docker
查看docker支持的所有命令和参数。
➜ ~ docker
Management Commands:config Manage Docker configscontainer Manage containersimage Manage imagesnetwork Manage networksnode Manage Swarm nodesplugin Manage pluginssecret Manage Docker secretsservice Manage servicesstack Manage Docker stacksswarm Manage Swarmsystem Manage Dockertrust Manage trust on Docker imagesvolume Manage volumesCommands:attach Attach local standard input, output, and error streams to a running containerbuild Build an image from a Dockerfilecommit Create a new image from a container's changescp Copy files/folders between a container and the local filesystemcreate Create a new containerdeploy Deploy a new stack or update an existing stackdiff Inspect changes to files or directories on a container's filesystemevents Get real time events from the serverexec Run a command in a running containerexport Export a container's filesystem as a tar archivehistory Show the history of an imageimages List imagesimport Import the contents from a tarball to create a filesystem imageinfo Display system-wide informationinspect Return low-level information on Docker objectskill Kill one or more running containersload Load an image from a tar archive or STDINlogin Log in to a Docker registrylogout Log out from a Docker registrylogs Fetch the logs of a containerpause Pause all processes within one or more containersport List port mappings or a specific mapping for the containerps List containerspull Pull an image or a repository from a registrypush Push an image or a repository to a registryrename Rename a containerrestart Restart one or more containersrm Remove one or more containersrmi Remove one or more imagesrun Run a command in a new containersave Save one or more images to a tar archive (streamed to STDOUT by default)search Search the Docker Hub for imagesstart Start one or more stopped containersstats Display a live stream of container(s) resource usage statisticsstop Stop one or more running containerstag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGEtop Display the running processes of a containerunpause Unpause all processes within one or more containersupdate Update configuration of one or more containersversion Show the Docker version informationwait Block until one or more containers stop, then print their exit codes➜ ~ docker -v
Docker version 18.06.1-ce, build e68fc7a➜ ~ docker info
docker COMMAND --help
查看某个命令的帮助文档:用途、参数
➜ ~ docker image --helpUsage: docker image COMMANDManage imagesCommands:build Build an image from a Dockerfilehistory Show the history of an imageimport Import the contents from a tarball to create a filesystem imageinspect Display detailed information on one or more imagesload Load an image from a tar archive or STDINls List imagesprune Remove unused imagespull Pull an image or a repository from a registrypush Push an image or a repository to a registryrm Remove one or more imagessave Save one or more images to a tar archive (streamed to STDOUT by default)tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGERun 'docker image COMMAND --help' for more information on a command.
