc --net --pid /bin/bash
不理解:nginx必须运行在前台,如果运行在后台就会退出
网络访问
主机端查看网络配置,发现docker0网桥,ip是172.17.0.1
root@fudonghai:~# ifconfig
docker0 Link encap:Ethernet HWaddr :::cd:6e:d0
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80:::65ff:fecd:6ed0/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (148.2 KB) TX bytes: (8.9 MB)
root@fudonghai:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/ 0.0.0.0/
DOCKER-ISOLATION-STAGE- all -- 0.0.0.0/ 0.0.0.0/
ACCEPT all -- 0.0.0.0/ 0.0.0.0/ ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/ 0.0.0.0/
ACCEPT all -- 0.0.0.0/ 0.0.0.0/
ACCEPT all -- 0.0.0.0/ 0.0.0.0/ Chain OUTPUT (policy ACCEPT)
target prot opt source destination Chain DOCKER ( references)
target prot opt source destination Chain DOCKER-ISOLATION-STAGE- ( references)
target prot opt source destination
DOCKER-ISOLATION-STAGE- all -- 0.0.0.0/ 0.0.0.0/
RETURN all -- 0.0.0.0/ 0.0.0.0/ Chain DOCKER-ISOLATION-STAGE- ( references)
target prot opt source destination
DROP all -- 0.0.0.0/ 0.0.0.0/
RETURN all -- 0.0.0.0/ 0.0.0.0/ Chain DOCKER-USER ( references)
target prot opt source destination
RETURN all -- 0.0.0.0/ 0.0.0.0/
NAT表
root@fudonghai:~# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ 0.0.0.0/ ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ !127.0.0.0/ ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 #做了一个地址转换 Chain DOCKER ( references)
target prot opt source destination
RETURN all -- 0.0.0.0/ 0.0.0.0/
进入容器看看能不能上网
root@fudonghai:~# ./in.sh mynginx
root@c5a247c65e97:/# ping www.baidu.com
bash: ping: command not found
然后发现ping也没有,抓狂,安装后测试可以上网
root@c5a247c65e97:/# apt-get install iputils-ping
root@c5a247c65e97:/# ping baidu.com
PING baidu.com (39.156.69.79) () bytes of data.
bytes from 39.156.69.79 (39.156.69.79): icmp_seq= ttl= time=4.40 ms
下面这个是管ifconfig的
apt-get install net-tools
下面这个管ip
apt-get install iproute2
查看路由表
root@c5a247c65e97:/# ip ro li
default via 172.17.0.1 dev eth0
172.17.0.0/ dev eth0 proto kernel scope link src 172.17.0.2
下面进行端口映射 -P,随机映射端口
root@fudonghai:~# docker run -d -P --name mynginx1 nginx
b43280a11ebb9cb4721c5e4d490960b144db66245ad03ca7399fbc6a2a5c0fec
root@fudonghai:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b43280a11ebb nginx "nginx -g 'daemon of…" seconds ago Up seconds 0.0.0.0:->/tcp mynginx1
浏览器测试http://114.115.147.49:32768/ 没有问题
使用-p,指定端口映射
root@fudonghai:~# docker run -d -p : --name mynginx2 nginx
3be3207d7d5c986c72aa485dc04af5d92475ab445641a0fc783c51f3348c4808
root@fudonghai:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3be3207d7d5c nginx "nginx -g 'daemon of…" seconds ago Up seconds 0.0.0.0:->/tcp mynginx2
删除容器后,使用ps -a就看不到了
root@fudonghai:~# docker rm b43280a11ebb
b43280a11ebb
root@fudonghai:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3be3207d7d5c nginx "nginx -g 'daemon of…" minutes ago Up minutes 0.0.0.0:->/tcp mynginx2
