目录
- 前言
- 查找镜像
- 可视化查找镜像
- docker命令查找镜像
- 镜像操作
- 拉取镜像
- 查看本地已拉取的镜像
- 删除镜像
- 创建容器
- 创建但不运行容器
- 创建并运行容器
- 删除容器
- 管理容器
- 查看运行着的容器
- 查看本地已创建的容器(运行着的+未运行着的)
- 启动容器
- 停止运行容器
- 重启容器
- 更新容器配置
- 查看容器日志
- 查看容器的运行日志
- 容器自动启动/容器随docker自动启动
- 创建容器时,设置容器随docker自动启动
- 设置容器的重启策略
- `--restart`选项
- 查看容器的重启策略
- 指定容器使用的内存
- 创建容器时指定容器使用的内存
- 修改正在运行的容器的内存大小
- 容器提升权限
- Docker的`--privileged=true`选项
- Docker的`--cap-add=xxx`选项
- 登录到容器内进行操作
- 登录到容器的控制台
- 以root用户登录控制台
- vi命令
- 安装vim命令
- 端口
- 查看容器的端口映射
- 修改docker容器配置,设置/修改端口映射
- 进程ID
- 已知容器,查询进程ID
- 已知进程ID,查询容器
- 网络
- 查看Docker创建的网络
- Docker创建网络
- 查看网络
- 向网络中添加容器
- 从网络中移除容器
- 查看网络中的容器
- 查看容器的网络
- 查看容器的IP
- 容器的固定IP地址
- docker 与 宿主之间文件互相拷贝
- 从 docker 向宿主拷贝文件
- 从宿主向 docker 拷贝文件
- 查看docker容器的系统版本
- 查看容器的系统版本
- 查看docker容器的宿主机的系统版本
- 参考
前言
- CentOS Linux release 7.9.2009
- Docker version 19.03.14
- 先拉取镜像 -> 通过镜像创建容器 -> 启动、关闭、重启容器 -> 再登录到容器的控制台进行操作
查找镜像
可视化查找镜像
在 docker hub 上搜索镜像。
docker命令查找镜像
这种方式查找镜像时,结果比较糙,不能查看每个镜像有哪些tag
。
shell> docker search mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10637 [OK]
mariadb MariaDB Server is a high performing open sou… 3991 [OK]
mysql/mysql-server Optimized MySQL Server Docker images. Create… 779 [OK]
percona Percona Server is a fork of the MySQL relati… 528 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 87
mysql/mysql-cluster Experimental MySQL Cluster Docker images. Cr… 79
centurylink/mysql Image containing mysql. Optimized to be link… 59 [OK]
bitnami/mysql Bitnami MySQL Docker Image 49 [OK]
deitch/mysql-backup REPLACED! Please use http://hub.docker.com/r… 41 [OK]
databack/mysql-backup Back up mysql databases to... anywhere! 41
prom/mysqld-exporter 37 [OK]
tutum/mysql Base docker image to run a MySQL database se… 35
schickling/mysql-backup-s3 Backup MySQL to S3 (supports periodic backup… 29 [OK]
linuxserver/mysql A Mysql container, brought to you by LinuxSe… 27
centos/mysql-56-centos7 MySQL 5.6 SQL database server 20
circleci/mysql MySQL is a widely used, open-source relation… 20
mysql/mysql-router MySQL Router provides transparent routing be… 18
arey/mysql-client Run a MySQL client from a docker container 17 [OK]
fradelg/mysql-cron-backup MySQL/MariaDB database backup using cron tas… 12 [OK]
yloeffler/mysql-backup This image runs mysqldump to backup data usi… 7 [OK]
openshift/mysql-55-centos7 DEPRECATED: A Centos7 based MySQL v5.5 image… 6
devilbox/mysql Retagged MySQL, MariaDB and PerconaDB offici… 3
ansibleplaybookbundle/mysql-apb An APB which deploys RHSCL MySQL 2 [OK]
jelastic/mysql An image of the MySQL database server mainta… 1
widdpim/mysql-client Dockerized MySQL Client (5.7) including Curl… 1 [OK]
镜像操作
拉取镜像
shell> docker pull 镜像名字:tag
- tag 不写时,默认为latest
比如:
shell> docker pull redis
等价于
shell> docker pull redis:latest
指定tag的示例:
shell> docker pull redis:6.2.1
shell> docker pull redis:6.2.1-alpine
shell> docker pull redis:6.2.1-alpine3.13
shell> docker pull redis:6.2-buster
查看本地已拉取的镜像
shell> docker images -a --no-trunc
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest sha256:a617c1c92774952d26fb87ba9a32fdc4d424fb7be02bbc84d6fefb517f3d4c6c 9 days ago 105MB
hello-world latest sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726 2 weeks ago 13.3kB
rabbitmq 3-management sha256:800294d91e3181d14a3b4920bbf348b5d407fc603f91f2b6310ea07284d8f6d2 2 months ago 198MB
mysql 5.6.40 sha256:50328380b2b44db6826909771a7059dbea575af52bc242dacd4f6e365f3592b7 2 years ago 256MB
或者:
shell> docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest a617c1c92774 9 days ago 105MB
