Docker

Docker
docker image rm <image_id> # delete a image. -f force

OS Config

systemctl stop apparmor && systemctl disable apparmor

CLI

docker run

从 image 创建一个新的 container 并启动。Docs

# CMD 默认直接执行,覆盖 Dockerfile里的 CMD 配置。但如果Dockerfile里定义了ENTRYPOINT, 则CMD会作为附加参数传给ENTRYPOINT
docker run <image_id> [CMD]
# 少部分 image (如 jenkins)需要指定 -u 0 才能以 root 用户身份执行
docker run -it <image_id> -u 0 bash
  • --name name : 指定容器的 name。
  • --hostname hostname : 指定 hostname(默认使用容器的 name 作为 hostname)。相同 network 里的容器之间可以通过 hostname 互相访问。因为 Docker 引擎启动容器里会向 /etc/resolv.conf 写入 "nameserver 127.0.0.11"。127.0.0.11 是 Docker 引擎内部提供的 DNS 服务器。
  • --network net : 指定 network。默认为全局的 "bridge"
  • -d : detech。以后台(持久)进程方式启动container。
  • -i : interactive。Keep STDIN open even if not attached
  • -t : Allocate a pseudo-TTY
    • -it : 常常合用 -it 参数。Assign name and allocate pseudo-TTY。可用于进入container里的shell交互环境
  • -e "ENV=value" : 设置环境变量。可多次使用。
    • -e TZ=Etc/UTC : 容器使用 UTC 时区
  • -p 0.0.0.0:8080:80/tcp : 将container里的80端口映射到主机0.0.0.0的8080端口。支持 tcp / udp。可多次使用。绑定的IP地址部分可选(默认 "0.0.0.0:")
  • -v /var/data:/data : "挂载" host 的 /var/data 到 container 里的 /data。本地路径参数部分也可以填写 Docker volume name。
  • --rm : "一次性运行",container进程退出时删除docker记录(即 docker ps -a 里看到的)。

docker build

docker build -t name[:tag] context

context 根目录下需要有 Dockerfile

context 参数可以使用 github / bitbucket 的远程 URL

/var/run/docker.sock

可以与 Docker 管理进程通信的 unix socket. 可以用 -v 挂载到容器里实现容器控制 Docker host。

Example

# display docker version
curl --silent -XGET --unix-socket /run/docker.sock http://localhost/version | jq .

# list containers
curl --silent -XGET --unix-socket /run/docker.sock -H 'Content-Type: application/json' http://localhost/containers/json | jq .

# displayer container details
curl --silent -XGET --unix-socket /run/docker.sock -H 'Content-Type: application/json' http://localhost/containers/1c022ba8c88382b1bad03c5d32146f66b698b5211ea37057cb56f76537228b0e/json | jq .

Others

  • docker stop container_id : 结束 container (并销毁之?)。

Tips

Networks

network 作用是隔离不同 containers 的虚拟网络。同一 network 里的不同 containers 直接可以通过 name 互相访问 (Docker 自动写入 hosts)

Manage volumes

# docker volume create --name test

# docker volume ls
DRIVER              VOLUME NAME
local               1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
local               2f13b0cec834a0250845b9dcb2bce548f7c7f35ed9cdaa7d5990bf896e952d02
local               test

# docker inspect 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
[
    {
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465/_data",
        "Name": "1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465",
        "Options": {},
        "Scope": "local"
    }
]

Migration from devicemapper

https://stackoverflow.com/questions/37672018/clean-docker-environment-devicemapper

  1. Export data
  2. service docker stop
  3. rm -rf /var/lib/docker
  4. Modify your docker startup to use the new storage driver. Set --storage-driver=<name> in any of the below file:
    • /lib/systemd/system/docker.service
    • /etc/systemd/system/docker.service
    • /etc/default/docker
    • /etc/sysconfig/docker
  5. service docker start
  6. Import Data

OverlayFS Driver:

OverlayFS is already available in Ubuntu, just change the storage driver to --storage-driver=overlay2 or --storage-driver=overlay if you are still using a 3.x kernel

Exploring Docker container's file system

https://stackoverflow.com/questions/20813486/exploring-docker-containers-file-system

snapshoting

# find ID of your running container:
docker ps

# create image (snapshot) from container filesystem
docker commit 12345678904b5 mysnapshot

# explore this filesystem using bash (for example)
docker run -it mysnapshot /bin/bash

docker exec (for docker 1.3+)

"docker exec" command run new process in already running container (container must have PID 1 process running already). You can run /bin/bash to explore container state:

docker exec -it mycontainer /bin/bash

Publish local image to Docker Cloud

docker login # 根据提示输入 Docker Cloud 用户名/密码,假设用户名为 user
docker tag <image_name> user/abc
docker push user/abc

Import / Export image

docker save -o ./centos-16.tar centos:16
docker save myimage:latest | gzip > myimage_latest.tar.gz

docker load -i ./centos-16.tar
docker load < busybox.tar.gz

# 直接传输镜像到远程服务器。也可以用 gzip。可以在 bzip2 后加一层 pv 管道监控进度(需要安装 pv)
docker save app:latest | bzip2 | ssh remote.example.com docker load

Enable IPV6

Docs

/etc/docker/daemon.json

{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64",
  "experimental": true,
  "ip6tables": true
}

Restart docker daemon:

systemctl restart docker

这样默认的 default (bridge) network 直接是 IPV4 / IPV6 dual stack。自定义的网络需要在创建时指定启用 IPV6 network:

docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net

对应的 docker-compose.yml :

services:
  proxy:
    build: ./proxy
    networks:
      - ip6net

networks:
  ip6net:
    enable_ipv6: true
    ipam:
      config:
        - subnet: 2001:0DB8::/112

Solutions

"[graphdriver] prior storage driver "aufs" failed: driver not supported"

https://askubuntu.com/questions/870889/cant-start-docker-on-ubuntu-16-04-with-driver-not-supported-error/870890

The problem is that aufs is not supported on kernel 4.0.x

Quick Solutions (removing aufs from docker): rm -rf /var/lib/docker/aufs

But this will delete all existing AUFS containers.

Last update: 2023-11-15 02:47:15 UTC