$ sudo usermod -a -G docker $USER
La première exécution nécessité le téléchargement d'alpine
$ docker container run alpine echo hello Unable to find image 'alpine:latest' locally latest: Pulling from library/alpine 4fe2ade4980c: Pull complete Digest: sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528 Status: Downloaded newer image for alpine:latest hello
Les appelles suivant sont sans téléchargement:
$ docker container run alpine echo hello
hello
Voir les dossiers dans le container:
$ docker container run alpine ls -l total 0 drwxr-xr-x 1 root root 850 Sep 11 20:23 bin drwxr-xr-x 5 root root 340 Nov 19 19:06 dev drwxr-xr-x 1 root root 530 Nov 19 19:06 etc drwxr-xr-x 1 root root 0 Sep 11 20:23 home drwxr-xr-x 1 root root 336 Sep 11 20:23 lib drwxr-xr-x 1 root root 28 Sep 11 20:23 media drwxr-xr-x 1 root root 0 Sep 11 20:23 mnt dr-xr-xr-x 271 root root 0 Nov 19 19:06 proc drwx------ 1 root root 0 Sep 11 20:23 root drwxr-xr-x 1 root root 0 Sep 11 20:23 run drwxr-xr-x 1 root root 792 Sep 11 20:23 sbin drwxr-xr-x 1 root root 0 Sep 11 20:23 srv dr-xr-xr-x 13 root root 0 Nov 19 19:06 sys drwxrwxrwt 1 root root 0 Sep 11 20:23 tmp drwxr-xr-x 1 root root 40 Sep 11 20:23 usr drwxr-xr-x 1 root root 78 Sep 11 20:23 var
Le dossier /bin du comtainer alpine on voit que busybox est utilisé :
$ docker container run alpine ls -l /bin/ total 1104 lrwxrwxrwx 1 root root 12 Sep 11 20:23 arch -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ash -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 base64 -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 bbconfig -> /bin/busybox -rwxr-xr-x 1 root root 796312 Jul 17 15:22 busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 cat -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 chgrp -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 chmod -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 chown -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 conspy -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 cp -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 date -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 dd -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 df -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 dmesg -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 dnsdomainname -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 dumpkmap -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 echo -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ed -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 egrep -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 false -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 fatattr -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 fdflush -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 fgrep -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 fsync -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 getopt -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 grep -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 gunzip -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 gzip -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 hostname -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ionice -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 iostat -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ipcalc -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 kbd_mode -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 kill -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 link -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 linux32 -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 linux64 -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ln -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 login -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ls -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 lzop -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 makemime -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mkdir -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mknod -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mktemp -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 more -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mount -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mountpoint -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mpstat -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 mv -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 netstat -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 nice -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 pidof -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ping -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ping6 -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 pipe_progress -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 printenv -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 ps -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 pwd -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 reformime -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 rev -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 rm -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 rmdir -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 run-parts -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 sed -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 setpriv -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 setserial -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 sh -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 sleep -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 stat -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 stty -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 su -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 sync -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 tar -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 touch -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 true -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 umount -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 uname -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 usleep -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 watch -> /bin/busybox lrwxrwxrwx 1 root root 12 Sep 11 20:23 zcat -> /bin/busybox
Exemple avec Debian
$ docker container run -ti debian Unable to find image 'debian:latest' locally latest: Pulling from library/debian 54f7e8ac135a: Pull complete Digest: sha256:df6ebd5e9c87d0d7381360209f3a05c62981b5c2a3ec94228da4082ba07c4f05 Status: Downloaded newer image for debian:latest root@47898a7240e7:/# ls ls lsattr lsblk lscpu lsipc lslocks lslogins lsns root@47898a7240e7:/# uname -a Linux 47898a7240e7 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
root@47898a7240e7:/# cat /etc/apt/sources.list deb http://deb.debian.org/debian stretch main deb http://security.debian.org/debian-security stretch/updates main deb http://deb.debian.org/debian stretch-updates main
$ docker container run alpine ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=117 time=28.551 ms 64 bytes from 8.8.8.8: seq=1 ttl=117 time=29.187 ms 64 bytes from 8.8.8.8: seq=2 ttl=117 time=29.650 ms 64 bytes from 8.8.8.8: seq=3 ttl=117 time=30.526 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 28.551/29.478/30.526 ms
$ docker container run -d --name cde_ping alpine ping 8.8.8.8
$ docker container run -d alpine ping 8.8.8.8 e0c60dcf4cc0730c20d9702e6ab1a07d434ea92c0434fc6693b907739d99528c
Liste des containers en fonctionnement:
jc@jc-debian:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e0c60dcf4cc0 alpine "ping 8.8.8.8" 2 minutes ago Up 2 minutes frosty_murdock jc@jc-debian:~$
On peut s'attacher au container en background
$ docker attach e0c60dcf4cc0
Et pour se détacher:
Ctrl+p Ctrl+q
Arrêt du container:
jc@jc-debian:~$ docker stop e0c60dcf4cc0 e0c60dcf4cc0 jc@jc-debian:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Exemple avec le container Nginx:
// Le port 80 de l instance Nginx tournant dans le container // est publié sur le port 8080 de l hôte: $ docker container run -d -p 8080:80 nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx a5a6f2f73cd8: Pull complete 67da5fbcb7a0: Pull complete e82455fa5628: Pull complete Digest: sha256:31b8e90a349d1fce7621f5a5a08e4fc519b634f7d3feb09d53fac9b12aa4d991 Status: Downloaded newer image for nginx:latest 87cc0af858f69d6b576d8c85337a1f5eb68fca604fefdbed3945faa02d287b18
Contrôle du container en fonctionnement:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 87cc0af858f6 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp vibrant_neumann
Visu dans Firefox:
Visu du container en fonctionnement:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 87cc0af858f6 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp vibrant_neumann
Arrêt du container:
$ docker stop 87cc0af858f6 87cc0af858f6
Voici l'aide de docker depuis le terminal:
$ docker --help Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/home/jc/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/home/jc/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/home/jc/.docker/cert.pem") --tlskey string Path to TLS key file (default "/home/jc/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers engine Manage the docker engine image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command.
docker container [options]
Création d'un container Nginx
$ docker container run -d -p 8080:80 nginx 64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788