hello-world latest d1165f221234 2 weeks ago 13.3kB
rabbitmq 3-management 800294d91e31 2 months ago 198MB
mysql 5.6.40 50328380b2b4 2 years ago 256MB
区别在于IMAGE ID
。简写的IMAGE ID
也有效。
删除镜像
使用 docker rmi
删除镜像:
shell> docker rmi --help
Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
Options:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents
示例:
# 通过 镜像名字:tag 定位镜像
shell> docker rmi mysql:5.6.40
Untagged: mysql:5.6.40
Untagged: mysql@sha256:4902cd80486dca889205576a698a3e6534376ef6d8b94ef9fc9c61e891f1cd15
Deleted: sha256:50328380b2b44db6826909771a7059dbea575af52bc242dacd4f6e365f3592b7
Deleted: sha256:697d89d941b59add425566c6c0c60d10bb4b21bf6f86ef7ddccb94ddae6cf20a
Deleted: sha256:c3e5f383007dbd1b8a4c327429272f3ab98cd183b6c17dbe281c0db2af0c5af3
Deleted: sha256:27d9bcc11f4e4db5f8b4327ec3aa29fd323e36a6c8a47bc17b9893981a0f4e56
Deleted: sha256:578ecce506d2e9293a0d3cd898345901dec4aaa3650f6e98235617838968f86b
Deleted: sha256:431c1168801316fa15f53294aa6769b97686371b056c9415672f700b0308bf2b
Deleted: sha256:bff479cb74c3b47307144d06e2a36f81ff96ee897afe374ef1c6ff6d83776738
Deleted: sha256:202db300227b8c870b421aa0a0a11b44cb916401ef3a34bcc2a5efcb30a3ea78
Deleted: sha256:20f3dff2c1b6f8409b53e4e203132f7ebb2dfd7dc612d87e4a93302a5a8f5c1a
Deleted: sha256:3131a4917b53634699929d8ff7e2b2bd9469f3f5ab08daf41d1c6b90e0f18b44
Deleted: sha256:9996a15396359708cb2177cfdbe8fcb9f65124142edb9b1d3550f3eb87360676
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
# 通过 镜像ID 定位镜像
shell> docker rmi 50328380b2b4
# 通过 镜像的长ID 定位镜像
shell> docker rmi 50328380b2b44db6826909771a7059dbea575af52bc242dacd4f6e365f3592b7
删除镜像的限制:
- docker会检查该镜像是否已经创建过容器。如果该镜像已经创建过容器,则不能删除。
- 先删除对应的容器,再删除镜像。
创建容器
创建但不运行容器
shell> docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
例如:
shell> docker create --name redisTest -p 6379:6379 redis --requirepass "redispassword"
创建并运行容器
shell> docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
例如:
shell> docker run -d --name redisTest -p 6379:6379 redis --requirepass "redispassword"
-
docker run [-d --name redisTest -p 6379:6379] redis --requirepass "redispassword"
[]中是 OPTIONS -
docker run -d --name redisTest -p 6379:6379 [redis] --requirepass "redispassword"
[]中是 IMAGE -
docker run -d --name redisTest -p 6379:6379 redis [--requirepass "redispassword"]
[]中是 ARG
删除容器
使用 docker rm
容器:
shell> docker rm --help
Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
Remove one or more containers
Options:
-f, --force Force the removal of a running container (uses SIGKILL)
-l, --link Remove the specified link
-v, --volumes Remove anonymous volumes associated with the container
示例:
# 通过 容器名称 定位容器
shell> docker rm redisTest
# 通过 容器ID 定位容器
shell> docker rm d66021564fd4
# 通过 容器的长ID 定位容器
shell> docker rm d66021564fd4260cc31840dd231a1c15e4928f46c4154f16f1cb8e524371e3cc
删除容器的限制:
- docker会检查该容器是否处于运行中。如果该容器处于运行中,则不能删除。
- 先停止运行容器,再删除容器。
管理容器
查看运行着的容器
使用 docker ps
查看正在运行的容器:
shell> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
566cc23c3aa1 redis "docker-entrypoint.s…" 4 hours ago Up 2 hours 0.0.0.0:6379->6379/tcp redisTest
9ac952ee4921 rabbitmq:3-management "docker-entrypoint.s…" 4 hours ago Up 2 hours 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 15691-15692/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp rabbitmq1
想看容器启动时执行的命令:
shell> docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
566cc23c3aa1af21cd55c8c87bf80b7b7318914cf84defc9ec0b36aa815fc0d1 redis "docker-entrypoint.sh --requirepass redispass" 4 hours ago Up 2 hours 0.0.0.0:6379->6379/tcp redisTest
