Docker
De Linuxmemo.
Sommaire |
[modifier] Install
apt-get install docker.io
[modifier] via proxy http
https://docs.docker.com/engine/admin/systemd/#http-proxy
sudo mkdir /etc/systemd/system/docker.service.d sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf [Service] Environment="HTTP_PROXY=http://proxy.example.com:80/" "HTTPS_PROXY=https://proxy.example.com:80/" sudo systemctl daemon-reload sudo systemctl show --property=Environment docker sudo systemctl restart docker
[modifier] Containers
Source: https://github.com/wsargent/docker-cheat-sheet/blob/master/README.md
[modifier] Lifecycle
docker create creates a container but does not start it. docker rename allows the container to be renamed. docker run creates and starts a container in one operation. docker rm deletes a container. docker update updates a container's resource limits.
[modifier] Starting and Stopping
docker start starts a container so it is running. docker stop stops a running container. docker restart stops and starts a container. docker pause pauses a running container, "freezing" it in place. docker unpause will unpause a running container. docker wait blocks until running container stops. docker kill sends a SIGKILL to a running container. docker attach will connect to a running container.
[modifier] Info
docker ps shows running containers. docker logs gets logs from container. (You can use a custom log driver, but logs is only available for json-file and journald in 1.10) docker inspect looks at all the info on a container (including IP address). docker events gets events from container. docker port shows public facing port of container. docker top shows running processes in container. docker stats shows containers' resource usage statistics. docker diff shows changed files in the container's FS.
docker ps -a shows running and stopped containers. docker stats --all shows a running list of containers.
[modifier] Import / Export
docker cp copies files or folders between a container and the local filesystem.. docker export turns container filesystem into tarball archive stream to STDOUT.
[modifier] Executing Commands
docker exec to execute a command in container. To enter a running container, attach a new shell process to a running container called foo, use: docker exec -it foo /bin/bash.
[modifier] Images
[modifier] Lifecycle
docker images shows all images. docker import creates an image from a tarball. docker build creates image from Dockerfile. docker commit creates image from a container, pausing it temporarily if it is running. docker rmi removes an image. docker load loads an image from a tar archive as STDIN, including images and tags (as of 0.7). docker save saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7).
[modifier] Info
docker history shows history of image. docker tag tags an image to a name (local or registry).
[modifier] Cleaning up
docker rmi command to remove specific images, there's a tool called docker-gc that will clean up images that are no longer used by any containers in a safe manner.
[modifier] Networks
[modifier] Lifecycle
docker network create docker network rm
[modifier] Info
docker network ls docker network inspect
[modifier] Connection
docker network connect docker network disconnect
You can specify a specific IP address for a container:
# create a new bridge network with your subnet and gateway for your ip block docker network create --subnet 203.0.113.0/24 --gateway 203.0.113.254 iptastic
# run a nginx container with a specific ip in that block $ docker run --rm -it --net iptastic --ip 203.0.113.2 nginx
# curl the ip from any other place (assuming this is a public ip block duh) $ curl 203.0.113.2
[modifier] Registry & Repository
docker login to login to a registry. docker logout to logout from a registry. docker search searches registry for image. docker search --filter is-official=true --no-trunc busybox
docker pull pulls an image from registry to local machine. docker push pushes an image to the registry from local machine.
[modifier] Layers
docker run -d --link CONTAINER:ALIAS --name LINKED user/wordpress
[modifier] Volumes (persistent data)
[modifier] Lifecycle
docker volume create docker volume rm
[modifier] Info
docker volume ls docker volume inspect
[modifier] Dockerfile
.dockerignore FROM Sets the Base Image for subsequent instructions. MAINTAINER Set the Author field of the generated images.. RUN execute any commands in a new layer on top of the current image and commit the results. CMD provide defaults for an executing container. EXPOSE informs Docker that the container listens on the specified network ports at runtime. NOTE: does not actually make ports accessible. ENV sets environment variable. ADD copies new files, directories or remote file to container. Invalidates caches. Avoid ADD and use COPY instead. COPY copies new files or directories to container. ENTRYPOINT configures a container that will run as an executable. VOLUME creates a mount point for externally mounted volumes or other containers. USER sets the user name for following RUN / CMD / ENTRYPOINT commands. WORKDIR sets the working directory. ARG defines a build-time variable. ONBUILD adds a trigger instruction when the image is used as the base for another build. STOPSIGNAL sets the system call signal that will be sent to the container to exit. LABEL apply key/value metadata to your images, containers, or daemons.
[modifier] docker-compose
Initialement Fig (développé lors du hackthlon de novembre 2014). Intégrer dans la stack Docker comme docker-compose.
Ref: https://docs.docker.com/v1.8/compose/yml/
[modifier] CLI docker-compose
Usage:
docker-compose [-f=<arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file (default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name (default: directory name)
--x-networking (EXPERIMENTAL) Use new Docker networking functionality.
Requires Docker 1.9 or later.
--x-network-driver DRIVER (EXPERIMENTAL) Specify a network driver (default: "bridge").
Requires Docker 1.9 or later.
--verbose Show more output
-v, --version Print version and exit
build help kill logs port ps pull restart rm run scale start stop up -> docker-compose up -d
[modifier] "docker-compose.yml" reference
image build dockerfile command links external_links extra_hosts ports expose volumes volumes_from environment env_file extends labels container_name log driver net pid dns cap_add, cap_drop dns_search devices security_opt working_dir, entrypoint, user, hostname, domainname, mac_address, mem_limit, memswap_limit, privileged, restart, stdin_open, tty, cpu_shares, cpuset, read_only, volume_driver
[modifier] Astuces
- run shell
docker container run -t -i ubuntu bash -t (terminal) -i (interactif)
- run background
docker container run -d nginx -d (detach)
- port
-p HOST_PORT:CONTAINER_PORT -P
- bind-mount (partage de répertoires host/container)
-v PATH_HOST:PATH_CONTAINER ou --mount type=bind,src=PATH_HOST,dst=PATH_CONTAINER
- limitations
docker container run --memory 32m -ti ... docker container run --cpu 2 -ti ...
- droit du container (par défaut s'exec en root)
--user
- nommer le container (au lieu de l'ID)
--name nom
- ménage des fichiers tmp du container
--rm
- reboot auto
--restart=on-failure
- extraire un clé de "inspect"
docker container inspect --format 'Modèle:.NETworkSettings.IPaddress" containername
- logs en continu
docker container logs -f nomcontainer
- shell ou process dans un container en cours d'execution
docker container exec -ti nomcontainer bash
- fermer tout les container
docker container rm -f $(docker container ls -aq)
[modifier] Utilitaires
[modifier] Docker-machine
Création de VM hébergeant Docker sur de multiple environnement (notamment cloud) via plugin et API.
[modifier] Docker-compose
Gestion des application multi conteneurs.
- config: docker-compose.yml
[modifier] Cluster (orchestrateur)
[modifier] Swarm
Illustration de RAFT: http://thesecretlivesofdata.com/raft/