$ docker container inspect 64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788 [ { "Id": "64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788", "Created": "2018-11-20T21:01:56.644295173Z", "Path": "nginx", "Args": [ "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 3669, "ExitCode": 0, "Error": "", "StartedAt": "2018-11-20T21:01:57.212317522Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:e81eb098537d6c4a75438eacc6a2ed94af74ca168076f719f3a0558bd24d646a", "ResolvConfPath": "/var/lib/docker/containers/64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788/resolv.conf", "HostnamePath": "/var/lib/docker/containers/64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788/hostname", "HostsPath": "/var/lib/docker/containers/64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788/hosts", "LogPath": "/var/lib/docker/containers/64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788/64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788-json.log", "Name": "/elastic_nobel", "RestartCount": 0, "Driver": "btrfs", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "default", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "8080" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "MaskedPaths": [ "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "ReadonlyPaths": [ "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ] }, "GraphDriver": { "Data": null, "Name": "btrfs" }, "Mounts": [], "Config": { "Hostname": "64860afdacd5", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.15.6-1~stretch", "NJS_VERSION=1.15.6.0.2.5-1~stretch" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "b83436aeac9dc6df26ec7d68b314e729484fe1918739efae13f48779cb6c04bd", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "8080" } ] }, "SandboxKey": "/var/run/docker/netns/b83436aeac9d", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "d1d713f4c33ea0bf2893a76554a298cabaf36fdcf4ebc5631b7a93d1e1b864d8", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "b0fe3c65d9407a510cffcf5ba878f17ea394f410c2477890d29c7ccb65938f89", "EndpointID": "d1d713f4c33ea0bf2893a76554a298cabaf36fdcf4ebc5631b7a93d1e1b864d8", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ]
$ docker container inspect --format '{{ .Id }}' 64860afdacd5 64860afdacd571ca095dccfe93a18b3e3dbf135faddb5e846a484d96ebab0788
$ docker container inspect --format '{{ .NetworkSettings.IPAddress }}' 64860afdacd5 172.17.0.2
$ docker container inspect --format '{{json .State }}' 64860afdacd5 | jq { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 3669, "ExitCode": 0, "Error": "", "StartedAt": "2018-11-20T21:01:57.212317522Z", "FinishedAt": "0001-01-01T00:00:00Z" }
Lancement du container alpine qui execute ping 8.8.8.8
$ docker container run --name ping -d alpine ping 8.8.8.8 ebe4cdaed68c92c7c02674f73c8fe416dcb36d8ebc1c8381e595c6be962379c3
Contrôle:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ebe4cdaed68c alpine "ping 8.8.8.8" 2 minutes ago Up 2 minutes ping
Interception de la sortie standard via le nom du container:
$ docker container logs -f ping PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=117 time=29.333 ms 64 bytes from 8.8.8.8: seq=1 ttl=117 time=29.292 ms 64 bytes from 8.8.8.8: seq=2 ttl=117 time=28.996 ms 64 bytes from 8.8.8.8: seq=3 ttl=117 time=29.894 ms 64 bytes from 8.8.8.8: seq=4 ttl=117 time=29.488 ms ^C
On lance le container alpine en background avec le nom ping:
$ docker container run --name ping -d alpine ping 8.8.8.8 ebe4cdaed68c92c7c02674f73c8fe416dcb36d8ebc1c8381e595c6be962379c3
Lancement d'un shell dans le container (ping=nom du container):
$ docker exec -ti ping sh
Liste des processus en cours dans le container
$ docker exec -ti ping sh / # ps aux PID USER TIME COMMAND 1 root 0:00 ping 8.8.8.8 8 root 0:00 sh 15 root 0:00 ps aux
$ docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ebe4cdaed68c alpine "ping 8.8.8.8" About an hour ago Up About an hour ping efe7d1fc205e nginx "nginx -g 'daemon of…" 2 hours ago Exited (0) 2 hours ago nginx 64860afdacd5 nginx "nginx -g 'daemon of…" 22 hours ago Exited (0) 22 hours ago elastic_nobel 7beba9263081 nginx "nginx -g 'daemon of…" 46 hours ago Created happy_jang 87cc0af858f6 nginx "nginx -g 'daemon of…" 46 hours ago Exited (0) 46 hours ago vibrant_neumann 911102251ec8 alpine "ping 8.8.8.8" 46 hours ago Exited (0) 46 hours ago naughty_goodall e0c60dcf4cc0 alpine "ping 8.8.8.8" 46 hours ago Exited (137) 46 hours ago frosty_murdock 77db9436c217 debian "bash" 46 hours ago Exited (0) 46 hours ago recursing_engelbart 47898a7240e7 debian "bash" 2 days ago Exited (0) 46 hours ago vigorous_tereshkova e624cce49919 alpine "ls -l /bin/" 2 days ago Exited (0) 2 days ago nostalgic_ritchie c1609cdb4ca9 alpine "ls -l" 2 days ago Exited (0) 2 days ago blissful_dijkstra bc86f9be3ad6 alpine "ls" 2 days ago Exited (0) 2 days ago kind_archimedes cb3b83e3af86 alpine "/bin/sh" 2 days ago Exited (0) 2 days ago fervent_keldysh cd008fd9ec6a alpine "echo hello" 2 days ago Exited (0) 2 days ago xenodochial_swanson 6dbdcbd2d8aa alpine "echo hello" 2 days ago Exited (0) 2 days ago friendly_raman 6a9b9654edab hello-world "/hello" 2 days ago Exited (0) 2 days ago brave_wescoff d1b9f200c185 hello-world "/hello" 2 days ago Exited (0) 2 days ago practical_davinci 12943d28d042 hello-world "/hello" 2 days ago Exited (0) 2 days ago zen_feynman
dshell (){ (docker container exec -ti $1 bash) || (docker container exec -ti $1 sh); }
2018-11-24: Suites
Exemple 2go:
$ docker container run -d -p 27017:27017 --memory 2g mongo:3.4
Exemple : –cpus=“2”, sur une machine contenant 4 CPUs / cores, assure que le container ne pourra pas utiliser plus de 2 CPUs / coeurs).
