docker常用命令总结-Discuz!运营教程-DZ插件网

docker常用命令总结

婷姐

2023/04/21 18:45:19

1.1 docker 命令帮助

docker 命令是最常使用的docker 客户端命令，其后面可以加不同的参数以实现不同的功能
docker 命令格式

docker [OPTIONS] COMMAND
COMMAND分为
Management Commands #指定管理的资源对象类型,较新的命令用法,将命令按资源类型进行分类,方便使用
Commands #对不同资源操作的命令不分类,使用容易产生混乱

docker 命令有很多子命令，可以用下面方法查看帮助

#docker 命令帮助
man docker
docker
docker --help
#docker 子命令帮助
man docker-COMMAND
docker COMMAND --help

1.2 查看 Docker 相关信息

1.2.1 查看 docker 版本

root@rocky8 ~]$ docker version
Client: Docker Engine - Community
Version: 19.03.15
API version: 1.40
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:16:44 2021
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:19 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.15
GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.18.0
GitCommit: fec3683

1.2.2 查看 docker 详解信息

[root@ubuntu1804 ~]$ docker info
Client:
Debug Mode: false #client 端是否开启 debug
Server:
Containers: 2 #当前主机运行的容器总数
Running: 0 #有几个容器是正在运行的
Paused: 0 #有几个容器是暂停的
Stopped: 2 #有几个容器是停止的
Images: 4 #当前服务器的镜像数
Server Version: 19.03.5 #服务端版本
Storage Driver: overlay2 #正在使用的存储引擎
Backing Filesystem: extfs #后端文件系统，即服务器的磁盘文件系统
Supports d_type: true #是否支持 d_type
Native Overlay Diff: true #是否支持差异数据存储
Logging Driver: json-file #日志类型
Cgroup Driver: cgroupfs #Cgroups 类型
Plugins: #插件
Volume: local #卷
Network: bridge host ipvlan macvlan null overlay # overlay 跨主机通信
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog # 日志类型
Swarm: inactive #是否支持 swarm
Runtimes: runc #已安装的容器运行时
Default Runtime: runc #默认使用的容器运行时
Init Binary: docker-init #初始化容器的守护进程，即 pid 为 1 的进程
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 #版本
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 #runc 版本
init version: fec3683 #init 版本
Security Options: #安全选项
apparmor #安全模块，https://docs.docker.com/engine/security/apparmor/
seccomp #安全计算模块，即制容器操作,https://docs.docker.com/engine/security/seccomp/
Profile: default #默认的配置文件
Kernel Version: 4.15.0-29-generic #宿主机内核版本
Operating System: Ubuntu 18.04.1 LTS #宿主机操作系统
OSType: linux #宿主机操作系统类型
Architecture: x86_64 #宿主机架构
CPUs: 1 #宿主机 CPU 数量
Total Memory: 962MiB #宿主机总内存
Name: ubuntu1804.wang.org #宿主机 hostname
ID: IZHJ:WPIN:BRMC:XQUI:VVVR:UVGK:NZBM:YQXT:JDWB:33RS:45V7:SQWJ #宿主机 ID
Docker Root Dir: /var/lib/docker #宿主机关于docker数据的保存目录
Debug Mode: false #server 端是否开启 debug
Registry: https://index.docker.io/v1/ #仓库路径
Labels:
Experimental: false #是否测试版
Insecure Registries:
127.0.0.0/8 : #非安全的镜像仓库
Registry Mirrors:
https://si7y70hh.mirror.aliyuncs.com/ #镜像仓库
Live Restore Enabled: false #是否开启活动重启 (重启docker-daemon 不关闭容器 )
WARNING: No swap limit support #系统警告信息 (没有开启 swap 资源限制 )

范例: 解决上述SWAP报警提示
官方文档: https://docs.docker.com/install/linux/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities

[root@ubuntu1804 ~]# vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_| echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 swapaccount=1" #修改此行
[root@ubuntu1804 ~]# update-grub
[root@ubuntu1804 ~]# reboot

1.3 镜像管理命令

1.3.1 搜索镜像

官网: http://hub.docker.com
在官方的docker 仓库中搜索指定名称的docker镜像，也会有很多三方镜像。
执行docker search命令进行搜索
格式如下:

Usage: docker search [OPTIONS] TERM
Options:
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
说明:
OFFICIAL: 官方
AUTOMATED: 使用第三方docker服务来帮助编译镜像，可以在互联网上面直接拉取到镜像，减少了繁琐的编译过程

