docker简单使用

docker已经成为微服务不可缺少的软件,所有记录一下常用的命令。

相关资源

shell

  • 安装启动
1
2
3
4

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
yum -y makecache fast
sudo yum -y install docker-ce
sudo service docker start
  • 基本命令
1
2
3
4
5

docker info
docker version
docker-compose --version
docker-machine --version
docker ps 					#查看镜像
  • 启动容器名为web的容器
1

docker start web
  • 停止容器
1

docker stop web
  • 进入容器和镜像
1
2

docker exec -it web /bin/bash
docker run -t -i 23ac40ed7f8b /bin/bash
  • 删除镜像
1

docker rm -f web
  • 删除容器
1

docker rmi -f web
  • 容器导入导出
1
2

docker export cbe3cb7799ed > update.tar 	#导出
docker import - update < update.tar 		#导入
  • 镜像备份和加载
1
2

docker save -o update1.tar update 		#备份
docker load < update1.tar 			#加载
  • 其它
1
2
3
4
5
6
7
8

#停止所有的container,这样才能够删除其中的images	
docker stop $(docker ps -a -q)
#如果想要删除所有container的话再加一个指令
docker rm -f $(docker ps -a -q)	
#删除所有镜像
docker rmi -f $(docker images |  awk "{print $3}")
#想要删除untagged images,也就是那些id为<None>的image的话可以用 
docker rmi -f $(docker images | grep "^<none>" | awk "{print $3}")

特殊指令

  • –add-cap
Docker’s capabilities Linux capabilities Capability Description
SETPCAP CAP_SETPCAP Modify process capabilities.
MKNOD CAP_MKNOD Create special files using mknod(2).
AUDIT_WRITE CAP_AUDIT_WRITE Write records to kernel auditing log.
CHOWN CAP_CHOWN Make arbitrary changes to file UIDs and GIDs (see chown(2)).
NET_RAW CAP_NET_RAW Use RAW and PACKET sockets.
DAC_OVERRIDE CAP_DAC_OVERRIDE Bypass file read, write, and execute permission checks.
FOWNER CAP_FOWNER Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file.
FSETID CAP_FSETID Don’t clear set-user-ID and set-group-ID permission bits when a file is modified.
KILL CAP_KILL Bypass permission checks for sending signals.
SETGID CAP_SETGID Make arbitrary manipulations of process GIDs and supplementary GID list.
SETUID CAP_SETUID Make arbitrary manipulations of process UIDs.
NET_BIND_SERVICE CAP_NET_BIND_SERVICE Bind a socket to internet domain privileged ports (port numbers less than 1024).
SYS_CHROOT CAP_SYS_CHROOT Use chroot(2), change root directory.
SETFCAP CAP_SETFCAP Set file capabilities.
  • 下面表格中列出的Capabilities是docker默认删除的Capabilities,用户可以通过–cap-add添加其中一个或者多个。
Docker’s capabilities Linux capabilities Capability Description
SYS_MODULE CAP_SYS_MODULE Load and unload kernel modules.
SYS_RAWIO CAP_SYS_RAWIO Perform I/O port operations (iopl(2) and ioperm(2)).
SYS_PACCT CAP_SYS_PACCT Use acct(2), switch process accounting on or off.
SYS_ADMIN CAP_SYS_ADMIN Perform a range of system administration operations.
SYS_NICE CAP_SYS_NICE Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.
SYS_RESOURCE CAP_SYS_RESOURCE Override resource Limits.
SYS_TIME CAP_SYS_TIME Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.
SYS_TTY_CONFIG CAP_SYS_TTY_CONFIG Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.
AUDIT_CONTROL CAP_AUDIT_CONTROL Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.
MAC_OVERRIDE CAP_MAC_OVERRIDE Allow MAC configuration or state changes. Implemented for the Smack LSM.
MAC_ADMIN CAP_MAC_ADMIN Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).
NET_ADMIN CAP_NET_ADMIN Perform various network-related operations.
SYSLOG CAP_SYSLOG Perform privileged syslog(2) operations.
DAC_READ_SEARCH CAP_DAC_READ_SEARCH Bypass file read permission checks and directory read and execute permission checks.
LINUX_IMMUTABLE CAP_LINUX_IMMUTABLE Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.
NET_BROADCAST CAP_NET_BROADCAST Make socket broadcasts, and listen to multicasts.
IPC_LOCK CAP_IPC_LOCK Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).
IPC_OWNER CAP_IPC_OWNER Bypass permission checks for operations on System V IPC objects.
SYS_PTRACE CAP_SYS_PTRACE Trace arbitrary processes using ptrace(2).
SYS_BOOT CAP_SYS_BOOT Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.
LEASE CAP_LEASE Establish leases on arbitrary files (see fcntl(2)).
WAKE_ALARM CAP_WAKE_ALARM Trigger something that will wake up the system.
BLOCK_SUSPEND CAP_BLOCK_SUSPEND Employ features that can block system suspend.
近期学习工作方向
大数据及架构学习:Hadoop,Flink,k8s
用Golang编写邮件服务
分类
算法 脚本语言 运维 编译语言 Mac桌面开发 思考 go mac gc
标签
php javascript linux object-c shell docker go python openresty nginx mysql WordPress mac gc
学习链接
Go語言聖經(中文版)
PHP源码
TIPI
PHP Internals Book
PHP The Right Way
Linux 常用C函数(中文版)
jekyll使用
Bootstrap手册
Mac Developer Program
iOS Developer Program
JavaScript
linux kernel api
深入分析Linux内核源码
Mastering-Markdown
re2c
Bison
fluentd
OpenResty最佳实践
CSVN
GIT
chromium
Python官方教程
Spring Project Init
PHP自动搭建
lnmp
amh
宝塔Linux面板
捐赠我(支付宝扫描)

Powered By GitHub, Jekyll ,Bootstrap
Design By midoks | midoks.github.io All Rights Reserverd

最近更新时间:Sun, 08 Oct 2023 14:27:14 +0000
midoks#163.com(#替换成@,欢迎交流) | B收录 | G收录