Exemples sur une machine contenant un CPU avec 8 coeurs
–cpuset-cpus=0-7 assure que le container utilisera les 8 coeurs (index de 0 à 7)
–cpuset-cpus=3,4 assure que le container n'utilisera que les coeurs 4 et 5 (index 3 et 4)
Création du container alpine et installation de curl
$ docker container run -ti --name c1 alpine # apk update && apk add curl
Création de l'image myping avec curl installé dans le container:
$ docker container commit c1 myping
Utilisation de l'image myping
$ docker container run -ti myping
2018-11-25
Exemple simple de dockerfile
#Image de base FROM nginx:1.11.5 # Copie d'un fichier de configuration COPY nginx.conf /etc/nginx/nginx.conf
Création de l'image avec le tag www
$ docker image build -t www .
Dockerfile:
FROM debian RUN apt update
Build:
# docker build -t debian_stretch:v1.0 . Sending build context to Docker daemon 26.73MB Step 1/2 : FROM debian ---> 4879790bd60d Step 2/2 : RUN apt update ---> Running in acd047527a37 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease Get:3 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB] Get:2 http://security-cdn.debian.org/debian-security stretch/updates InRelease [94.3 kB] Get:4 http://cdn-fastly.deb.debian.org/debian stretch Release [118 kB] Get:5 http://cdn-fastly.deb.debian.org/debian stretch-updates/main amd64 Packages [5152 B] Get:6 http://security-cdn.debian.org/debian-security stretch/updates/main amd64 Packages [460 kB] Get:7 http://cdn-fastly.deb.debian.org/debian stretch Release.gpg [2434 B] Get:8 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 Packages [7089 kB] Fetched 7860 kB in 29s (266 kB/s) Reading package lists... Building dependency tree... Reading state information... All packages are up to date. Removing intermediate container acd047527a37 ---> 3c8107a26033 Successfully built 3c8107a26033 Successfully tagged debian_stretch:v1.0
Modification du Dockerfile et ajout de git depuis image debian_stretch:v1.0:
FROM debian_stretch:v1.0 RUN apt-get update RUN apt-get install -y git
Build de la nouvelle version
# docker build -t debian_stretch:v1.1 . Sending build context to Docker daemon 55.7MB Step 1/3 : FROM debian_stretch:v1.0 ---> 3c8107a26033 Step 2/3 : RUN apt-get update ---> Running in 1a3ab6403591 Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease Get:2 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB] Hit:3 http://security-cdn.debian.org/debian-security stretch/updates InRelease Hit:4 http://cdn-fastly.deb.debian.org/debian stretch Release Fetched 91.0 kB in 1s (52.0 kB/s) Reading package lists... Removing intermediate container 1a3ab6403591 ---> f0211b5f0d74 Step 3/3 : RUN apt-get install -y git ---> Running in 6ac413175f86 Reading package lists... Building dependency tree... Reading state information... [...] Removing intermediate container 6ac413175f86 ---> 8a2215836cb1 Successfully built 8a2215836cb1 Successfully tagged debian_stretch:v1.1
Contrôle de la liste des images:
# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE debian_stretch v1.1 4ed19c8a5939 3 minutes ago 219MB debian_stretch v1.0 3c8107a26033 14 minutes ago 117MB
Lecture de l'historique de l'image:
# docker image history debian_stretch:v1.1 IMAGE CREATED CREATED BY SIZE COMMENT 8a2215836cb1 8 minutes ago /bin/sh -c apt-get install -y git 101MB f0211b5f0d74 9 minutes ago /bin/sh -c apt-get update 91kB 3c8107a26033 2 hours ago /bin/sh -c apt update 16.3MB 4879790bd60d 9 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 9 days ago /bin/sh -c #(nop) ADD file:a61c14b18252183a4… 101MB
Modification du Dockerfile et ajout de tig depuis image debian_stretch:v1.1:
FROM debian_stretch:v1.1 RUN apt-get update RUN apt-get install -y tig
Build de la nouvelle version
