当前位置：首页 >服务端 > docker入门级详解

docker入门级详解

Docker

1 docker安装

yum install docker[root@topcheer ~]# systemctl start docker[root@topcheer ~]# mkdir -p /etc/docker [root@topcheer ~]# vim /etc/docker/daemon.json #配置阿里云镜像加速{"registry-mirrors": ["XXXXXXXXXXXXXXXX"]}[root@topcheer ~]# systemctl daemon-reload #加载配置文件 [root@topcheer ~]# systemctl restart docker #重启[root@topcheer ~]#

2 docker命令

2.1 docker帮助命令

docker version

 1 [root@topcheer ~]# docker version 2 Client: 3  Version: 1.13.1 4  API version: 1.26 5  Package version: docker-1.13.1-103.git7f2769b.el7.centos.x86_64 6  Go version:  go1.10.3 7  Git commit:  7f2769b/1.13.1 8  Built:Sun Sep 15 14:06:47 2019 9  OS/Arch: linux/amd6410 11 Server:12  Version: 1.13.113  API version: 1.26 (minimum version 1.12)14  Package version: docker-1.13.1-103.git7f2769b.el7.centos.x86_6415  Go version:  go1.10.316  Git commit:  7f2769b/1.13.117  Built:Sun Sep 15 14:06:47 201918  OS/Arch: linux/amd6419  Experimental:false20 [root@topcheer ~]#

docker info

 1 [root@topcheer ~]# docker info 2 Containers: 1 3  Running: 0 4  Paused: 0 5  Stopped: 1 6 Images: 1 7 Server Version: 1.13.1 8 Storage Driver: overlay2 9  Backing Filesystem: xfs10  Supports d_type: true11  Native Overlay Diff: true12 Logging Driver: jouald13 Cgroup Driver: systemd14 Plugins:15  Volume: local16  Network: bridge host macvlan null overlay17 Swarm: inactive18 Runtimes: docker-runc runc19 Default Runtime: docker-runc20 Init Binary: /usr/libexec/docker/docker-init-current21 containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)22 runc version: 9c3c5f853ebf0ffac0d087e94daef462133b69c7 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)23 init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)24 Security Options:25  seccomp26WARNING: You're not using the default seccomp profile27Profile: /etc/docker/seccomp.json28  selinux29 Keel Version: 3.10.0-957.el7.x86_6430 Operating System: CentOS Linux 7 (Core)31 OSType: linux32 Architecture: x86_6433 Number of Docker Hooks: 334 CPUs: 435 Total Memory: 1.777 GiB36 Name: topcheer37 ID: SR5A:YSH6:3YGH:YEZ4:PWLB:EEVE:3L5S:Z5AR:ARIA:SDGX:CZI5:MJ7O38 Docker Root Dir: /var/lib/docker39 Debug Mode (client): false40 Debug Mode (server): false41 Registry: https://index.docker.io/v1/42 Experimental: false43 Insecure Registries:44  127.0.0.0/845 Registry Mirrors:46  https://lara9y80.mirror.aliyuncs.com47 Live Restore Enabled: false48 Registries: docker.io (secure)49 [root@topcheer ~]#

docker --help

[root@topcheer ~]# docker --helpUsage:  docker COMMANDA self-sufficient runtime for containersOptions:  --config string  Location of client config files (default "/root/.docker")  -D, --debug  Enable debug mode  --helpPrint usage  -H, --host list  Daemon socket(s) to connect to (default [])  -l, --log-level stringSet the logging level ("debug", "info", "wa", "error", "fatal") (default "info")  --tlsUse TLS; implied by --tlsverify  --tlscacert stringTrust certs signed only by this CA (default "/root/.docker/ca.pem")  --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")  --tlskey string  Path to TLS key file (default "/root/.docker/key.pem")  --tlsverify  Use TLS and verify the remote  -v, --versionPrint version information and quitManagement Commands:  containerManage containers  imageManage images  network Manage networks  nodeManage Swarm nodes  plugin  Manage plugins  secret  Manage Docker secrets  service Manage services  stackManage Docker stacks  swarmManage Swarm  system  Manage Docker  volume  Manage volumesCommands:  attach  Attach to a running container  buildBuild an image from a Dockerfile  commit  Create a new image from a container's changes  cp  Copy files/folders between a container and the local filesystem  create  Create a new container  diffInspect changes on a container's filesystem  events  Get real time events from the server  execRun a command in a running container  export  Export a container's filesystem as a tar archive  history Show the history of an image  images  List images  import  Import the contents from a tarball to create a filesystem image  infoDisplay system-wide information  inspect Retu low-level information on Docker objects  killKill one or more running containers  loadLoad an image from a tar archive or STDIN  loginLog in to a Docker registry  logout  Log out from a Docker registry  logsFetch the logs of a container  pausePause all processes within one or more containers  portList port mappings or a specific mapping for the container  ps  List containers  pullPull an image or a repository from a registry  pushPush an image or a repository to a registry  rename  Rename a container  restart Restart one or more containers  rm  Remove one or more containers  rmi Remove one or more images  run Run a command in a new container  saveSave one or more images to a tar archive (streamed to STDOUT by default)  search  Search the Docker Hub for images  startStart one or more stopped containers  statsDisplay a live stream of container(s) resource usage statistics  stopStop one or more running containers  tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE  top Display the running processes of a container  unpause Unpause all processes within one or more containers  update  Update configuration of one or more containers  version Show the Docker version information  waitBlock until one or more containers stop, then print their exit codesRun 'docker COMMAND --help' for more information on a command.[root@topcheer ~]#

