Docker container
docker container is another core concept. Container is a running instance of image. The difference is that the image is a static read-only file, the container has a writable layer required by the runtime, and the application process in the container is running.
Virtual machine is to simulate a whole set of operating system. docker only runs one application and its running environment.
Create container
- New container, docker [container] create command new container is in stop state
[root@docker01 ~]# docker create -it ubuntu:18.04 550c14d7db29b3fbcdff0819546403779f8ce717fa2a5012909b057c2f8b1806 [root@docker01 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 550c14d7db29 ubuntu:18.04 "/bin/bash" 34 seconds ago Created kind_rosalind
- Start the container. The docker [container] start command starts a container that has been created
[root@docker01 ~]# docker start 55 55 [root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 550c14d7db29 ubuntu:18.04 "/bin/bash" 2 minutes ago Up 5 seconds kind_rosalind
- Create and start a container. In addition to creating a container and starting it with the start command, you can also create and start it directly. docker [container] run
[root@docker01 ~]# docker run ubuntu:18.04 /bin/echo 'hello' hello
When / bin/echo 'hello' is executed, the container will automatically terminate.
When using docker run to create a startup container, it includes:
1. Check whether there is a specified image in the local area. If there is no image in the public warehouse;
2. Create an easy to use image and start;
3. Allocate a file system to the container, and attach a read-write layer to the read-only image;
4. Bridge a virtual machine port to the container from the bridge interface of the host;
5. The bridge address pool assigns an ip address to the container;
6. Execute user application;
7. Container auto terminate
Start a bash terminal to allow users to interact[root@docker01 ~]# docker run -it ubuntu:18.04 /bin/bash root@4d99166324fb:/# pwd / root@4d99166324fb:/# ls bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr
-t: Assign a pseudo TTY to the docker and bind it to the container's standard input
-i: Keep container standard input open - Run in the background. More often, you need to allow the docker container to run in the form of Daemonized in the background
[root@docker01 ~]# docker run -d ubuntu:18.04 /bin/bash -c "while true;do echo 'hello';sleep 1;done" [root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a5d805944192 ubuntu:18.04 "/bin/sh -c 'while t..." 4 seconds ago Up 3 seconds frosty_joliot
- View container output, docker [container] logs
[root@docker01 ~]# docker logs a5d805944192 hello hello hello ...
Stop container
- Pause container, docker [container] pause CONTAINER [CONTAINER...]
Execute at one terminal[root@docker01 ~]# docker run --name test --rm -it ubuntu bash root@98eedc501dec:/#
Another terminal execution, pause
[root@docker01 ~]# docker pause test test [root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 98eedc501dec ubuntu "bash" 2 minutes ago Up 2 minutes (Paused) test
recovery
[root@docker01 ~]# docker unpause test test
- Terminating container
[root@docker01 ~]# docker stop test test
- Restarting container
[root@docker01 ~]# docker restart test test
Container entry
If you need to enter the container for operation, it is recommended to use the official attach or exec command.
The command format for attach is:
docker attach [--detach-key[=[]]] [--no-stdin] [--sig-proxy[=true]] CONTAINER
-Detach key [= []] (specifies the shortcut key to exit the attach mode, which is Ctrl + P Ctrl + Q by default;
--No stdin = true | false ා close standard input or not. It is kept on by default;
--SIG proxy = treu| false ා whether to proxy the received system signal to the application, which is on by default;[root@docker01 ~]# docker run -itd ubuntu:18.04 b82dba0090bcb85fafdeef03e67f9973426965f2792efae73de1c07eb0b44bc2 [root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b82dba0090bc ubuntu:18.04 "/bin/bash" 52 seconds ago Up 50 seconds fervent_maxwell [root@docker01 ~]# docker attach fervent_maxwell root@b82dba0090bc:/#
exec is a more convenient tool after 1.3.0 docker, which can directly execute any command in the running container.
docker exec [-d|--detach] [--detach-keys[=[]]] [-i|--interactive] [--privileged] [-t|--tty] [-u|--user[=USER]] CONAINER COMMAND [ARG...]
-d ා executing commands in the background in the container
--Detach keys = "" specifies the key for the container to switch back to the background
-e ා specify environment variable list
-i ා open standard input to accept user input command, default to false
--privileged=treu|false ා whether to give the highest permission to execute the command, false by default
-t ා assign pseudo terminal, default false
-u ා user name or ID of the command executed[root@docker01 ~]# docker exec -it f2554976971b /bin/bash root@f2554976971b:/# w 08:02:18 up 2 days, 18:58, 0 users, load average: 0.03, 0.03, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root@f2554976971b:/# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 08:01 pts/0 00:00:00 /bin/bash root 10 0 0 08:02 pts/1 00:00:00 /bin/bash root 20 10 0 08:02 pts/1 00:00:00 ps -ef
At this time, a new bash terminal will be opened, and the user will interact with the container without affecting other applications in the container.
Delete container
However, use the docker [container] RM command to delete a container in the terminated or exited state. docker [container] rm [-f|--force] [-l|--link] [-v|--volumes] CONTIAINER
-f ා force termination and deletion of a running container
-l ා delete the container's link, but keep the container
-v ා delete the data volume attached to the container
View containers in stopped state and delete[root@docker01 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f2554976971b ubuntu:18.04 "/bin/bash" 46 hours ago Up 46 hours focused_joliot b82dba0090bc ubuntu:18.04 "/bin/bash" 47 hours ago Exited (0) 46 hours ago fervent_maxwell [root@docker01 ~]# docker rm b82dba0090bc b82dba0090bc
Export container
It is used to migrate containers from one system to another. At this time, you can use the import and export functions of docker.
