Summary based on work experience:
Docker common commands:
docker library documentation:
https://docker-py.readthedocs.io/en/stable/containers.html#
Docker container daily operation commands - operation and maintenance notes:
https://www.cnblogs.com/kevingrace /p/5715326.html
https://blog.csdn.net/hxpjava1/article/details/78305610
1. View the password of the root user of the container
docker logs <container name or ID> 2>&1 | grep '^User: ' | tail -n1
2. View container logs
docker logs -f <container name or ID>
3. View running containers
docker ps
docker ps -a
4. Delete all containers
docker rm $(docker ps -a -q)
5. Delete a single container
docker rm <container name or ID>
docker stop <container name or ID>
docker start <container name or ID>
docker kill <container name or ID>
6. View all images
docker images
7. Delete all images
docker rmi $(docker images | grep none | awk '{print $3}' | sort -r)
8. Run the image
#docker run -d -h -p 'gtest008' --name=gtest007 ghp_no_ssh_pwd:3.1 /usr/sbin/sshd -D
#docker run -idt -p 8104:22 -h gt03 ghp_no_ssh_pwd:3.2 /usr/sbin/sshd -D
privileged mode to start the container
#docker run -it --privileged=true -v /test:/soft ghp_no_ssh_pwd:3.1 /bin/bash
container with description information
#docker run --name dbdata ghp_no_ssh_pwd:3.1 echo "Data-only container for ghp_no_ssh_pwd"
#Add ib network mapping and cuda mapping
docker run -itd --shm-size=256G --name zhang_test --privileged=true -v /etc/libibverbs.d:/etc/libibverbs.d \
-v /usr/local/ib_lib64/:/usr/local/ib_lib64/ -v /home:/home -v /data:/data -v /am:/am \
-v /var/lib/nvidia-docker/volumes/nvidia_driver/396.37/:/usr/local/nvidia \
-v /dafs/userdata/:/dafs/userdata/ -v /dafs/groupdata/:/dafs/groupdata/ --network=host --entrypoint=/bin/bash \
-itd reg.test.com/dltp/pytorch_1.2_cuda_9.2_test:latest
9.docker log path and viewing
ls
10. Attach container
docker exec -it container ID /bin/bash
docker exec -it --user root container ID /bin/bash
docker attach container ID
through nsentr:
docker inspect --format "{
{.State.Pid} }" container name
docker inspect --format "{
{.State.Pid}}" test09.mu01
docker inspect --format "{
{.State.Pid}}" ghp1001
and then according to the id of the container process, enter the container
nsenter --target PID --mount --uts --ipc --net --pid
nsenter --target 187555 --mount -U -S 1001 --uts --ipc --net --pid
nsenter --target 372965 - -mount -U -S 1001 --uts --ipc --net --pid
nsenter -n -t 372965
11. View container mount information:
docker inspect container ID
"Mounts"{}
12. Image import and export
#docker export container ID > update.tar
#docker import - update < update.tar
#docker save -o update1.tar image name
#docker load < update1.tar
# The process of commit will cause the container to pause, causing the application to pause
# docker commit -a="author" -m="comment" 83a01b6fd52a ubuntu1604_cuda8:0.1
Compressed image export:
docker save umts-ubuntu-1804-arm64:2.2 | gzip -9 > /data/umts-ubuntu-1804-arm64.tar.gz
Compressed image import: gunzip -c /data/umts-ubuntu-1804- arm64.tar.gz | docker load
Higher compression ratio:
backup image: docker save umts-ubuntu-1804-arm64:2.2 | 7za a -si umts-ubuntu-1804-arm64.tar.7z
restore image: 7za x -so umts-ubuntu-1804-arm64. tar.7z | docker load
表线tar包
docker ubuntu.tar | sudo docker import - test/ubuntu:v1.0
13. Mirror removal
#docker rmi update
14. Long running container:
#!/bin/bash
while true
do
sleep 10s
done
/inspur/caffe-caffe-0.15/build/tools/caffe train --solver=solver.protext --gpu=0
537 docker cp 154e1da151cd :/root/* /home/12381/*
808 docker cp v1-20180503.tar.gz 154e1da151cd:/opt/
14. Check the physical process of the container:
#docker inspect container ID State.Pid
docker inspect test09.mu01 | grep State. Pid
15. Capture packets for the container:
// 1. Find the container ID and print its NS ID
docker inspect --format "{
{.State.Pid}}" 16938de418ac
// 2. Enter the network Namespace
nsenter -n -t 54438 of this container
to check the network connection:
netstat -aulntp
// 3. Capture DNS packets
tcpdump -i eth0 udp dst port 53 | grep youku.com
16. Mirror warehouse command:
[root@gpu145-1080ti ~]# docker login warehouse address account password
[root@gpu145-1080ti ~]# docker images
docker build --build-arg USERNAME=account --build-arg PASSWORD=password-f=Dockerfile_cmptoolrelease -t ="reg.lechange.com/dahuadltp/cmptool_release_dlcp:v2.2".