➜ ~ docker image build --helpUsage: docker image build [OPTIONS] PATH | URL | -Build an image from a DockerfileOptions:--add-host list Add a custom host-to-IP mapping (host:ip)--build-arg list Set build-time variables--cache-from strings Images to consider as cache sources--cgroup-parent string Optional parent cgroup for the container--compress Compress the build context using gzip--console Show console output (with buildkit only) (true, false, auto) (default auto)--cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period--cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota-c, --cpu-shares int CPU shares (relative weight)--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)--disable-content-trust Skip image verification (default true)-f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile')--force-rm Always remove intermediate containers--iidfile string Write the image ID to the file--isolation string Container isolation technology--label list Set metadata for an image-m, --memory bytes Memory limit--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap--network string Set the networking mode for the RUN instructions during build (default "default")--no-cache Do not use cache when building the image--platform string Set platform if server is multi-platform capable--pull Always attempt to pull a newer version of the image-q, --quiet Suppress the build output and print image ID on success--rm Remove intermediate containers after a successful build (default true)--security-opt strings Security options--shm-size bytes Size of /dev/shm--squash Squash newly built layers into a single new layer--stream Stream attaches to server to negotiate build context-t, --tag list Name and optionally a tag in the 'name:tag' format--target string Set the target build stage to build.--ulimit ulimit Ulimit options (default [])
docker search
搜索镜像。
➜ ~ docker search openjdk
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
eclipse-temurin Official Images for OpenJDK binaries built b… 525 [OK]
openjdk Pre-release / non-production builds of OpenJ… 522 [OK]
Docker Hub ( https://hub.docker.com/ ) Docker官方仓库,用于搜索仓库中的镜像,以及查看镜像中的具体使用文档等,也可以将自己的镜像推送到官方仓库中。
docker login
登录docker仓库。
➜ ~ docker login -u 用户名 -p 密码
Login Succeeded
docker pull
docker pull <image_name[:tag]> : 拉取某个镜像如果省略tag默认拉取latest。
➜ ~ docker pull openjdk:11
11: Pulling from library/openjdk
001c52e26ad5: Pull complete
d9d4b9b6e964: Pull complete
2068746827ec: Pull complete
9daef329d350: Pull complete
d85151f15b66: Pull complete
66223a710990: Pull complete
db38d58ec8ab: Pull complete
Digest: sha256:99bac5bf83633e3c7399aed725c8415e7b569b54e03e4599e580fc9cdb7c21ab
Status: Downloaded newer image for openjdk:11# 拉取centos容器
docker pull centos
docker images
# 查看本地所有镜像列表。
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
openjdk 11 47a932d998b7 19 months ago 654MB# 查看指定镜像
➜ ~ docker images openjdk
REPOSITORY TAG IMAGE ID CREATED SIZE
openjdk 11 47a932d998b7 19 months ago 654MB
docker rmi
删除镜像,-f : 表示强制force删除,默认只能删除未使用的,删除时可以使用容器名:标签,也可以使用容器的id。
➜ ~ docker rmi -f openjdk:11
➜ ~ docker rmi openjdk:11
Untagged: openjdk:11
Untagged: openjdk@sha256:99bac5bf83633e3c7399aed725c8415e7b569b54e03e4599e580fc9cdb7c21ab
Deleted: sha256:47a932d998b743b9b0bcce55aa8ede77de94a6a183c8a67dec9d5e3b8ce0faa7
Deleted: sha256:a99b7985263322d8e9da8c89f2f57b2e703cc2f8ad8ea87fb0ee402bb6162b78
Deleted: sha256:f751ef4f6907367707782910911112642b84b2d01ac8003d7c13fe8d76b5ae3d
Deleted: sha256:e7dd29f3ffa73e8d8d9ccb88f1507bb35fe14749d2f5a7c1a44b33ea62a13a1b
