docker run

--restart 参数 可以是 no | always | on-failure:10, 所以可以设置是否自动启动
--rm 自动删除 container 当container 退出的时候;
-e, --env 设置环境变量
--env-file 设置环境变量名字
-h, --hostname
--name NAME
-v, --volume
--volumes-from
--expose
--link
-p, --publish 发布一个端口, 如果不给定, 就随机设置一个未用的
-P, --publish-all
--add-host Adds the given IP and hostname mapping to /etc/hosts in the container.
--dns 定制 dns server
--mac-address 设置 MAC 地址
--net 设置网络模式 bridge | none | container | host
-c, --cpu-shares CPU 使用量
-cap-add / --cap-drop 增加 或 去除 linux 某个功能
--cpuset 可以使用那个CPU
--device 设置 container 可以访问那个那个硬件设备 如 磁盘, 打印机, 声卡
-m, --memory 内存使用量 设置
--entrypoint override ENTRYPOINT
-u, --user override USER
-w, --workdir

管理 Container

    docker attach [OPTIONS] CONTAINER   
    docker create  从image 创建一个container, 但是不run, 后续可以使用 docker start 去run
    docker cp  从container copy 文件或路径到 host
    docker exec  run 一个在container 的命令
    docker kill  杀死 container 的main process (PID : 1)
    docker pause  / docker unpause  冻结/解冻 container 的所有进程
    docker rename  重命名 一个 container
    docker restart  = docker stop; docker start
    docker rm   remove one or more containers. -f 选项强制remove 正在运行的, -v 去除相关volume

Container 相关命令

    docker diff  对比从image 到现在container 为止 container文件系统做的变化
    docker events   打印实时事件信息
    docker inspect   查看 image 或 container 的相关信息
    docker logs    查看 container 的STDOUT, STDERR 相关信息
    docker port    查看 container 对应的端口 mapping 信息
    docker ps  查看在run 或者 停止的 container 的 high-level 相关信息, -q 只返回container id, 一般用着其他后续命令
    docker top 类似 top, 不过只和这个container 相关的, 也就是container 内部的进程

Image 相关命令

    docker build  从Dockerfile 创建 image 
    docker commit  从 container 创建 image. 从一个正在运行的container 创建 image, 可能导致它暂停, 有参数 --pause=false 可以设置
    docker history  Outputs information on each of the layers in an image.
    docker images  查看本地 image 信息
    docker rmi   删除本地 某 image
    docker tag   给image 打tag

Registry 相关命令 .dockercfg in your home directory

    docker login 
    docker logout
    docker push
    docker search

Dockerfile 中的 EXEC VS SHELL 形式
Several instructions (RUN, CMD and ENTRYPOINT), take both a shell format and an exec format. The exec form takes a JSON array (e.g. ["executable", "param1", "param2"]) which assumes the first item is the name of an executable which is then executed with the remaining items as parameters. The shell format is a freeform string which will be interpreted by passing to /bin/sh -c. Use the exec form to avoid the shell munging strings or in cases where the image doesn’t have /bin/sh.

FROM base image
ADD 从远程或本地Context copy到image, 如果是压缩文件, 会自动解压. 最好不要用ADD, 用COPY 或 RUN wget/curl;
CMD 当Container启动完, 执行的命令. 后边的CMD 会覆盖前面的CMD;
COPY 有EXEC 和 SHELL 格式, EXEC 的json 格式支持路径中有空格, 支持Wildcard, 但不支持到Context的上层目录;
ENV 设置环境变量
RUN run 给定的脚本, 并commit 其结果
USER 设置用户, 用以给后续的CMD, RUN, COPY, ENTRYPOINT 等用; host 和Container 之间的userId是一样的, user name 可能不一样.
EXPOSE 标明要监听的端口, 用以告诉docker server.
ENTRYPOINT Container 启动后默认执行的脚本, 可能被CMD 或 docker run的命令覆盖.
MAINTAINER 维护者信息
ONBUILD 如果本image 被用作base image, 那么后续build 时候要执行的脚本
VOLUME 设置要挂载的文件
WORKDIR 设置工作路径, 用来给RUN, CMD, ENTRYPOINT, ADD or COPY 等命令用

Docker links are the simplest way to allow containers on the same host to talk to each other. Using Docker links will also add the alias and the link container ID to /etc/hosts on the master container, allowing the link container to be addressed by name from the master container.By default, containers will be able to talk to each other whether not they have been explicitly linked. Perhaps most significantly they are static — links aren’t updated if the link container goes down or is replaced. Also, the link container must be started before the master container, meaning you can’t have bidirectional links.