范例: 选择性的查找镜像

#搜索点赞100个以上的镜像
root@rocky8 ~]$ docker search --filter=stars=100 centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos DEPRECATED; The official build of CentOS. 7461 [OK]

1.3.2 下载镜像

从 docker 仓库将镜像下载到本地，命令格式如下:

docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Options:
-a, --all-tags Download all tagged images in the repository
--disable-content-trust Skip image verification (default true)
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output
NAME: 是镜像名,一般的形式仓库服务器:端口/项目名称/镜像名称
:TAG: 即版本号,如果不指定:TAG,则下载最新版镜像

镜像下载保存的路径: /var/lib/docker/overlay2/镜像ID
注意: 镜像下载完成后，会自动解压缩，比官网显示的可能会大很多

docker pull rockylinux:9-minimal
docker pull ubuntu:focal-20221130

1.3.3 查看本地镜像

docker images 可以查看下载至本地的镜像
格式:

docker images [OPTIONS] [REPOSITORY[:TAG]]
docker image ls [OPTIONS] [REPOSITORY[:TAG]]
#常用选项:
-q, --quiet Only show numeric IDs
-a, --all Show all images (default hides intermediate images)
--digests Show digests
--no-trunc Don't truncate output
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template

执行结果的显示信息说明:

REPOSITORY #镜像所属的仓库名称
TAG #镜像版本号（标识符），默认为latest
IMAGE ID #镜像唯一ID标识,如果ID相同,说明是同一个镜像有多个名称
CREATED #镜像在仓库中被创建时间
SIZE #镜像的大小

Repository仓库

1.3.4 镜像导出

利用docker save命令可以将从本地镜像导出为一个打包 tar文件，然后复制到其他服务器进行导入使用
格式:

docker save [OPTIONS] IMAGE [IMAGE...]
Options:
-o, --output string Write to a file, instead of STDOUT
#说明:
Docker save 使用IMAGE ID导出，在导入后的镜像没有REPOSITORY和TAG,显示为<none>

常见用法:

docker save -o /path/file.tar IMAGE1 IMAGE2 ...
docker save IMAGE1 IMAGE2 ... > /path/file.tar

范例: 导出指定镜像

[root@rocky8 ~]$ docker save alpine:latest -o alpine.tar
[root@rocky8 ~]$ scp alpine.tar 10.0.0.100:

范例: 导出所有镜像至不同的文件中

[root@rocky8 ~]$ docker images | awk 'NR!=1{print $1,$2}'|while read repo tag;do docker save $repo:$tag -o /opt/$repo-$tag.tar;done
[root@rocky8 ~]$ ll /opt/*.tar
-rw------- 1 root root 7347200 Jan 13 20:04 /opt/alpine-latest.tar
-rw------- 1 root root 24064 Jan 13 20:04 /opt/hello-world-latest.tar
-rw------- 1 root root 145905152 Jan 13 20:04 /opt/nginx-latest.tar
-rw------- 1 root root 121435136 Jan 13 20:04 /opt/rockylinux-9-minimal.tar
-rw------- 1 root root 75167744 Jan 13 20:04 /opt/ubuntu-focal-20221130.tar

范例:导出所有镜像到一个打包文件

#方法1: 使用image ID导出镜像,在导入后的镜像没有REPOSITORY和TAG,显示为<none>
docker save `docker images -qa` -o /opt/all.tar
#方法2:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
#方法3:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar

1.3.5 镜像导入

利用docker load命令可以将镜像导出的打包或压缩文件再导入
格式:

docker load [OPTIONS]
#选项
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output

常见用法:

docker load -i /path/file.tar
docker load < /path/file.tar

范例: 镜像导入

[root@ubuntu2004 ~]$ docker load -i alpine.tar
8e012198eea1: Loading layer 7.338MB/7.338MB
Loaded image: alpine:latest
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB

面试题: 将一台主机的所有镜像传到另一台主机

#方法1:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#方法2:将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB

1.3.6 删除镜像

docker rmi 命令可以删除本地镜像
格式

docker rmi [OPTIONS] IMAGE [IMAGE...]
docker image rm [OPTIONS] IMAGE [IMAGE...]
#选项:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents

范例：

[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#删除镜像
[root@ubuntu2004 ~]$ docker rmi ubuntu:focal-20221130
Untagged: ubuntu:focal-20221130
Deleted: sha256:d5447fc01ae62c20beffbfa50bc51b2797f9d7ebae031b8c2245b5be8ff1c75b
Deleted: sha256:0002c93bdb3704dd9e36ce5153ef637f84de253015f3ee330468dccdeacad60b
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB

强制删除正在使用的镜像，也会删除对应的容器
范例: 删除所有镜像

[root@ubuntu2004 ~]$ docker rmi $(docker images -q)

1.3.7 镜像打标签

docker tag 可以给镜像打标签，类似于起别名,但通常要遵守一定的命名规范,才可以上传到指定的仓库
格式

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
#TARGET_IMAGE[:TAG]格式一般形式
仓库主机FQDN或IP[:端口]/项目名(或用户名)/image名字:版本

TAG默认为latest
范例

[root@rocky8 ~]$ docker tag rockylinux:9-minimal harbor.yanlinux.org:80/k8s/rockylinux:9
[root@rocky8 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
harbor.yanlinux.org:80/k8s/rockylinux 9 c50e7a3e6f7f 3 weeks ago 118MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#然后就可以将镜像传到仓库中
[root@rocky8 ~]$ docker push harbor.yanlinux.org:80/k8s/rockylinux:9

总结: 企业使用镜像及常见操作: 搜索、下载、导出、导入、删除
命令总结:

docker search centos #搜索镜像
docker pull alpine #拉取镜像
docker images #查看本地所有镜像
docker save > /opt/centos.tar #导出镜像
docker load -i /opt/centos.tar #导入本地镜像
docker rmi 镜像ID/镜像名称 #删除指定ID的镜像，此镜像对应容器正启动镜像不能被删除，除非将容器全部关闭

1.4 容器操作基础命令

容器相关命令

[root@rocky8 ~]$ docker container
Usage: docker container COMMAND
Manage containers
Commands:
attach Attach local standard input, output, and error streams to a running container
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
exec Run a command in a running container
export Export a container's filesystem as a tar archive
inspect Display detailed information on one or more containers
kill Kill one or more running containers
logs Fetch the logs of a container
ls List containers
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
prune Remove all stopped containers
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
run Run a command in a new container
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until one or more containers stop, then print their exit codes

1.4.1 启动容器

docker run 可以启动容器，进入到容器，并随机生成容器ID和名称。docker run等价于docker pull + docker start
帮助: man docker run
命令格式:

docker run [选项] [镜像名] [shell命令] [参数]
#选项:
-i, --interactive Keep STDIN open even if not attached，通常和-t一起使用
-t, --tty 分配pseudo-TTY，通常和-i一起使用,注意对应的容器必须运行shell才支持进入
-d, --detach Run container in background and print container ID,台后运行，默认前台
--name string Assign a name to the container
--h, --hostname string Container host name
--rm Automatically remove the container when it exits
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--dns list Set custom DNS servers
--entrypoint string Overwrite the default ENTRYPOINT of the image
--restart policy
--privileged Give extended privileges to container
-e, --env=[] Set environment variables
--env-file=[] Read in a line delimited file of environment variables

--restart 可以指定四种不同的policy

POLICY	说明
no	默认no，容器退出后不自动重启
on-failure[:max-retries]	仅当容器以非零退出状态退出时，才重新启动。（可选）限制 Docker 守护程序尝试的重新启动重试次数。
always	无论退出状态如何，始终重新启动容器。如果指定始终，Docker 守护程序将无限期地尝试重新启动容器。容器也将始终在守护程序启动时启动，无论容器的当前状态如何。利用此选项可以实现自动启动容器
unless-stopped	无论退出状态如何，始终重新启动容器，但如果容器之前已进入停止状态，则不要在守护程序启动时启动它。

注意: 容器启动后,如果容器内没有前台运行的进程,将自动退出停止
从容器内退出,并停止容器:

exit

从容器内退出,且容器不停止:

ctrl+p+q

范例：启动后台守护并指定运行容器的名字

[root@rocky8 ~]$ docker run -d --name web01 nginx
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0b9221c09a9 nginx "/docker-entrypoint.…" 5 seconds ago Up 5 seconds 80/tcp web01

范例: 一次性运行容器中命令

[root@rocky8 ~]$ docker run alpine cat /etc/issue
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)
[root@rocky8 ~]$ docker run alpine du -sh /
7.0M /

