docker image rm <image_id> # delete a image. -f force
OS Config
systemctl stop apparmor && systemctl disable apparmor
CLI
docker run
从 image 创建一个新的 container 并启动。Docs
# CMD 默认直接执行,覆盖 Dockerfile里的 CMD 配置。但如果Dockerfile里定义了ENTRYPOINT, 则CMD会作为附加参数传给ENTRYPOINT
docker run <image_id> [CMD]
# 少部分 image (如 jenkins)需要指定 -u 0 才能以 root 用户身份执行
docker run -it <image_id> -u 0 bash
- --name name : 指定容器的 name。
- --hostname hostname : 指定 hostname(默认使用容器的 name 作为 hostname)。相同 network 里的容器之间可以通过 hostname 互相访问。因为 Docker 引擎启动容器里会向 /etc/resolv.conf 写入 "nameserver 127.0.0.11"。127.0.0.11 是 Docker 引擎内部提供的 DNS 服务器。
- --network net : 指定 network。默认为全局的 "bridge"
- -d : detech。以后台(持久)进程方式启动container。
- -i : interactive。Keep STDIN open even if not attached
- -t : Allocate a pseudo-TTY
- -it : 常常合用 -it 参数。Assign name and allocate pseudo-TTY。可用于进入container里的shell交互环境
- -e "ENV=value" : 设置环境变量。可多次使用。
- -e TZ=Etc/UTC : 容器使用 UTC 时区
- -p 0.0.0.0:8080:80/tcp : 将container里的80端口映射到主机0.0.0.0的8080端口。支持 tcp / udp。可多次使用。绑定的IP地址部分可选(默认 "0.0.0.0:")
- -v /var/data:/data : "挂载" host 的 /var/data 到 container 里的 /data。本地路径参数部分也可以填写 Docker volume name。
- --rm : "一次性运行",container进程退出时删除docker记录(即 docker ps -a 里看到的)。
docker build
docker build -t name[:tag] context
context 根目录下需要有 Dockerfile
context 参数可以使用 github / bitbucket 的远程 URL
/var/run/docker.sock
可以与 Docker 管理进程通信的 unix socket. 可以用 -v 挂载到容器里实现容器控制 Docker host。
Example
# display docker version
curl --silent -XGET --unix-socket /run/docker.sock http://localhost/version | jq .
# list containers
curl --silent -XGET --unix-socket /run/docker.sock -H 'Content-Type: application/json' http://localhost/containers/json | jq .
# displayer container details
curl --silent -XGET --unix-socket /run/docker.sock -H 'Content-Type: application/json' http://localhost/containers/1c022ba8c88382b1bad03c5d32146f66b698b5211ea37057cb56f76537228b0e/json | jq .
Others
- docker stop container_id : 结束 container (并销毁之?)。
Tips
Networks
network 作用是隔离不同 containers 的虚拟网络。同一 network 里的不同 containers 直接可以通过 name 互相访问 (Docker 自动写入 hosts)
Manage volumes
# docker volume create --name test
# docker volume ls
DRIVER VOLUME NAME
local 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
local 2f13b0cec834a0250845b9dcb2bce548f7c7f35ed9cdaa7d5990bf896e952d02
local test
# docker inspect 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
[
{
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465/_data",
"Name": "1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465",
"Options": {},
"Scope": "local"
}
]
Migration from devicemapper
https://stackoverflow.com/questions/37672018/clean-docker-environment-devicemapper
- Export data
- service docker stop
- rm -rf /var/lib/docker
- Modify your docker startup to use the new storage driver. Set
--storage-driver=<name>
in any of the below file:- /lib/systemd/system/docker.service
- /etc/systemd/system/docker.service
- /etc/default/docker
- /etc/sysconfig/docker
- service docker start
- Import Data
OverlayFS Driver:
OverlayFS is already available in Ubuntu, just change the storage driver to --storage-driver=overlay2
or --storage-driver=overlay
if you are still using a 3.x kernel
Exploring Docker container's file system
https://stackoverflow.com/questions/20813486/exploring-docker-containers-file-system
snapshoting
# find ID of your running container:
docker ps
# create image (snapshot) from container filesystem
docker commit 12345678904b5 mysnapshot
# explore this filesystem using bash (for example)
docker run -it mysnapshot /bin/bash
docker exec (for docker 1.3+)
"docker exec" command run new process in already running container (container must have PID 1 process running already). You can run /bin/bash to explore container state:
docker exec -it mycontainer /bin/bash
Publish local image to Docker Cloud
docker login # 根据提示输入 Docker Cloud 用户名/密码,假设用户名为 user
docker tag <image_name> user/abc
docker push user/abc
Import / Export image
docker save -o ./centos-16.tar centos:16
docker save myimage:latest | gzip > myimage_latest.tar.gz
docker load -i ./centos-16.tar
docker load < busybox.tar.gz
# 直接传输镜像到远程服务器。也可以用 gzip。可以在 bzip2 后加一层 pv 管道监控进度(需要安装 pv)
docker save app:latest | bzip2 | ssh remote.example.com docker load
Enable IPV6
/etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64",
"experimental": true,
"ip6tables": true
}
Restart docker daemon:
systemctl restart docker
这样默认的 default (bridge) network 直接是 IPV4 / IPV6 dual stack。自定义的网络需要在创建时指定启用 IPV6 network:
docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net
对应的 docker-compose.yml :
services:
proxy:
build: ./proxy
networks:
- ip6net
networks:
ip6net:
enable_ipv6: true
ipam:
config:
- subnet: 2001:0DB8::/112
Solutions
"[graphdriver] prior storage driver "aufs" failed: driver not supported"
The problem is that aufs is not supported on kernel 4.0.x
Quick Solutions (removing aufs from docker): rm -rf /var/lib/docker/aufs
But this will delete all existing AUFS containers.