Volumes are directories[18] that are not part of the container’s UFS, they are just normal directories on the host that are bind mounted into the container.

通过Dockerfile的 VOLUME命令, 不能指定host的文件路径, 所以都是动态指定的, 所以可以通过 docker inspect -f {{.Volumes}} ${containerId} 查看
通过docker run -v hostDir:containerDir 指定路径.

通过 --volumes-from CONTAINER shared volume 即使原container 没有在run, 照样可以使用这个volume.

Using Docker [读书笔记]

Containers are a lightweight and portable store for an application and its dependencies. 序的开头这么一句话, lightweight应该是较VM而言, 这里的container确实包含了你的应用及其依赖;
containerization: 集装箱化;
Containers share resources with the host OS;

Container 里面ps 看进程

Host OS 查看 docker 进程

如果选择让container知道外部的线程, 那么container 内部其实是可以看到的

The purpose of a VM is to fully emulate a foreign environment, whilst the purpose of a container is to make applications portable and self-contained;

Containers are an old concept. For decades, UNIX systems have had the chroot command which provides a simple form of filesystem isolation. FreeBSD has had the jail utility since 1998, which extended chroot sandboxing to processes. Solaris Zones offered a comparatively complete containerization technology around 2001, but was limited to the Solaris OS. Also in 2001, Parrallels Inc (then SWsoft) released the commercial Virtuozzo container technology for Linux, and later open sourced the core technology as OpenVZ in 20051. Following on from this, Google started the development of CGroups for the Linux kernel and began moving their infrastructure to containers. The LXC project started in 2008 and brought together CGroups, kernel namespaces and chroot technology (amongst others) to provide a complete containerization solution. Finally, in 2013, Docker brought the final pieces to the containerization puzzle and the technology began to enter the mainstream.

Docker took the existing Linux container technology then wrapped it and extended it in various ways — primarily portable images and a user-friendly interface — to create a complete solution for the creation and distribution of containers. The Docker platform has two distinct components; the Docker Engine, which is responsible for creating and running containers and the Docker Hub, a cloud service for distributing containers.

The Docker Engine provides a very fast and convenient interface for running containers. Before this, running a container using a technology such as LXC required significant specialist knowledge and manual work. The Docker Hub provides an enormous number of public container images for download, allowing users to quickly get started and avoid duplicating work already done by others.

Early versions of Docker were little more than a wrapper around LXC paired with a Union Filesystem when start open-source;

Docker uses a Union File System (UFS) for containers, which allows multiple file systems to be mounted in a hierarchy and appear as a single file system. The file system from the image has been mounted as a read-only layer and any changes to the running container are made to a read-write layer mounted on top of this.

删除退出的container
$ docker rm $(docker ps -aq -f status=exited)

制作自己的dockfile image

新建文本文件: Dockerfile (没有后缀), 里面内容如下:

FROM tomcat:7.0
RUN rm -rf /usr/local/tomcat/webapps/ROOT
ADD http://ci.qa.tianxiaohui.com/job/bnrdash-r2-2_job_Eric/197/artifact/bnrdash/target/ROOT.war /usr/local/tomcat/webapps/
CMD ["catalina.sh", "run"]

每一行解释:

1. 基于公共的tomcat:7.0 的image, 更多tomcat image 看这里 https://registry.hub.docker.com/_/tomcat/
2. 因为我自己的包是ROOT.war, 所以把tomcat 再带的删除, 也为了安全, 当然其它自带的最好也删除
3. 把CI做好的war 文件ccopy 进去
4. 默认启动tomcat

使用下面的命令打包(最后的点表示当前目录去找 Dockerfile):

docker build -t xiatian/tomcatBnrdash .

查看local的images, 已经包含最新的

docker images

那么就可以去run了, 下面分别开8081, 8082, 开了2个containers.

docker run -d -p 8081:8080 xiatian/tomcatBnrdash
docker run -d -p 8082:8080 xiatian/tomcatBnrdash

查看正在运行的container

docker ps

进入正在运行的container

docker exec -it  CONTAINER_ID bash