范例: 运行交互式容器并退出
退出两种方式:

[root@rocky8 ~]$ docker run -it alpine sh
/ # ls
bin etc lib mnt proc run srv tmp var
dev home media opt root sbin sys usr
/ # cat /etc/issue
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)
#查看容器是在运行
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bad7e7c5ef39 alpine "sh" 7 seconds ago Up 7 seconds angry_knuth
#现在在容器中执行退出
/ # exit
#查看容器是否运行
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
##另外一种退出容器的方法
##ctrl+p+q
/ # [22:13:43 root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2bae444f9796 alpine "sh" 51 seconds ago Up 51 seconds nifty_davinci
#这种情况相当于临时从容器中出来，还可以利用以下命令进入进去
[root@rocky8 ~]$ docker exec -it 2bae444f9796 sh
/ #

1.4.2 查看容器信息

1.4.2.1 显示当前存在容器

格式：

docker ps [OPTIONS]
docker container ls [OPTIONS]
选项:
-a, --all Show all containers (default shows just running)
-q, --quiet Only display numeric IDs
-s, --size Display total file sizes
-f, --filter filter Filter output based on conditions provided
-l, --latest Show the latest created container (includes all states)
-n, --last int Show n last created containers (includes all states)(default -1)

范例：

#显示正在运行的容器
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#显示全部容器，包括退出状态的容器
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
69cb07c29477 nginx "/docker-entrypoint.…" 4 minutes ago Exited (0) 4 minutes ago web01
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#只显示容器ID
[root@rocky8 ~]$ docker ps -aq
d5bc9651615e
69cb07c29477
3d9a0cbfa238
#显示容器大小
[root@rocky8 ~]$ docker ps -s
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02 1.09kB (virtual 141MB)
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie 2B (virtual 1GB)
#显示最新创建的容器
root@rocky8 ~]$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02

范例：显示指定状态的容器

[root@rocky8 ~]$ docker ps -f "status=exited"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69cb07c29477 nginx "/docker-entrypoint.…" 9 minutes ago Exited (0) 9 minutes ago web01

1.4.2.2 查看容器内的进程

docker top CONTAINER [ps OPTIONS]

范例：

root@rocky8 ~]$ docker top web02
UID PID PPID C STIME TTY TIME CMD
root 2483 2468 0 12:42 ? 00:00:00 nginx: master process nginx -g daemon off;
101 2534 2483 0 12:42 ? 00:00:00 nginx: worker process
101 2535 2483 0 12:42 ? 00:00:00 nginx: worker process

1.4.2.3 查看容器资源使用情况

docker stats [OPTIONS] [CONTAINER...]
Display a live stream of container(s) resource usage statistics
Options:
-a, --all Show all containers (default shows just running)
--format string Pretty-print images using a Go template
--no-stream Disable streaming stats and only pull the first result
--no-trunc Do not truncate output

范例：

root@rocky8 ~]$ docker stats web02
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
d5bc9651615e web02 0.00% 3.434MiB / 1.748GiB 0.19% 1.01kB / 0B 410kB / 25.6kB 3

范例：限制内存使用大小

[root@ubuntu1804 ~]#docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx128m" elasticsearch:7.6.2
[root@ubuntu1804 ~]#docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK PIDS
29282e91d773 elasti254.23310.5MiB / 1.924GiB 15.76% 766B / 0B 766kB /46kB 22

1.4.2.4 查看容器的详细信息

docker inspect 可以查看docker各种对象的详细信息,包括:镜像,容器,网络等

docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container

范例：

root@rocky8 ~]$ docker inspect web02
[
{
"Id": "d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6",
"Created": "2023-01-16T04:42:40.652945855Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2483,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-01-16T04:42:40.939507921Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
"ResolvConfPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hostname",
"HostsPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hosts",
"LogPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6-json.log",
"Name": "/web02",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a-init/diff:/var/lib/docker/overlay2/ac2a6764ef29d802f6d57c03311285e004854c1125392c571a54a0e51e7aa770/diff:/var/lib/docker/overlay2/00498af85ccf1634977fabaa1e8bc0347de69aa93c9a498932291ef6cc66ad2d/diff:/var/lib/docker/overlay2/e85525a30c0dc487cfe1bfed9931cc85994a3655f1194d5e357c9f52a29eb0c7/diff:/var/lib/docker/overlay2/616978347c6243ee5a035fb5dcd055a5bb72052fbc54e7da735babeef558d2aa/diff:/var/lib/docker/overlay2/6c5ffca8e721e566c9f03345b9bedc31db36328a5ec6a78c828d0b2ca4b21d89/diff:/var/lib/docker/overlay2/1dde0f444f04a43847d956a6cea24ce25fcc74c784086fe0f51ed17bb75e9ae8/diff",
"MergedDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/merged",
"UpperDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/diff",
"WorkDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "d5bc9651615e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.5",
"NJS_VERSION=0.7.1",
"PKG_RELEASE=1~bullseye"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "83b75e77e1d7de17af47765c03f4c9e3aba0f93a615542e9e385fd97f29f961c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/83b75e77e1d7",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "745daa224c76c2091d6852549ffaaa346bae3a7a2128186e5bbf40cbddf416a3",
"EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]