9ac952ee49214c5e3ec43ef1c21e0580cf65439edc23cf4f1712a0572e41df20 rabbitmq:3-management "docker-entrypoint.sh rabbitmq-server" 4 hours ago Up 2 hours 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 15691-15692/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp rabbitmq1
查看本地已创建的容器(运行着的+未运行着的)
shell> docker ps -a --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d66021564fd4260cc31840dd231a1c15e4928f46c4154f16f1cb8e524371e3cc redis "docker-entrypoint.sh --requirepass redispass" 35 seconds ago Exited (0) 28 seconds ago redisTest
566cc23c3aa1af21cd55c8c87bf80b7b7318914cf84defc9ec0b36aa815fc0d1 redis "docker-entrypoint.sh --requirepass redis#abc" 4 hours ago Up 2 hours 0.0.0.0:6379->6379/tcp redisTest
9ac952ee49214c5e3ec43ef1c21e0580cf65439edc23cf4f1712a0572e41df20 rabbitmq:3-management "docker-entrypoint.sh rabbitmq-server" 4 hours ago Up 2 hours 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 15691-15692/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp rabbitmq1
d582dd3bbcea15b94676a8a7cb1bd30214cc071853fa39cd7a22142a6ff51b62 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago pedantic_elgamal
启动容器
shell> docker start redisTest
停止运行容器
shell> docker stop redisTest
重启容器
shell> docker restart redisTest
更新容器配置
shell> docker update --help
Usage: docker update [OPTIONS] CONTAINER [CONTAINER...]
Update configuration of one or more containers
Options:
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit the CPU real-time period in microseconds
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--help Print usage
--kernel-memory string Kernel memory limit
-m, --memory string Memory limit
--memory-reservation string Memory soft limit
--memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--restart string Restart policy to apply when a container exits
查看容器日志
[root@xxx ~]# docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs
-f, --follow Follow log output
--help Print usage
--since string Show logs since timestamp
--tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
查看容器的运行日志
docker logs
命令:
shell> docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
-n, --tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
示例:查看示例的实时日志
shell> docker logs -f --tail=10 redisTest
1:C 22 Mar 2021 09:35:32.126 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 22 Mar 2021 09:35:32.126 # Redis version=6.2.1, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 22 Mar 2021 09:35:32.126 # Configuration loaded
1:M 22 Mar 2021 09:35:32.127 * monotonic clock: POSIX clock_gettime
1:M 22 Mar 2021 09:35:32.127 * Running mode=standalone, port=6379.
1:M 22 Mar 2021 09:35:32.127 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 22 Mar 2021 09:35:32.127 # Server initialized
1:M 22 Mar 2021 09:35:32.127 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 22 Mar 2021 09:35:32.128 * Ready to accept connections
容器自动启动/容器随docker自动启动
容器的重启策略决定容器是否随docker自动启动。
创建容器时,设置容器随docker自动启动
创建容器时,添加--restart=always
参数可以设置容器随docker自动启动。
设置容器的重启策略
shell> docker update --restart=always redisTest
-
--restart=always
让容器自动运行。
--restart
选项
- no:默认策略,不自动重启容器。
- on-failure:容器非正常退出时(退出状态非0)自动重启容器。
- on-failure:3:容器非正常退出时自动重启容器,同时限制次数3次。
- always:总是自动重启容器。
- unless-stopped:除了已经停止的容器外,自动重启。这里的已停止的容器指:在Docker守护进程启动时就已停止了的容器。
查看容器的重启策略
shell> docker inspect -f '{{json .HostConfig.RestartPolicy}}' redisTest| jq
{
"Name": "always",
"MaximumRetryCount": 0
}
-
always
表示自动重启 -
no
表示不自动重启
指定容器使用的内存
创建容器时指定容器使用的内存
shell> docker help create
...