Deleted: sha256:1376fe23991c7bd9ac29c2469f6489e5e68b2311f78191e87c47acd67e846372
Deleted: sha256:935ab298b59cf4955c8a62f40960766ceedee432fde87f22a71d557be7e05d0a
Deleted: sha256:6fa094ba2e6e15e0fab64e7d1372945f05e70ed3bdf6fd90409153d7ec19d160
Deleted: sha256:9c742cd6c7a5752ee36be8ecb14be45c0885e10e6dd34f26a9ae3eb096c5d492
docker save & docker load
docker save : 将本地镜像打成压缩包tar,docker load:将镜像压缩包加载进来。
# -o:output
➜ ~ docker save -o openjdk11.tar openjdk:11
➜ ~ docker rmi openjdk:11
Untagged: openjdk:11
Untagged: openjdk@sha256:99bac5bf83633e3c7399aed725c8415e7b569b54e03e4599e580fc9cdb7c21ab
Deleted: sha256:47a932d998b743b9b0bcce55aa8ede77de94a6a183c8a67dec9d5e3b8ce0faa7
Deleted: sha256:a99b7985263322d8e9da8c89f2f57b2e703cc2f8ad8ea87fb0ee402bb6162b78
Deleted: sha256:f751ef4f6907367707782910911112642b84b2d01ac8003d7c13fe8d76b5ae3d
Deleted: sha256:e7dd29f3ffa73e8d8d9ccb88f1507bb35fe14749d2f5a7c1a44b33ea62a13a1b
Deleted: sha256:1376fe23991c7bd9ac29c2469f6489e5e68b2311f78191e87c47acd67e846372
Deleted: sha256:935ab298b59cf4955c8a62f40960766ceedee432fde87f22a71d557be7e05d0a
Deleted: sha256:6fa094ba2e6e15e0fab64e7d1372945f05e70ed3bdf6fd90409153d7ec19d160
Deleted: sha256:9c742cd6c7a5752ee36be8ecb14be45c0885e10e6dd34f26a9ae3eb096c5d492
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE# -i: input
➜ ~ docker load -i openjdk11.tar
9c742cd6c7a5: Loading layer [==================================================>] 129.2MB/129.2MB
03127cdb479b: Loading layer [==================================================>] 11.3MB/11.3MB
293d5db30c9f: Loading layer [==================================================>] 19.31MB/19.31MB
9b55156abf26: Loading layer [==================================================>] 156.5MB/156.5MB
b626401ef603: Loading layer [==================================================>] 11.74MB/11.74MB
826c3ddbb29c: Loading layer [==================================================>] 3.584kB/3.584kB
7b7f3078e1db: Loading layer [==================================================>] 337.8MB/337.8MB
Loaded image: openjdk:11➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
openjdk 11 47a932d998b7 19 months ago 654MB
docker volume
volume 数据卷,用于宿主机目录和容器中的目录的双向绑定互相映射用的。映射后,可以直接在宿主机上修改容器上的文件,同样在容器中修改文件也会同步修改宿主机上。
数据卷挂载的好处:
- 修改查看方便,不需要再登录到容器内部查看,只需要在宿主机上查看即可。
- 像配置文件(如conf.d)、数据文件(如mysql的data目录) 是需要持久化的,防止容器出现问题时重要数据丢失。
# 创建数据卷,默认挂载在/var/lib/docker/volumes/目录下
docker volumn create <数据卷名>
# 查看所有数据卷名
docker volumn ls
# 查看数据卷详情
docker volumn inspect <数据卷名>
# 删除指定的数据卷
docker volumn rm <数据卷名>
# 删除所有未使用的数据卷
docker volumn prune
➜ ~ docker volume create html
html
➜ ~ docker volume ls
DRIVER VOLUME NAME
local html
➜ ~ docker volume inspect html
[{"CreatedAt": "2024-03-23T14:27:17Z","Driver": "local","Labels": {},"Mountpoint": "/var/lib/docker/volumes/html/_data","Name": "html","Options": {},"Scope": "local"}
]
➜ ~ docker volume rm html
html➜ ~ docker volume prune
WARNING! This will remove all local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
docker run
docker run :如果镜像不存在先下载镜像并运行镜像,注意:每次运行都会创建一个新的容器。
# -i: 创建一个交互式容器
# -t: --tty tty终端(分配一个终端来操作容器)
# -d: --detach 后台运行
# --name: 容器名称(唯一)
# -p: port 端口映射 宿主机端口:容器端口
# -v:volume, 数据卷目录映射双向绑定,可以使用数据卷名映射容器目录,也可以直接使用将宿主机目录映射到容器目录(宿主机目录必须以/或者./开头)
# -e:environment 环境参数,镜像内部需要使用到的参数
# 如果省略tag默认为latest,如果拉取的镜像是指定版本的,这里要显式指定版本号# 创建交互式容器
docker run -itd \--name <container name> \-p 宿主机端口:容器端口 \-e 环境变量名=值 \-v 宿主机目录:容器目录 \<image name[:tag]>
