0.前言
之前在Rocky Linux服务器上部署了docker,docker-compose,harbor等容器相关的基础服务,相信大家对使用这些容器类基础服务都有一定的了解,今天我结合工作经验,简单总结一下工作中常用的容器相关命令。
1.docker常用命令
1.1 服务启停
(1)启动docker服务
systemctl start docker
(2)查看docker服务状态
systemctl status docker
(3)停止docker服务
systemctl stop docker
1.2 镜像相关
(1)镜像拉取
docker pull nginx:latest
拉取镜像的时候,可以指定镜像版本号,如果不指定版本号,会默认拉取最新镜像。
(2)查看本地镜像
docker images
(3)删除镜像
docker rmi nginx:latest
(4)给镜像打tag
docker tag nginx:latest 192.168.xxx.xxx:80/images/nginx:latest
(5)将镜像转化为tar包
docker save nginx:latest -o nginx.tar
使用该命令在当前目录会生成nginx.tar包,常用来转移镜像,尤其是将镜像转移到没有网络的内网环境。
(6)将镜像tar包转化为镜像
docker load < nginx.tar
(7)上传镜像
docker push 192.168.xxx.xxx:80/images/nginx:latest
(8)登录私有仓库
docker login 192.168.xxx.xxx:80
(9)退出登录
docker logout 192.168.xxx.xxx:80
1.3 容器相关
(1)查看所有容器
docker ps -a
可以查看所有容器,无论运行与否
(2)查看运行的容器
docker ps
不会显示Exited的容器
(3)运行容器
docker run -d --name nginx -v /mydata/nginx/html:/etc/nginx/html -p 8080:80 nginx:latest
如果镜像在本地不存在,会从远端拉取镜像在本地运行为容器,最好指定镜像版本,默认是拉取最新版本的镜像运行。上面的命令中都是常用的参数,这里简单说明一下:
-d: 后台运行
--name:容器运行名称
-v:挂载宿主机目录到容器内
-p: 映射容器端口到宿主机
如果不指定容器名称,docker会随机给一个容器名。
(4)停止容器
docker stop container_id/container_name
可以通过容器Id或者容器名停止容器
(5)删除容器
docker rm container_id/container_name
如果删除容器的时候容器并未停止,会报错说容器还在运行中,可以使用-f强制删除容器,但还是推荐先停止容器后再删除。
(6)查看容器运行日志
docker logs container_id/container_name
这个命令在检查容器运行情况的时候用的比较多。
(7)进入容器内部
docker exec -it container_id/container_name /bin/sh
相当于在容器里面开了个sh终端,可以执行一些运维相关命令,建议在制作镜像的时候安装好运维过程中常用的命令,方便排查问题。
2.docker-compose命令
docker-compose可以理解为单机版的容器编排工具,基于一个yaml文件,只需要执行简单的docker-compose命令,就可以启动多个相互关联的容器。通常我们把服务和服务依赖的中间件都封装到docker-compose.yaml文件中,然后一次启动。
之前我们部署harbor的时候,就是使用docker-compose一键部署的,harbor是一个非常经典的案例,我们就用harbor为例,讲解一下docker-compose常用命令。
2.1 docker-compose.yml文件
首先我们来解读一下harbor的docker-compose.yml文件
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.11.1
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.11.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.11.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.11.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.11.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.11.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.11.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.11.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.11.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false
version: 版本号
services: 使用docker-compose启动的服务列表
networks: docker-compose会单独开一个网段给启动的服务用
然后我们再来看下service的关键配置:
首先需要指定service名,比如:redis
image: 镜像名称
container_name: 容器名
restart: 重启方式
cap_drop:删除容器能使用的宿主机内核功能
cap_add: 添加容器能使用的宿主机内核功能
volumes: 将容器目录挂载到宿主机目录
networks: 指定容器网络
depends_on: 依赖其他的容器
logging: 日志处理方式
logging:driver:日志驱动
logging:options:syslog-address: 日志处理系统地址
logging:options:tag: 在日志平台中的标签
2.2 docker-compose常用命令
(1)启动所有容器 在docker-compose.yaml文件所在目录下,执行:
docker-compose start
(2)查看容器运行情况 在docker-compose.yaml文件所在目录下,执行:
docker-compose ps -a
(3)停止所有容器 在docker-compose.yaml文件所在目录下,执行:
docker-compose stop
(4)停止单个容器 在docker-compose.yaml文件所在目录下,执行:
docker-compose stop service_name
(5)启动单个容器 在docker-compose.yaml文件所在目录下,执行:
docker-compose start service_name
(6)进入容器内部 在docker-compose.yaml文件所在目录下,执行:
docker-compose exec -it service_name /bin/bash
3.总结
docker是最常用的容器运行时,工作中基本都会用到,k8s也支持docker,所以了解docker的基础知识还是很有必要的,为后续使用k8s集群打下基础。