范例：选择性查看

root@rocky8 ~]$ docker inspect -f "{{.State.Status}}" web02
running
root@rocky8 ~]$ docker inspect --format="{{.State.Status}}" web02
running

1.4.3 删除容器

docker rm 可以删除容器，即使容器正在运行当中，也可以被强制删除掉
格式

docker rm [OPTIONS] CONTAINER [CONTAINER...]
docker container rm [OPTIONS] CONTAINER [CONTAINER...]
#选项:
-f, --force Force the removal of a running container (uses SIGKILL)
-v, --volumes Remove the volumes associated with the container
#删除停止的容器
docker container prune [OPTIONS]
Options:
--filter filter Provide filter values (e.g. 'until=<timestamp>')
-f, --force Do not prompt for confirmation

范例：

root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb134349daf alpine "/bin/sh" 50 seconds ago Exited (0) 50 seconds ago sharp_swanson
d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
69cb07c29477 nginx "/docker-entrypoint.…" 25 minutes ago Exited (0) 25 minutes ago web01
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 30 minutes ago Up 30 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#删除web01容器
root@rocky8 ~]$ docker rm web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb134349daf alpine "/bin/sh" About a minute ago Exited (0) About a minute ago sharp_swanson
d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 31 minutes ago Up 31 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie

范例: 删除指定状态的容器

[root@rocky8 ~]$ docker rm $(docker ps -qf status=exited)
ceb134349daf
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 32 minutes ago Up 32 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie

1.4.4 容器的启动和停止

格式

docker start|stop|restart|pause|unpause 容器ID

批量正常启动或关闭所有容器

docker start $(docker ps -a -q)
docker stop $(docker ps -a -q)

范例

[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp web01
#停止容器
[root@rocky8 ~]$ docker stop web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 2 minutes ago Exited (0) 4 seconds ago web01
#启动nginx容器
[root@rocky8 ~]$ docker start web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 3 minutes ago Up 2 seconds 80/tcp web01
#重启nginx容器
[root@rocky8 ~]$ docker restart web01
[10:05:45 root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 4 minutes ago Up 4 seconds 80/tcp web01

范例: 启动并进入容器

root@rocky8 ~]$ docker run --name=rocky -it rockylinux:9-minimal bash
bash-5.1# ls
afs dev home lib64 media opt root sbin sys usr
bin etc lib lost+found mnt proc run srv tmp var
bash-5.1# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
bash-5.1# exit
exit
#启动并进入rocky容器
[root@rocky8 ~]$ docker start -i rocky
bash-5.1# cat etc/issue
\S
Kernel \r on an \m
bash-5.1#

范例: 暂停和恢复容器

#暂停web01容器
[root@rocky8 ~]$ docker pause web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 6 minutes ago Exited (0) 2 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 11 minutes ago Up 7 minutes (Paused) 80/tcp web01 #状态中加上了paused标志
#恢复容器
[root@rocky8 ~]$ docker unpause web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 7 minutes ago Exited (0) 3 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 12 minutes ago Up 8 minutes 80/tcp web01

1.4.5 给正在运行的容器发信号

docker kill 可以给容器发信号,默认号SIGKILL,即9信号
格式

docker kill [OPTIONS] CONTAINER [CONTAINER...]
#选项:
-s, --signal string Signal to send to the container (default "KILL")

范例：

[root@rocky8 ~]$ docker kill web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 9 minutes ago Exited (0) 6 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 15 minutes ago Exited (137) 1 second ago web01