c5a247c65e97 nginx "nginx -g 'daemon of…" days ago Up days /tcp mynginx
数据管理
数据卷。绕过ufs,直接写在宿主机上
注意,nginx镜像不支持下面这种数据卷 -v 操作,运行会没有反应
root@fudonghai:~# docker run -it --name volume-test1 -v /data nginx
更换ubuntu镜像试试,成功
root@fudonghai:~# docker run -it --name volume-test1 -v /data ubuntu
Unable to find image 'ubuntu:latest' locally
开始下载镜像
root@06ccca061b5e:/# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 0.1 0.0 pts/ Ss : : /bin/bash
root 0.0 0.0 pts/ R+ : : ps -aux
root@06ccca061b5e:/# uname -a
Linux 06ccca061b5e 4.4.--generic #-Ubuntu SMP Mon Aug :: UTC x86_64 x86_64 x86_64 GNU/Linux
root@06ccca061b5e:/# cat /etc/issue
Ubuntu 18.04. LTS \n \l
在宿主机上使用查找挂载文件位置命令出错,可能是ubuntu问题,centos可能没问题
root@fudonghai:/# docker inspect -f {{.volumes}} volume-test1
Template parsing error: template: ::: executing "" at <.volumes>: map has no entry for key "volumes"
解决方法:
root@fudonghai:/# docker inspect volume-test1 | grep Mounts -A
"Mounts": [
{
"Type": "volume",
"Name": "e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4",
"Source": "/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data",
"Destination": "/data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
就是宿主机上/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data
对应容器内 /data
使用 echo 123 > test 测试成功
指定宿主机目录,挂载到容器内: -v 宿主机目录:容器内目录
root@fudonghai:/# docker run -it --name volume-test2 -v /opt:/opt ubuntu
root@80ea323125c5:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@80ea323125c5:/# echo hello world! > /opt/hello
root@80ea323125c5:/# cat /opt/hello
hello world!
root@80ea323125c5:/# exit
exit
root@fudonghai:/# cat /opt/hello
hello world!
数据卷容器,使用其他容器的数据卷,共享方式 --volumes-from 其他容器名
root@fudonghai:/# docker run -it --name volume-test4 --volumes-from volume-test1 ubuntu
新容器容器内的目录和 volume-test1相同,都是 /data
宿主机的目录都是 /var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data
构建镜像
先运行centos容器,然后进行nginx构建
root@fudonghai:/# docker run --name nginx-man -it centos
安装支持包
yum install -y wget gcc gcc-c++ make openssl-devel
如果在ubuntu下是:
apt-get update
apt-get install wget gcc make g++
apt-get install openssl libssl-dev
apt-get install zlib1g zlib1g.dev
下载nginx
wget http://nginx.org/download/nginx-1.9.3.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
解压
root@b69d51510091:/# mv *.gz /usr/local/src
root@b69d51510091:/# cd /usr/local/src/
root@b69d51510091:/usr/local/src# tar zxf pcre-8.38.tar.gz
root@b69d51510091:/usr/local/src# tar zxf nginx-1.9..tar.gz
root@b69d51510091:/usr/local/src# ls
nginx-1.9. nginx-1.9..tar.gz pcre-8.38 pcre-8.38.tar.gz
新建www用户
root@b69d51510091:/usr/local/src# useradd -s /sbin/nologin -M www
配置并安装
root@b69d51510091:/usr/local/src/nginx-1.9.# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38