17. The docker system df command, similar to the df command on Linux, is used to view the disk usage of Docker:
docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 147 36 7.204GB 3.887GB (53%)
Containers 37 10 104.8MB 102.6MB (97%)
Local Volumes 3 3 1.421GB 0B (0%)
Build Cache 0B 0B
It can be seen that the Docker image occupies 7. 2GB Disk, the Docker container occupies a 104.8MB disk, and the Docker data volume occupies a 1.4GB disk.
18. The docker system prune command can be used to clean up disks, delete closed containers, useless data volumes and networks, and dangling mirrors (that is, mirrors without tags). The docker system prune -a command cleans up more thoroughly, and can delete all containers that use Docker images. Note that these two commands will delete the temporarily closed container and the temporarily unused Docker image... so you must think clearly before using it.
After executing the docker system prune -a command, the disk space occupied by Docker is greatly reduced:
docker system df
19. Manually clean up Docker images/containers/data volumes
For older versions of Docker (before version 1.13), there is no Docker System command, so manual cleaning is required. Here are a few commonly used commands:
delete all closed containers:
docker ps -a | grep Exit | cut -d ' ' -f 1 | xargs docker rm
delete all dangling images (i.e. images without tags):
docker rmi $ (docker images | grep "^<none>" | awk "{print $3}")
Delete all dangling data volumes (i.e. useless Volume):
docker volume rm $(docker volume ls -qf dangling=true)
20. Limit the log size of the container
Once, when I used the methods mentioned in 1 and 2 to clean up the disk, I found that it had no effect, so I conducted a series of analysis.
On Ubuntu, all related files of Docker, including images, containers, etc., are stored in the /var/lib/docker/ directory:
du -hs /var/lib/docker/
97G /var/lib/docker/
Docker actually uses Almost 100GB disk, which is also enough. Use the du command to continue viewing, and you can locate the directory that actually occupies so many disks:
92G /var/lib/docker/containers/a376aa694b22ee497f6fc9f7d15d943de91c853284f8f105ff5ad6c7ddae7a53
According to docker ps, the ID of the Nginx container is exactly a376aa694b22, with the above directory /var/lib/ The prefixes of docker/containers/a376aa694b22 are consistent:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a376aa694b22 192.168.59.224:5000/nginx:1.12.1 "nginx -g 'daemon off" 9 weeks ago Up 10 minutes nginx
Therefore, the Nginx container took up 92GB of disk. Further analysis shows that it is the log files of Nginx that actually take up disk space. Then this is not difficult to understand. Our Fundebug requests millions of data per day, so the log data is naturally very large.
With the Truncate command, the log file of the nginx container can be "clear":
Truncate -S 0/VAR/LIB/DOCKER/Containers/A376AA694B22EE497FC9F7D15D91C85328F8FF5AD6C7DDAE7DAE7 A53/*-json.log
Of course, this command is only temporary, and the log file will sooner or later up back. To fundamentally solve the problem, you need to limit the log file size of the Nginx container. This can be achieved by configuring the max-size of the log. The following is the docker-compose configuration file of the Nginx container:
nginx:
image: nginx:1.12.1
restart: always
logging:
driver: "json-file"
options:
max-size: After "5g"
restarts the Nginx container, the size of its log file is limited to 5docker.serviceGB, so don't worry anymore~
21. Pause and resume container running
docker pause: Pause all processes in the container.
docker unpause : Resume all processes in the container.
22. The configuration file path under centos7.3:
/etc/systemd/system/docker.service
Use the command to view the systemd configuration of docker:
cat /usr/lib/systemd/system/docker.service
You can see that the configuration file started by systemd is Obtained by environment variables. The environment variables are in /etc/sysconfig/docker, /etc/sysconfig/docker-storage, /etc/sysconfig/docker-network, which can be viewed in turn.
System configuration:
cat /lib/systemd/system/docker.service
Modify authorization file:
[root@gpu92-2080ti userdata]# cat /root/.docker/config.json
{
"auths": {
"jinn.mirror.com": {
"auth": "秘钥"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.4 (linux)"
}
}
Reload configuration file
systemctl daemon-reload
start docker
systemctl start docker