1.4.6 进入正在运行的容器

1.4.6.1 使用attach命令

docker attach 容器名，attach 类似于vnc，操作会在同一个容器的多个会话界面同步显示，所有使用此方式进入容器的操作都是同步显示的，且使用exit退出后容器自动关闭，不推荐使用，需要进入到有shell环境的容器
格式:

docker attach [OPTIONS] CONTAINER

1.4.6.2 使用exec命令

在运行中的容器启动新进程,可以执行单次命令，以及进入容器
测试环境使用此方式，使用exit退出,但容器还在运行，此为推荐方式
格式:

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
常用选项:
-d, --detach Detached mode: run command in the background
-e, --env list Set environment variables
-i, --interactive Keep STDIN open even if not attached
-t, --tty Allocate a pseudo-TTY
#常见用法
docker exec -it 容器ID sh|bash

范例：

#执行一次性命令
[root@rocky8 ~]$ docker exec rocky cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)
#进入容器，执行命令，exit退出容器不停止
[root@rocky8 ~]$ docker exec -it rocky bash
bash-5.1# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)

1.4.7 暴露所有容器端口

容器启动后,默认处于预定义的NAT网络中,所以外部网络的主机无法直接访问容器中网络服务
docker run -P 可以将事先容器预定义的所有端口映射宿主机的网卡的随机端口，默认从32768开始
使用随机端口时,当停止容器后再启动可能会导致端口发生变化

-P , --publish-all= true | false默认为false
#示例:
docker run -P docker.io/nginx #映射容器所有暴露端口至随机本地端口

范例

[root@rocky8 ~]$ docker run -d --name web01 -P nginx
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
46b790b7393a nginx "/docker-entrypoint.…" 4 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp web01

docker port 可以查看容器的端口映射关系
格式

docker port CONTAINER [PRIVATE_PORT[/PROTO]]

范例

[root@rocky8 ~]$ docker port web01
80/tcp -> 0.0.0.0:32768

端口映射的本质就是利用NAT技术实现的
1.4.8 指定端口映射

docker run -p 可以将容器的预定义的指定端口映射到宿主机的相应端口
注意: 多个容器映射到宿主机的端口不能冲突，但容器内使用的端口可以相同
方式1: 容器80端口映射宿主机本地随机端口

docker run -p 80 --name nginx-test-port1 nginx

方式2: 容器80端口映射到宿主机本地端口81

docker run -p 81:80 --name nginx-test-port2 nginx

方式3: 宿主机本地IP:宿主机本地端口:容器端口

docker run -p 10.0.0.100:82:80 --name nginx-test-port3 docker.io/nginx

方式4: 宿主机本地IP:宿主机本地随机端口:容器端口，默认从32768开始

docker run -p 10.0.0.100::80 --name nginx-test-port4 docker.io/nginx

方式5: 宿主机本机ip:宿主机本地端口:容器端口/协议，默认为tcp协议

docker run -p 10.0.0.100:83:80/udp --name nginx-test-port5 docker.io/nginx

方式6: 一次性映射多个端口+协议

docker run -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port6 nginx

范例:

[root@rocky8 ~]$ docker run -d -p 8080:80 --name web02 nginx
846ca3aa883687906cbc14884d2fc2c89d47884a1f3236c3f73bab628f18a121
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
846ca3aa8836 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp web02
46b790b7393a nginx "/docker-entrypoint.…" 20 minutes ago Up 20 minutes 0.0.0.0:32768->80/tcp web01
[root@rocky8 ~]$ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:32768 *:*
LISTEN 0 128 *:8080 *:*

实战案例: 修改已经创建的容器的端口映射关系

[root@ubuntu1804 ~]#docker run -d -p 80:80 --name nginx01 nginx
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:80
[root@ubuntu1804 ~]#lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 2364 root 4u IPv6 35929 0t0 TCP *:http (LISTEN)
[root@ubuntu1804 ~]#ls
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/
checkpoints
hostconfig.json mounts
config.v2.json
hostname resolv.conf
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24-json.log hosts
resolv.conf.hash
[root@ubuntu1804 ~]#systemctl stop docker
[root@ubuntu1804 ~]#vim
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/hostconfig.json
"PortBindings":{"80/tcp":[{"HostIp":"","HostPort":"80"}]}
#PortBindings后80/tcp对应的是容器内部的80端口，HostPort对应的是映射到宿主机的端口80 修改此处为8000
[root@ubuntu1804 ~]#systemctl start docker
[root@ubuntu1804 ~]#docker start nginx01
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:8000

范例：实现wordpress应用

#部署mysql
[root@rocky8 ~]$ docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=123456 --name mysql mysql:8.0.31-oracle
#下载wordpress
[root@rocky8 ~]$ docker run -d -p 80:80 --name wordpress wordpress:php7.4-apache

1.4.9 查看容器的日志

docker logs 可以查看容器中运行的进程在控制台输出的日志信息
格式

docker logs [OPTIONS] CONTAINER
选项:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
--tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)

范例：

[root@rocky8 ~]$ docker logs wordpress
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 17 04:10:22.767095 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
......

