docker image rm <image_id> # delete a image. -f forceOS Config
systemctl stop apparmor && systemctl disable apparmorCLI
docker run
从 image 创建一个新的 container 并启动。Docs
# CMD 默认直接执行,覆盖 Dockerfile里的 CMD 配置。但如果Dockerfile里定义了ENTRYPOINT, 则CMD会作为附加参数传给ENTRYPOINT
docker run <image_id> [CMD]
# 少部分 image (如 jenkins)需要指定 -u 0 才能以 root 用户身份执行
docker run -it <image_id> -u 0 bash- -d : detech。以后台(持久)进程方式启动container。
- -i : interactive。Keep STDIN open even if not attached
- -t : Allocate a pseudo-TTY
- -it : 常常合用 -it 参数。Assign name and allocate pseudo-TTY。可用于进入container里的shell交互环境
- -e "ENV=value" : 设置环境变量。可多次使用。
- -e TZ=Etc/UTC : 容器使用 UTC 时区
- -p 0.0.0.0:8080:80/tcp : 将container里的80端口映射到主机0.0.0.0的8080端口。支持 tcp / udp。可多次使用。绑定的IP地址部分可选(默认 "0.0.0.0:")
- -v /var/data:/data : "挂载" host 的 /var/data 到 container 里的 /data。本地路径参数部分也可以填写 Docker volume name。
- --rm : "一次性运行",container进程退出时删除docker记录(即 docker ps -a 里看到的)。
docker build
docker build -t name[:tag] context
context 根目录下需要有 Dockerfile
context 参数可以使用 github / bitbucket 的远程 URL
Others
- docker stop container_id : 结束 container (并销毁之?)。
Tips
Networks
network 作用是隔离不同 containers 的虚拟网络。同一 network 里的不同 containers 直接可以通过 name 互相访问 (Docker 自动写入 hosts)
Manage volumes
# docker volume create --name test
# docker volume ls
DRIVER VOLUME NAME
local 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
local 2f13b0cec834a0250845b9dcb2bce548f7c7f35ed9cdaa7d5990bf896e952d02
local test
# docker inspect 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
[
{
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465/_data",
"Name": "1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465",
"Options": {},
"Scope": "local"
}
]Migration from devicemapper
https://stackoverflow.com/questions/37672018/clean-docker-environment-devicemapper
- Export data
- service docker stop
- rm -rf /var/lib/docker
- Modify your docker startup to use the new storage driver. Set
--storage-driver=<name>in any of the below file:- /lib/systemd/system/docker.service
- /etc/systemd/system/docker.service
- /etc/default/docker
- /etc/sysconfig/docker
- service docker start
- Import Data
OverlayFS Driver:
OverlayFS is already available in Ubuntu, just change the storage driver to --storage-driver=overlay2 or --storage-driver=overlay if you are still using a 3.x kernel
Exploring Docker container's file system
https://stackoverflow.com/questions/20813486/exploring-docker-containers-file-system
snapshoting
# find ID of your running container:
docker ps
# create image (snapshot) from container filesystem
docker commit 12345678904b5 mysnapshot
# explore this filesystem using bash (for example)
docker run -it mysnapshot /bin/bashdocker exec (for docker 1.3+)
"docker exec" command run new process in already running container (container must have PID 1 process running already). You can run /bin/bash to explore container state:
docker exec -it mycontainer /bin/bash
Publish local image to Docker Cloud
docker login # 根据提示输入 Docker Cloud 用户名/密码,假设用户名为 user
docker tag <image_name> user/abc
docker push user/abcImport / Export image
docker save -o ./centos-16.tar centos:16
docker save myimage:latest | gzip > myimage_latest.tar.gz
docker load -i ./centos-16.tar
docker load < busybox.tar.gz
# 直接传输镜像到远程服务器。也可以用 gzip。可以在 bzip2 后加一层 pv 管道监控进度(需要安装 pv)
docker save app:latest | bzip2 | ssh remote.example.com docker loadSolutions
"[graphdriver] prior storage driver "aufs" failed: driver not supported"
The problem is that aufs is not supported on kernel 4.0.x
Quick Solutions (removing aufs from docker): rm -rf /var/lib/docker/aufs
But this will delete all existing AUFS containers.