# 关于mysql的所有配置都可以在Docker Hub上查到
➜ ~ docker run -d \--name mysql \-p 3307:3306 \-e TZ=Asia/Shanghai \-e MYSQL_ROOT_PASSWORD=123456 \-v /Users/mengday/Softwares/Linux/volumes/mysql/data:/var/lib/mysql \-v /Users/mengday/Softwares/Linux/volumes/mysql/conf:/etc/mysql/conf.d \mysql:5.7.34
Unable to find image 'mysql:5.7.34' locally
5.7.34: Pulling from library/mysql
b4d181a07f80: Pull complete
a462b60610f5: Pull complete
578fafb77ab8: Pull complete
524046006037: Pull complete
d0cbe54c8855: Pull complete
aa18e05cc46d: Pull complete
32ca814c833f: Pull complete
52645b4af634: Pull complete
bca6a5b14385: Pull complete
309f36297c75: Pull complete
7d75cacde0f8: Pull complete
Digest: sha256:1a2f9cd257e75cc80e9118b303d1648366bc2049101449bf2c8d82b022ea86b7
Status: Downloaded newer image for mysql:5.7.34
df4a9dbf3661ee5b14fda3fe3e754d276f1bc2c5b81c68c9d998b74e10c076ff
docker inspect
查看容器的所有配置详情:如数据卷挂载、端口映射、环境变量、IP地址 等。
➜ ~ docker inspect mysql
[{"Id": "4013c283ea9cf2d01f8b51e501296295813cd37646283597adfb0635a0558d27","HostConfig": {"Binds": ["/Users/mengday/Softwares/Linux/volumes/mysql/data:/var/lib/mysql","/Users/mengday/Softwares/Linux/volumes/mysql/conf:/etc/mysql/conf.d"]},"Mounts": [{"Type": "bind","Source": "/Users/mengday/Softwares/Linux/volumes/mysql/data","Destination": "/var/lib/mysql"},{"Type": "bind","Source": "/Users/mengday/Softwares/Linux/volumes/mysql/conf","Destination": "/etc/mysql/conf.d" }],"Config": {"Hostname": "4013c283ea9c","Env": ["TZ=Asia/Shanghai","MYSQL_ROOT_PASSWORD=123456","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","GOSU_VERSION=1.12","MYSQL_MAJOR=5.7","MYSQL_VERSION=5.7.34-1debian10"],"Cmd": ["mysqld"],"Image": "mysql:5.7.34","Entrypoint": ["docker-entrypoint.sh"]},"NetworkSettings": {"Ports": {"3306/tcp": [{"HostIp": "0.0.0.0","HostPort": "3307"}]},"Gateway": "172.17.0.1","IPAddress": "172.17.0.2"}}
]# 查看容器的ip地址属性,docker的ip为172.17.0.1,其它容器的依次是172.17.0.2递增
docker inspect -f='{{.NetworkSettings.IPAddress}}' container_name/container_id
docker network
查看Docker的IP。
yum install net-tools -y
ifconfig
Docker在安装的是会创建一个docker0网卡,每个容器都有自己的IP地址,默认情况下所有容器都是以bridge的方式连接到Docker的一个虚拟网桥上 172.17.0.1/16, /16表示IP前两段是固定的,只有后两段式可以变的,在同一个网段的容器之间时可以互相访问的,但是容器的IP地址会变的,通过容器的IP地址访问不可靠,可以通过自定义网络,自定义网络可以通过容器名来互相访问。
# 网络列表,默认的是桥接方式bridge可以和宿主机和外网通信
docker network ls# 查看使用bridge的容器
docker network inspect bridge# 创建一个网络
docker network create <网络名># 删除某个自定义网络
docker network rm <网络名>
# 删除所有未使用的网络
docker network prune
➜ ~ docker network ls
NETWORK ID NAME DRIVER SCOPE
f18b70eee01c bridge bridge local
bcb18ec1867c host host local
75d5d48759de none null local
➜ ~
➜ ~ docker network inspect bridge
[{"Name": "bridge","Id": "f18b70eee01cbc5d52dd1d29d082c566b78b8da4292db3f89fe348a02891680c","Created": "2024-03-23T04:32:41.393581303Z","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"ab9f14e882ff74a2de99fa979fb09f20f31cc0808b700c894bc7c6a705380349": {"Name": "mysql","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}},"NetworkSettings": {"Bridge": "","Gateway": "172.17.0.1","IPAddress": "172.17.0.2","MacAddress": "02:42:ac:11:00:02","Networks": {"bridge": {"Gateway": "172.17.0.1","IPAddress": "172.17.0.2","MacAddress": "02:42:ac:11:00:02"}}}
]➜ ~ docker network create mynet