-m, --memory string Memory limit
...
示例:
shell> docker create --name redisTest -m 512M -p 6379:6379 redisTest
修改正在运行的容器的内存大小
shell> docker update --help
...
-m, --memory string Memory limit
...
示例
shell> docker update -m 512M redisTest
shell> docker update -m 1G --memory-swap 1G redisTest
PS1:内存改大时,注意宿主容器的内存余额是否足够。
PS2:内存改小时,如果报错,则停止容器再修改,修改完成后再启动容器。
容器提升权限
在默认情况下,Docker对容器的权限进行了严格的限制,只提供了有限的capabilities。此外,许多系统级别的操作(例如挂载文件系统、修改内核参数等)都是被禁止的。这种安全模型使得Docker可以在不牺牲安全性的前提下,实现轻量级的虚拟化。
然而,在某些情况下,我们可能需要赋予容器更多的权限。例如,如果我们需要在容器中运行一些需要特权的服务(如网络设备管理、硬件设备接口等),那么默认的权限可能就不够用了。这时候,–privileged=true选项就派上了用场。
Docker的--privileged=true
选项
shell> docker help create
...
--privileged=false Give extended privileges to this container
...
- 当使用–privileged=true选项运行容器时,Docker会赋予容器几乎与主机相同的权限
尽管–privileged=true选项为容器提供了强大的功能,但它也带来了一些严重的安全隐患。由于privileged容器具有几乎与主机相同的权限,所以如果容器被恶意代码控制,那么攻击者就可以轻易地突破容器的边界,对主机进行任意操作5。
因此,我们需要谨慎地使用–privileged=true选项,只在真正需要的情况下才启用它。在可能的情况下,我们应该尽量使用其他更细粒度的权限控制手段,例如通过–cap-add或–device参数来分别添加必要的capabilities或设备访问权限。
Docker的--cap-add=xxx
选项
…
登录到容器内进行操作
登录到容器的控制台
帮助文档:
shell> docker exec --help
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
Options:
-d, --detach Detached mode: run command in the background
--detach-keys string Override the key sequence for detaching a container
-e, --env list Set environment variables
-i, --interactive Keep STDIN open even if not attached
--privileged Give extended privileges to the command
-t, --tty Allocate a pseudo-TTY
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
-w, --workdir string Working directory inside the container
示例1:登录控制台
shell> docker exec -it redisTest /bin/bash
root@d66021564fd4:/data# redis-cli
127.0.0.1:6379> ping
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth redispass
OK
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> exit
root@d66021564fd4:/data# exit
exit
shell>
示例2:redis client
shell> docker exec -it redisTest redis-cli
127.0.0.1:6379> exit
shell> docker exec -it redisTest redis-cli
127.0.0.1:6379> ping
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth redispass
OK
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> exit
shell>
以root用户登录控制台
shell> docker exec -it --user root redisTest /bin/bash
root@d66021564fd4:/data#
vi命令
shell> docker exec -it redisTest /bin/bash
root@d66021564fd4:/data# vi /usr/local/etc/redis/redis.conf
安装vim命令
apt-get install vim
示例:
shell> docker exec -it redisTest /bin/bash
root@d66021564fd4:/data# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
vim-common vim-runtime xxd
Suggested packages:
ctags vim-doc vim-scripts
The following NEW packages will be installed:
vim vim-common vim-runtime xxd
0 upgraded, 4 newly installed, 0 to remove and 25 not upgraded.
Need to get 7390 kB of archives.