1.4.10 传递运行命令

容器需要有一个前台运行的进程才能保持容器的运行，通过传递运行参数是一种方式，另外也可以在构
建镜像的时候指定容器启动时运行的前台命令
容器里的PID为1的守护进程的实现方式

范例：

[root@rocky8 ~]$ docker run --name rocky rockylinux:9-minimal cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"

1.4.11 容器内和宿主机之间复制文件

docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Options:
-a, --archive Archive mode (copy all uid/gid information)
-L, --follow-link Always follow symbol link in SRC_PATH

范例：

[root@rocky8 ~]$ docker run -itd --rm alpine
#将宿主机文件复制到容器中
[root@rocky8 ~]$ docker cp /etc/hosts 2b91caf6ba44:/
[root@rocky8 ~]$ docker exec -it 2b91caf6ba44 sh
/ # cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#将容器内的文件复制到宿主机
[root@rocky8 ~]$ docker cp 2b91caf6ba44:/bin/busybox /usr/local/bin/
[root@rocky8 ~]$ ls /usr/local/bin/
busybox

1.5 Docker镜像制作和管理命令

Docker的镜像制作分为手动制作（基于容器）和自动制作(基于DockerFile)，企业通常都是基于Dockerfile制作镜像

docker commit #通过修改现有容器,将之手动构建为镜像
docker build #通过Dockerfile文件,批量构建为镜像

1.5.1 docker commit 手动构建镜像

1.5.1.1 基于容器手动制作镜像步骤

docker commit 格式

docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
#选项
-a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
#说明:
制作镜像和CONTAINER状态无关,停止状态也可以制作镜像
如果没有指定[REPOSITORY[:TAG]],REPOSITORY和TAG都为<none>
提交的时候标记TAG号: 生产当中常用，后期可以根据TAG标记创建不同版本的镜像以及创建不同版本的容器

基于容器手动制作镜像步骤具体如下:

在容器里面做配置操作
提交为一个新镜像 docker commit基于自己的镜像创建容器并测试访问

1.5.1.2 实战案例: 基于 rocky8.5 制作自我需求的rocky 镜像

#运行容器
[root@rocky8 ~]$ docker run -it rockylinux:9-minimal sh
#安装基础包
[root@c85d96e2158a ~]# yum -y install bash-completion psmisc tree vim lsof iproute git net-tools
#创建组和用户
[root@c85d96e2158a ~]# groupadd -g 88 www
[root@c85d96e2158a ~]# useradd -g www -u 88 -r -s /sbin/nologin -M -d /home/www www
[root@c85d96e2158a ~]# id www
uid=88(www) gid=88(www) groups=88(www)
#清楚yum缓存，减少制作的镜像的大小
[root@rocky8 ~]$ docker commit rocky9 rockylinux:v8.5-2023-01-17
sha256:1af952b962d9501a4249c69132baa733e384933c6db76d0794a40998c38af588
[root@rocky8 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rockylinux v8.5-2023-01-17 1af952b962d9 3 seconds ago 327MB

1.5.2 利用 DockerFile 文件执行 docker build 自动构建镜像

1.5.2.1 Dockerfile 文件格式

Dockerfile 是一个有特定语法格式的文本文件
dockerfile 官方说明: https://docs.docker.com/engine/reference/builder/
帮助: man 5 dockerfile
Dockerfile 文件说明

Dockerfile

不区分大小写

惯例使用大写

一行只支持一条指令

多个参数

从上至下

多条指令合并成一条指令

最常变化的内容放下dockerfile的文件的后面

1.5.2.2 Dockerfile 相关指令

dockerfile 文件中的常见指令:

ADD
COPY
ENV
EXPOSE
FROM
LABEL
STOPSIGNAL
USER
VOLUME
WORKDIR

进入原文参与互动