1. Export container means to export a created container to a file, regardless of whether the container is running at this time. docker [container] export [-o|--output[=""]] CONTAINER
-o ා specify the name of the exported tar file, which can also be directly realized by retargeting[root@docker01 docker]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f2554976971b ubuntu:18.04 "/bin/bash" 47 hours ago Up 47 hours focused_joliot a5d805944192 ubuntu:18.04 "/bin/sh -c 'while t..." 2 days ago Exited (137) 2 days ago frosty_joliot [root@docker01 docker]# docker export a5d805944192 > test_ubuntu2.tar [root@docker01 docker]# docker export -o test_ubuntu.tar a5d805944192 [root@docker01 docker]# ls test_ubuntu2.tar test_ubuntu.tar
Import container
The exported file can be imported into a mirror by using the docker [container] import command. docker import [-c|--change[=[]]] [-m|--message[=MESSAGE]] file|URL| -[REPOSITORY[:TAG]]
-c ා the Dockerfile command to modify the container is executed at the same time of re pouring[root@docker01 docker]# docker import test_ubuntu.tar test111/ubuntu:v1.0 sha256:6c5cd99408ca4648c4d3e5560280e75633e3fbcfdba2778d1b69e4353fb27cc9 [root@docker01 docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test111/ubuntu v1.0 6c5cd99408ca 13 seconds ago 64.2M
Note: the difference between docker load and docker import is that the docker import discards all historical records and metadata information, and only saves the snapshot status of the container at that time. The docker load file will save the complete record, which is larger.
View container
1. To view container details, docker container inspect [OPTIONS] ONTAINER
[root@docker01 docker]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f2554976971b ubuntu:18.04 "/bin/bash" 47 hours ago Up 47 hours focused_joliot [root@docker01 docker]# docker container inspect frosty_joliot [ { "Id": "a5d8059441922d3157d2af1d0ab0a724acf13fbe8bb60ddb92fa2536620c2f84", "Created": "2020-03-05T05:50:37.692124654Z", "Path": "/bin/sh", "Args": [ "-c", "while true;do echo hello;sleep 1;done" ], "State": { "Status": "exited",Viewing the specific information of a container will return various information including ID, creation time, path, status, image, configuration, etc. in json format.
2. Check the process in the container, docker [container] top [OPTIONS] CONTAINER, similar to the top command of linux, including PID, user, time, command, etc. Must be a running container to view[root@docker01 docker]# docker top focused_joliot UID PID PPID C STIME TTY TIME CMD root 12365 12348 0 Mar05 pts/0 00:00:00 /bin/bash root 12431 12348 0 Mar05 pts/1 00:00:00 /bin/bash
3. To view statistics, docker [container] status [OPTIONS] [CONTAINER] displays statistics of CPU, memory, storage, network and other usage.
-a. -- all ා output all container statistics, only in operation by default
-format string ා format output information
-No stream does not output continuously, and the continuous real-time results will be updated automatically by default
-No TRUNC - no truncation of output information
[root@docker01 docker]# docker stats focused_joliot CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS f2554976971b focused_joliot 0.00% 824KiB / 15.51GiB 0.01% 648B / 0B 0B / 0B 2
Other container commands
1. Copy file
container cp supports copying files between container and host. Docker [container] CP [options] container: SRC ﹣ path dest ﹣ path|-
-a. - Archive ා packaging mode, the copied file will have the original UID/GID information
-50. - follow link ා follow the soft link. When the original path is a soft link, only the link information is copied by default. Using this option, the target content of the link will be copied.
Copy the native directory oglab/python to the container's / tmp path
[root@docker01 oglab]# docker cp Python-3.8.2 focused_joliot:/tmp
2. View changes
[root@docker01 oglab]# docker container diff focused_joliot A /tmp/Python-3.8.2/Lib/test/test_asyncio/test_streams.py A /tmp/Python-3.8.2/Lib/test/test_asyncio/test_transports.py A /tmp/Python-3.8.2/Lib/test/test_asyncio/__init__.py A /tmp/Python-3.8.2/Lib/test/test_asyncio/echo.py A /tmp/Python-3.8.2/Lib/test/test_asyncio/test_queues.py A /tmp/Python-3.8.2/Lib/test/test_distutils.py A /tmp/Python-3.8.2/Lib/test/test_posixpath.py A /tmp/Python-3.8.2/Lib/test/test_subclassinit.py A /tmp/Python-3.8.2/Lib/test/xmltestdata ...
3. To view the port mapping, the container port command can view the port mapping of the container. docker container port CONTAINER [PRIVATE_PORT[/PROTO]]
[root@docker01 oglab]# docker container port focused_joliot
4. Update configuration. The container update command can update some runtime configurations of the container, mainly some resource limit shares. docker [container] update [OPTIONS] CONTAINER
Limit total quota to 1 second, container time to 10%, unit delicate
[root@docker01 oglab]# docker update --cpu-quota 1000000 f2554976971b f2554976971b [root@docker01 oglab]# docker update --cpu-period 1000000 f2554976971b f2554976971b