[root@99925ed2ce2c nginx-1.9.]# make
[root@99925ed2ce2c nginx-1.9.]# make install
nginx得放到前台来运行
vi /usr/local/nginx/conf/nginx.conf
daemon off; #在第一行加入
在容器内配置启动nginx(后来证明不行,容器会退出)
[root@99925ed2ce2c nginx-1.9.]# vi /etc/rc.local
/usr/local/nginx/sbin/nginx #最后一行加入启动命令
退出容器后,提交镜像
root@fudonghai:/# docker commit -m "my nginx" 99925ed2ce2c fudonghai/my-nginx:v1
镜像已经准备好,开始运行
docker run -d -p : fudonghai/my-nginx:v1
运行后发现会退出,于是重新编辑,把新增的启动命令/usr/local/nginx/sbin/nginx删除掉
root@fudonghai:/# docker run -it fudonghai/my-nginx:v1
[root@f4fb55971ae6 /]# vi /etc/rc.local
退出重新提交,注意使用新的容器ID
[root@f4fb55971ae6 /]# exit
exit
root@fudonghai:/# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4fb55971ae6 fudonghai/my-nginx:v1 "/bin/bash" seconds ago Exited () seconds ago priceless_hertz
root@fudonghai:/# docker commit -m "v2" f4fb55971ae6 fudonghai/my-nginx:v2
把启动命令加到命令行里面,重新运行
root@fudonghai:/# docker run -d -p : fudonghai/my-nginx:v2 /usr/local/nginx/sbin/nginx
1def5a7d02ed582650cce692eb58c8c3d406f0821ac9af172f5e9e279cf0e884
root@fudonghai:/# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1def5a7d02ed fudonghai/my-nginx:v2 "/usr/local/nginx/sb…" seconds ago Up seconds 0.0.0.0:->/tcp adoring_chatelet
浏览器测试正常
使用DockerFile构建镜像
文件包含四类信息:
基础镜像信息
维护者信息
镜像操作指令
容器启动时执行指令
Dockerfile文件如下
# This is My first Dockerfile
# Version 1.0
# Author: fu #Base Image
FROM centos #MAINTAINER
MAINTAINER fu #ADD
ADD pcre-8.38.tar.gz /usr/local/src
ADD nginx-1.9..tar.gz /usr/local/src #RUN
RUN yum install -y wget gcc gcc-c++ make openssl-devel
RUN useradd -s /sbin/nologin -M www #WORKDIR
WORKDIR /usr/local/src/nginx-1.9.
RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38 && make && make install
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf ENV PATH /usr/local/nginx/sbin:$PATH
EXPOSE CMD ["nginx"] #搭配ENV PATH 使用,只需要使用nginx命令
步骤
1,在/opt/docker-file/nginx 下面准备文件,Dockerfile文件在上面,两个gz文件需要下载
root@fudonghai:/opt/docker-file/nginx# ls
Dockerfile nginx-1.9..tar.gz pcre-8.38.tar.gz
2,使用构建命令
docker build -t nginx-file:v1 /opt/docker-file/nginx/
3,查看构建的镜像
root@fudonghai:/opt/docker-file/nginx# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-file v1 54453e437d81 minutes ago 458MB
4,运行镜像
docker run -d -p : nginx-file:v1
Docker原理
Docker资源隔离
使用Linux 的LXC,具体是namespace功能。namespace分pid,net,ipc,mnt,uts,user,
Docker资源限制
使用 内核的cgroup进行资源限制。分CPU,内存,磁盘手动
使用压力测试工具stress
准备工作
root@fudonghai:/opt/docker-file# mkdir stress
root@fudonghai:/opt/docker-file# ls
nginx stress
root@fudonghai:/opt/docker-file# cd stress/
root@fudonghai:/opt/docker-file/stress# wget http://mirrors.aliyun.com/repo/epel-6.repo
Dockerfile
ROM centos
ADD epel-.repo /etc/yum.repos.d/
RUN yum -y install stress && yum clean all
ENTRYPOINT ["stress"]
构建镜像
docker build -t stress .