After this operation, 33.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian buster/main amd64 xxd amd64 2:8.1.0875-5 [140 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 vim-common all 2:8.1.0875-5 [195 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 vim-runtime all 2:8.1.0875-5 [5775 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 vim amd64 2:8.1.0875-5 [1280 kB]
Fetched 7390 kB in 13min 14s (9304 B/s)
... # 太长了,省略一部分
可能会遇到下面的错误
shell> docker exec -it redisTest bash
root@d66021564fd4:/data# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vim
此时,需要更新一下apt-get
shell> docker exec -it redisTest bash
root@d66021564fd4:/data# apt-get update
Get:1 http://deb.debian.org/debian buster InRelease [122 kB]
Get:2 http://repo.mysql.com/apt/debian buster InRelease [21.5 kB]
Get:3 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:4 http://repo.mysql.com/apt/debian buster/mysql-5.7 amd64 Packages [5673 B]
Get:5 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:6 http://deb.debian.org/debian buster/main amd64 Packages [7906 kB]
Get:7 http://security.debian.org/debian-security buster/updates/main amd64 Packages [308 kB]
Get:8 http://deb.debian.org/debian buster-updates/main amd64 Packages [15.2 kB]
Fetched 8496 kB in 6min 33s (21.6 kB/s)
Reading package lists... Done
然后再安装vim命令即可
端口
查看容器的端口映射
shell> docker port redisTest
6379/tcp -> 0.0.0.0:6380
修改docker容器配置,设置/修改端口映射
进程ID
已知容器,查询进程ID
shell> docker inspect -f "{{.State.Pid}}" redisTest
3025
已知进程ID,查询容器
shell> docker inspect -f "{{.Name}} {{.Id}} {{.State.Pid}} {{.Config.Hostname}}" $(docker ps -q) |grep 3025
/redisTest 085f181c3159695ac5936fea493d0209dae2532a219ec771c931f6ded50d8235 3025 085f181c3159
网络
查看Docker创建的网络
shell> docker network ls
NETWORK ID NAME DRIVER SCOPE
de30d6f965d0 bridge bridge local
80fed3e97a40 host host local
0c8ca63a758d kafka1_default bridge local
ad16e24b37de none null local
shell> docker network ls --no-trunc
NETWORK ID NAME DRIVER SCOPE
0c3ad235b6e5502be222590a5edb3d93cf949fefcbd37a24caecfeb6ebec3768 bridge bridge local
17b6e488a32811eba75f1d622c5549b21ce700b2bcc267a1e4419ba6b4193339 host host local
8c553b00471ea945b62f4ed0baf2800c3bcf6ee7c2d137dd9cc478d635d7d3a2 kafka1_default bridge local
3fede20325dd4ca9efde17d4c91e6fca3663a452d2c2208430d555d9577743fb none null local
Docker创建网络
shell> docker network create --subnet=172.19.0.0/16 mynetwork
3ec9da56ffec8a748f0a3d032d90d556ea9b458870165df1fca9769aa0a728e4
shell> docker network ls
NETWORK ID NAME DRIVER SCOPE
3ec9da56ffec mynetwork bridge local
...
shell> ifconfig
br-3ec9da56ffec: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:a9:2d:94:a7 txqueuelen 0 (Ethernet)
RX packets 123595 bytes 7722085 (7.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 130743 bytes 9963707 (9.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看网络
docker network inspect mynetwork
[
{
"Name": "mynetwork",
"Id": "3ec9da56ffec8a748f0a3d032d90d556ea9b458870165df1fca9769aa0a728e4",
"Created": "2022-03-04T16:08:56.693785756+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Containers": {
"2957725900c05f18900f3c15fbd33c16539e0d478a6ec13489b909961283e071": {
"Name": "mysql1",
"EndpointID": "4802a83143534c88afd90926bf0ef1f77e136af52d24b5bfd2876d2a77503f45",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
向网络中添加容器
docker network connect mynetwork mysql1
指定IP
shell> docker network connect --ip 172.18.0.2 mynetwork mysql1
从网络中移除容器
shell> docker network disconnect mynetwork mysql1
查看网络中的容器
shell> docker inspect -f '{{range .Containers}}{{.Name}} - IPv4:{{.IPv4Address}}{{println}}{{end}}' bridge
shell> docker inspect -f '{{range .Containers}}{{.Name}} - IPv4:{{.IPv4Address}}{{println}}{{end}}' mynetwork
memcache1 - IPv4:172.19.0.180/16
mysql1 - IPv4:172.19.0.10/16
查看容器的网络
容器的配置文件中的Networks
节点配置该容器的网络(可理解为网卡),配置容器连接docker的哪个网络、使用哪个IP等。
容器的配置文件中的NetworkMode
节点配置使用哪个网络(可理解为激活哪个网卡)。容器可具备多个网络配置,可通过配置进行网络切换。
看看下面的内容有助于理解上面的内容:
- 查看docker下创建了哪些网络:
shell> docker network ls --no-trunc
NETWORK ID NAME DRIVER SCOPE
0c3ad235b6e5502be222590a5edb3d93cf949fefcbd37a24caecfeb6ebec3768 bridge bridge local
17b6e488a32811eba75f1d622c5549b21ce700b2bcc267a1e4419ba6b4193339 host host local
8c553b00471ea945b62f4ed0baf2800c3bcf6ee7c2d137dd9cc478d635d7d3a2 kafka1_default bridge local
3fede20325dd4ca9efde17d4c91e6fca3663a452d2c2208430d555d9577743fb none null local
- 查看
kafka1_kafka_1
所属的网络:
shell> docker inspect kafka1_kafka_1
[
{
"Id": "e10a3da50ffb303d1850d8afba7f071d0332854d4fb88060ec38cbea698fc810",
...