# docker build -t debian_stretch:v1.2 . Sending build context to Docker daemon 55.7MB Step 1/3 : FROM debian_stretch:v1.1 ---> 8a2215836cb1 Step 2/3 : RUN apt-get update ---> Running in fb092ea641e2 Hit:1 http://security.debian.org/debian-security stretch/updates InRelease Ign:2 http://deb.debian.org/debian stretch InRelease Hit:3 http://deb.debian.org/debian stretch-updates InRelease Hit:4 http://deb.debian.org/debian stretch Release Reading package lists... Removing intermediate container fb092ea641e2 ---> 8b595d50f61b Step 3/3 : RUN apt-get install -y tig ---> Running in c60eac0a1775 Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: libreadline7 readline-common Suggested packages: readline-doc The following NEW packages will be installed: libreadline7 readline-common tig 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 521 kB of archives. After this operation, 1296 kB of additional disk space will be used. Get:1 http://deb.debian.org/debian stretch/main amd64 readline-common all 7.0-3 [70.4 kB] Get:2 http://deb.debian.org/debian stretch/main amd64 libreadline7 amd64 7.0-3 [151 kB] Get:3 http://deb.debian.org/debian stretch/main amd64 tig amd64 2.2-1+b2 [300 kB] [...] Removing intermediate container c60eac0a1775 ---> f23dcd498f18 Successfully built f23dcd498f18 Successfully tagged debian_stretch:v1.2
Liste des images créées :
# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE debian_stretch v1.2 f23dcd498f18 5 minutes ago 219MB debian_stretch v1.1 8a2215836cb1 17 minutes ago 218MB debian_stretch v1.0 3c8107a26033 2 hours ago 117MB
Voici l'historique des opérations faites en tenant compte des dépendance des images précédente v1.1 et v1.0:
# docker image history debian_stretch:v1.2 IMAGE CREATED CREATED BY SIZE COMMENT f23dcd498f18 About a minute ago /bin/sh -c apt-get install -y tig 1.59MB 8b595d50f61b About a minute ago /bin/sh -c apt-get update 0B 8a2215836cb1 14 minutes ago /bin/sh -c apt-get install -y git 101MB f0211b5f0d74 15 minutes ago /bin/sh -c apt-get update 91kB 3c8107a26033 2 hours ago /bin/sh -c apt update 16.3MB 4879790bd60d 9 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 9 days ago /bin/sh -c #(nop) ADD file:a61c14b18252183a4… 101MB
Sur des systèmes Linux, le répertoire d’installation par défaut est
/var/lib/docker
Si vous utilisez Docker for Mac ou Docker for Windows, la plateforme Docker est installée dans une machine virtuelle tournant sur un hyperviseur léger (xhyve pour macOS, Hyper-V pour Windows). Il vous faudra utiliser la commande suivante pour accéder à un shell dans cette machine virtuelle.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
Dans les grandes lignes, cette commande permet de lancer un shell dans un container basé sur debian, et faire en sorte d'utiliser les namespaces de la machine hôte (la machine virtuelle) sur laquelle tourne le daemon Docker.
# docker image --help Usage: docker image COMMAND Manage images Commands: build Build an image from a Dockerfile history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load Load an image from a tar archive or STDIN ls List images prune Remove unused images pull Pull an image or a repository from a registry push Push an image or a repository to a registry rm Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE Run 'docker image COMMAND --help' for more information on a command.
Il s'agit de l'import / export de l'image
$ docker save -o alpine.tar alpine $ ls alpine.tar
$ tar -tvf fichier.tar
$ docker load < alpine.tar
Permet de tagger une image:
# docker image tag debian_stretch:v1.2 open1024/debian_django:2018.11.25
# docker container run -ti open1024/debian_django:2018.11.25 root@af19b74994b4:/# tig tig: Not a git repository root@af19b74994b4:/# exit exit
C'est une librairie d'image Docker: pull et push d'image vers un repo.
# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: open1024 Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
# docker image push open1024/debian_django:2018.11.25 The push refers to repository [docker.io/open1024/debian_django] c595376fcf0c: Pushed f362678e5baa: Pushed 148ecb09c742: Pushed e7fdba7c3909: Pushed 90d1009ce6fe: Mounted from library/debian 2018.11.25: digest: sha256:b349ac70ac6d2aa95496ca935bd752806b4dbc3b2177a6285e448c0294d3cf0d size: 1372
Permet la persistance des données.
Peut être défini de plusieurs façons :
Création d'un répertoire local dans /var/lib/docker/volumes par défaut
VOLUME /data/db /data/configdb
Coté HOST :
/var/lib/docker/volumes/2f...4d/_data/db
$ docker container run -v /usr/share/nginx/html nginx
# docker volume --help Usage: docker volume COMMAND Manage volumes Commands: create Create a volume inspect Display detailed information on one or more volumes ls List volumes prune Remove all unused local volumes rm Remove one or more volumes Run 'docker volume COMMAND --help' for more information on a command.
l'image alpine va servir d'exemple et définir /data en tant que volume. Tous les éléments créés dans /data seront persistés en dehors de l’union filesystem:
FROM alpine VOLUME ["/data"]
Nous construisons une image, que nous nommons imgvol, en utilisant ce fichier.
$ docker image build -t imgvol .
La commande suivante permet de lancer un shell intéractif dans un container, nommé c2, basé sur l’image imgvol.
docker container run --name c2 -ti imgvol
Depuis le container, nous créons le fichier hello.txt dans le répertoire /data.
# cd /data # touch hello.txt # ls hello.txt
Nous sortons alors du container avec la commande CTRL-P / CTRL-Q afin de s’assurer que le container est toujours en exécution. Pour en être sur, c2 doit être listé dans la commande suivante.
$ docker container ls
Avec la commande inspect, nous récuperons la clé Mounts afin d’avoir le chemin d’accès du volume sur la machine hôte.
"Mounts": [ { "Type": "volume", "Name": "5487c0c73580d1eac8d68c35dab9f4bea15f47d1e598cac0232c98dee42cf4ba", "Source": "/var/lib/docker/volumes/5487c0c73580d1eac8d68c35dab9f4bea15f47d1e598cac0232c98dee42cf4ba/_data", "Destination": "/data", "Driver": "local", "Mode": "", "RW": true, "Propagation": "" } ],
Le volume /data est accessible, sur la machine hôte, dans le path spécifié par la clé Source.
2018-11-26
Liste des options disponible:
https://docs.docker.com/machine/drivers/virtualbox/#/options
C'est un script Python développé parallèlement au développement de Docker.
Alors qu’auparavant une application était souvent un gros bloc unique (que l’on dénomme habituellement monolithe), elle est aujourd’hui composée de multiples composants. Chacun de ces composants est un service qui a son propre rôle et ses propres fonctionnalités.
Exemple de services:
Options disponibles: https://docs.docker.com/compose/compose-file/
$ git clone https://github.com/docker/example-voting-app $ cd example-voting-app
docker-compose.yml
version: "3" services: vote: build: ./vote command: python app.py volumes: - ./vote:/app ports: - "5000:80" networks: - front-tier - back-tier result: build: ./result command: nodemon server.js volumes: - ./result:/app ports: - "5001:80" - "5858:5858" networks: - front-tier - back-tier worker: build: context: ./worker depends_on: - "redis" networks: - back-tier redis: image: redis:alpine container_name: redis ports: ["6379"] networks: - back-tier db: image: postgres:9.4 container_name: db volumes: - "db-data:/var/lib/postgresql/data" networks: - back-tier volumes: db-data: networks: front-tier: back-tier:
$ docker-compose up -d