4e710a555792fe1e70f176367051b8797e310a8c448bbcab31bbe3391b02863d
docker top
查看容器的进程信息
docker top <container_name/container_id>
docker top <container_name/container_id> -eo pid,comm➜ ~ docker top mysql
PID USER TIME COMMAND
78460 999 0:03 mysqld
➜ ~
➜ ~ docker top mysql -eo pid,comm
PID COMMAND
78460 mysqld
docker ps
查看容器。
# 查看启动的容器
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b11fc9977f1 mysql:5.7.34 "docker-entrypoint.s…" 9 minutes ago Up 9 minutes 33060/tcp, 0.0.0.0:3307->3306/tcp mysql# 查看所有容器 -a=all
➜ ~ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b11fc9977f1 mysql:5.7.34 "docker-entrypoint.s…" 9 minutes ago Up 9 minutes 33060/tcp, 0.0.0.0:3307->3306/tcp mysql# 查看最后一次运行的容器
docker ps -l# 查看容器的CONTAINER ID
docker ps -q# -f指定格式
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Ports}}\t{{.Status}}\t{{.Names}}"docker stop & docker attach &docker start & docker restart
停止容器。
➜ ~ docker stop mysql
mysql# 后台启动一个容器后,使用该命令进入这个容器
docker attach container_name/container_id
# 启动容器
docker start container_name/container_id
# 重启容器
docker restart container_name/container_id
docker rm
删除容器。
➜ ~ docker rm mysql
mysql# 删除所有停止的容器
# -a: all 显示所有容器
# -q: quiet 只显式容器id这列的值
docker rm $(docker ps -a -q)
将容器加入自定义网络,凡是加入自定义网络的容器间都可以相互访问。
# 运行时指定容器
➜ ~ docker run -d \--name mysql \-p 3307:3306 \-e TZ=Asia/Shanghai \-e MYSQL_ROOT_PASSWORD=123456 \--network mynet \-v /Users/mengday/Softwares/Linux/volumes/mysql/data:/var/lib/mysql \-v /Users/mengday/Softwares/Linux/volumes/mysql/conf:/etc/mysql/conf.d \mysql:5.7.34
2b11fc9977f180129fd2ef92fcc45a6c6286c2c64df8aab0bf5026928deedb67➜ ~ docker inspect mysql[{"NetworkSettings": {# mynet 自定义网络"Networks": {"mynet": {"NetworkID": "4e710a555792fe1e70f176367051b8797e310a8c448bbcab31bbe3391b02863d","EndpointID": "40d3dbb19c7260448026b3fa5a6059a12c5e129cff2c1505e006a05e5f100753","Gateway": "172.18.0.1","IPAddress": "172.18.0.2","MacAddress": "02:42:ac:12:00:02"}}}}
]
docker network connect & docker network disconnect
# 将某个容器加入到自定义的网络
docker network connect <网络名> <容器名># 断开某个网络
docker network disconnect <网络名> <容器名>
docker exec & exit
docker exec 进入容器执行和容器相关的命令。
# 进入镜像
docker exec -it <image_name> /bin/bash
docker exec -it <image_name> bash
# 可以直接跟bash的命令
docker exec -it <image_name> 应用命令
docker exec -it mysql mysql -root -p
# 交互式容器:exit会停止运行容器
# 守护式容器:exit会退出容器,并不会停止运行容器
exit
# 进入容器,@后面是容器的id
➜ ~ docker exec -it mysql /bin/bash
root@2b11fc9977f1:/# pwd
/
# 登录mysql
root@2b11fc9977f1:/# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.34 MySQL Community Server (GPL)Copyright (c) 2000, 2021, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.13 sec)# 退出mysql
mysql> quit;
Bye# 退出容器
root@2b11fc9977f1:/# exit
exit➜ ~docker cp
# 将宿主机中的文件拷贝到某个容器的某个目录下
docker cp 文件名 容器名:/目录# 将某个容器中的某个文件拷贝到宿主机中
docker cp 容器名:/文件 目录docker logs
查看容器日志,常用于查看Java输出的日志。
# 查看容器日志
docker logs container_name/container_id
# 查看容器日志:-f:持续输出
docker logs -f container_name/container_id docker build
# 编译镜像
# -f = --file Dockerfile的路径
# -t = --tag 'name:tag'格式, 标签就是版本号,可以为数字如1.0.0也可以是字母如latest
# build-content-path Dockerfile所在的目录 . 表示当前目录
docker build -t <name:tag> <build-content-path>
docker tag
# 打标签
docker tag <image_name:tag> <仓库地址/仓库名:版本号>
docker push
将镜像推送到远程仓库。
docker push <用户名>/<仓库名>:<Tag>
![[BT]BUUCTF刷题第6天(3.24)](https://img-blog.csdnimg.cn/direct/a0b2b2c123d146f0bf6c1177fe622ab0.png)