"Name": "/kafka1_kafka_1",
...
"HostConfig": {
...
"NetworkMode": "kafka1_default",
...
},
...
"NetworkSettings": {
...
"Networks": {
"kafka1_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"e10a3da50ffb",
"kafka"
],
"NetworkID": "8c553b00471ea945b62f4ed0baf2800c3bcf6ee7c2d137dd9cc478d635d7d3a2",
"EndpointID": "65c2446e376fe216b637db27f68209c63f309b4a303ec1a39ffaa6ff1e4da548",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:03"
}
}
}
}
]
- 查看
redisTest
所属的网络:
shell> docker inspect redisTest
[
{
"Id": "6b325974920d8a338176bcc53684cd36e57ef77b9ae68117bf4f10cba142315b",
...
"Name": "/redisTest",
...
"HostConfig": {
...
"NetworkMode": "default",
...
},
...
"NetworkSettings": {
...
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "0c3ad235b6e5502be222590a5edb3d93cf949fefcbd37a24caecfeb6ebec3768",
"EndpointID": "3cca83c6e17f3cc6c74c400cd7d8a64ad7c5541e31bc33ae937b150e7eb39160",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
查看容器的IP
shell> docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redisTest
/redisTest - 172.17.0.2
- docker 网络模式参考这里。
多个ip时,添加逗号
shell> docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}},{{end}}' redisTest
/redisTest - 172.17.0.12,172.19.0.6,
容器的固定IP地址
docker默认的网络,不支持指派固定IP。所以,无法保证容器每次重启后的IP地址。
容器的固定IP地址方法:
- 创建新的网络(docker默认的网络不支持指派固定IP)
- docker run 或 docker create 命令中指定网络和IP地址
shell> docker run -itd -p 5001:5001 --name 容器名称 --net mynetwork --ip mynetwork网络中的空闲IP 镜像名称
shell> docker run -itd --name redisTest --net mynetwork --ip 172.18.0.2 redis
docker 与 宿主之间文件互相拷贝
从 docker 向宿主拷贝文件
shell> docker cp elasticsearch:/usr/share/elasticsearch/config/elasticsearch.yml ~/
将名为elasticsearch
的docker容器中的/usr/share/elasticsearch/config/elasticsearch.yml
文件,拷贝到宿主机当前用户home目录下。
shell> cat ~/elasticsearch.yml
查看elasticsearch.yml
文件
从宿主向 docker 拷贝文件
shell> docker cp ~/elasticsearch.yml elasticsearch:/usr/share/elasticsearch/config/
将宿主机当前用户home目录下elasticsearch.yml
文件,拷贝到elasticsearch
的docker容器中的/usr/share/elasticsearch/config/
目录下。
查看docker容器的系统版本
查看容器的系统版本
shell> docker exec -it redisTest /bin/bash
root@9887b09c8c68:/data# cat /etc/issue
Debian GNU/Linux 10 \n \l
查看docker容器的宿主机的系统版本
shell> docker exec -it redisTest /bin/bash
root@9887b09c8c68:/data# cat /proc/version
Linux version 3.10.0-1160.31.1.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Thu Jun 10 13:32:12 UTC 2021
或
shell> docker exec -it redisTest /bin/bash
root@9887b09c8c68:/data# uname -a
Linux 9887b09c8c68 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 GNU/Linux
参考
docker run:–privileged=true选项解析(特权模式:赋予容器几乎与主机相同的权限)