如果宿主机有1核cpu,使用--cpu 1 参数运行,如果启动2个容器,则各占50%。如果宿主机有2核,指定--cpu 2,则运行一个容器会启动两个进程,每个独占1个核
docker run -it --rm stress --cpu
使用-c 指定权重,默认是1024,-c 512 是一半的权重
docker run -it --rm -c stress --cpu
使用--cpuset-cpus=?,指定运行在那个cpu核上
docker run -it --rm --cpuset-cpus= stress --cpu
内存资源的限制,指定了128M,使用到128M就会退出
root@fudonghai:/opt/docker-file/stress# docker run -it --rm -m 128m stress --vm --vm-bytes 128m --vm-hang
WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
stress: info: [] dispatching hogs: cpu, io, vm, hdd
stress: FAIL: [] () <-- worker got signal
stress: WARN: [] () now reaping child worker processes
stress: FAIL: [] () kill error: No such process
stress: FAIL: [] () failed run completed in 0s
网络模式
默认使用桥接模式,主要依赖于iptables
root@fudonghai:/opt/docker-file/stress# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ 0.0.0.0/ ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ !127.0.0.0/ ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/ 0.0.0.0/
MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:
MASQUERADE tcp -- 172.17.0.3 172.17.0.3 tcp dpt: Chain DOCKER ( references)
target prot opt source destination
RETURN all -- 0.0.0.0/ 0.0.0.0/
DNAT tcp -- 0.0.0.0/ 0.0.0.0/ tcp dpt: to:172.17.0.4:
DNAT tcp -- 0.0.0.0/ 0.0.0.0/ tcp dpt: to:172.17.0.3:
host模式,容器和宿主机用同一个网络和端口
DockerRegistry
1,使用官方的http://dockerhub.com,需要注册一个用户名XXX,记住密码
登录
root@fudonghai:/opt/docker-file/stress# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.c
Username: XXX
Password:
推送之前先打一个tag
root@fudonghai:/opt/docker-file/stress# docker tag nginx-file:v1 XXX/nginx-file:v1
root@fudonghai:/opt/docker-file/stress# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-file v1 54453e437d81 hours ago 458MB
XXX/nginx-file v1 54453e437d81 hours ago 458MB
推送
root@fudonghai:/opt/docker-file/stress# docker push XXX/nginx-file:v1
The push refers to repository [docker.io/XXX/nginx-file]
44505ee7adb6: Pushed
3bb66e7316b0: Pushed
7a2f86e0f3b5: Pushed
895dd72590ac: Pushed
bca36cca1852: Pushed
e66e81338148: Pushed
d69483a6face: Pushed
v1: digest: sha256:0f26c5eacfe5b099b44841e490260d819c9168643fc75a60a4861896dd9e6bdd size:
登录https://cloud.docker.com/u/XXX/repository/list 可以查看上传完毕的镜像
2,使用阿里云,也需要有阿里云帐号XXX@XXX.com
登录
docker login --username=XXX@XXX.com registry.cn-beijing.aliyuncs.com
拉取
docker pull registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
打tag
docker tag [ImageId] registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
推送
docker push registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
推送例子
root@fudonghai:~# docker tag hello-world:latest registry.cn-beijing.aliyuncs.com/od/hello:v1
root@fudonghai:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest fce289e99eb9 months ago .84kB
registry.cn-beijing.aliyuncs.com/od/hello v1 fce289e99eb9 months ago .84kB
root@fudonghai:~# docker push registry.cn-beijing.aliyuncs.com/od/hello:v1
The push refers to repository [registry.cn-beijing.aliyuncs.com/od/hello]
af0b15c8625b: Pushed
v1: digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a size:
强制删除所有镜像,慎用
docker rmi -f $(docker images -q)
最新文章
- [hadoop in Action] 第3章 Hadoop组件
- 我是如何社工TDbank获取朋友隐私的
- 使用python selenium webdriver模拟浏览器
- 手工加载DLL
- Qt之窗体拖拽、自适应分辨率、自适应大小 good
- 解析CSS加密技术之“障眼法”
- 【转】phpmyadmin万能密码漏洞
- MYSQL存储过程,清除指前缀的定表名的数据
- Linux中oracle安装时候报ora-00119解决办法
- (原)下载pubFig的python代码
- Oracle常用查询
- 可视化之Berkeley Earth
- mybatis的使用
- C#嵌套类
- 闪电侠第四季/全集The Flash迅雷下载
- java request获取各种数据
- 04 Maven 仓库
- nodejs 搭建自己的简易缓存cache管理模块
- [转] 禁止ultraedit自动检查更新的方法
- NodeJ node.js基础