2.2 镜像命令

docker images

[root@topcheer ~]# docker imagesREPOSITORY  TAG IMAGE IDCREATED SIZEdocker.io/hello-worldlatest  fce289e99eb98 months ago1.84 kB[root@topcheer ~]#REPOSITORY：表示镜像的仓库源TAG：镜像的标签IMAGE ID：镜像IDCREATED：镜像创建时间SIZE：镜像大小 同一仓库源可以有多个 TAG，代表这个仓库源的不同个版本，我们使用 REPOSITORY:TAG 来定义不同的镜像。如果你不指定一个镜像的版本标签，例如你只使用 ubuntu，docker 将默认使用 ubuntu:latest 镜像

docker search

[root@topcheer ~]# docker search redisINDEXNAMEDESCRIPTION STARS OFFICIALAUTOMATEDdocker.iodocker.io/redisRedis is an open source key-value store th...7342  [OK]docker.iodocker.io/bitnami/redisBitnami Redis Docker Image  127  [OK]docker.iodocker.io/sameersbn/redis  77[OK]docker.iodocker.io/grokzen/redis-clusterRedis cluster 3.0, 3.2, 4.0 & 5.056docker.iodocker.io/rediscommander/redis-commanderAlpine image for redis-commander - Redis m...31[OK]docker.iodocker.io/kubeguide/redis-masterredis-master with "Hello World!"29docker.iodocker.io/redislabs/redis  Clustered in-memory database engine compat...23docker.iodocker.io/arm32v7/redisRedis is an open source key-value store th...17docker.iodocker.io/redislabs/redisearch Redis With the RedisSearch module pre-load...17docker.iodocker.io/oliver006/redis_exporter  Prometheus Exporter for Redis Metrics. Su...15docker.iodocker.io/webhippie/redis  Docker images for Redis 10[OK]docker.iodocker.io/s7anley/redis-sentinel-dockerRedis Sentinel  9[OK]docker.iodocker.io/insready/redis-stat  Docker image for the real-time Redis monit...8[OK]docker.iodocker.io/redislabs/redisgraph A graph database module for Redis8[OK]docker.iodocker.io/arm64v8/redisRedis is an open source key-value store th...6docker.iodocker.io/bitnami/redis-sentinelBitnami Docker Image for Redis Sentinel 6[OK]docker.iodocker.io/centos/redis-32-centos7  Redis in-memory data structure store, used...4docker.iodocker.io/redislabs/redismodAn automated build of redismod - latest Re...4[OK]docker.iodocker.io/circleci/redisCircleCI images for Redis2[OK]docker.iodocker.io/frodenas/redisA Docker Image for Redis2[OK]docker.iodocker.io/runnable/redis-stunnelstunnel to redis provided by linking conta...1[OK]docker.iodocker.io/tiredofit/redis  Redis Server w/ Zabbix monitoring and S6 O...1[OK]docker.iodocker.io/wodby/redis  Redis container image with orchestration1[OK]docker.iodocker.io/cflondonservices/redisDocker image for running redis  0docker.iodocker.io/xetamus/redis-resourceforked redis-resource0[OK][root@topcheer ~]#

docker pull

[root@topcheer ~]# docker pull  docker.io/redisUsing default tag: latestTrying to pull repository docker.io/library/redis ...latest: Pulling from docker.io/library/redisb8f262c62ec6: Pull complete93789b5343a5: Pull complete49cdbb315637: Pull complete2c1ff453e5c9: Pull complete9341ee0a5d4a: Pull complete770829e1df34: Pull completeDigest: sha256:5dcccb533dc0deacce4a02fe9035134576368452db0b4323b98a4b2ba2d3b302Status: Downloaded newer image for docker.io/redis:latest[root@topcheer ~]# docker imagesREPOSITORY  TAG IMAGE IDCREATED SIZEdocker.io/redis latest  63130206b0fa9 days ago  98.2 MBdocker.io/hello-worldlatest  fce289e99eb98 months ago1.84 kB[root@topcheer ~]#

docker rmi

[root@topcheer ~]# docker rmi 63130206b0faUntagged: docker.io/redis:latestUntagged: docker.io/redis@sha256:5dcccb533dc0deacce4a02fe9035134576368452db0b4323b98a4b2ba2d3b302Deleted: sha256:63130206b0fa808e4545a0cb4a1f14f6d40b8a7e2e6fda0a31fd326c2ac0971cDeleted: sha256:9476758634326bb436208264d0541e9a0d42e4add35d00c2a7408f810223013dDeleted: sha256:0f3d9de16a216bfa5e2c2bd0e3c2ba83afec01a1b326d9f39a5ea7aecc112bafDeleted: sha256:452d665d4efca3e6067c89a332c878437d250312719f9ea8fff8c0e350b6e471Deleted: sha256:d6aec371927a9d4bfe4df4ee8e510624549fc08bc60871ce1f145997f49d4d37Deleted: sha256:2957e0a13c30e89650dd6c00644c04aa87ce516284c76a67c4b32cbb877de178Deleted: sha256:2db44bce66cde56fca25aeeb7d09dc924b748e3adfe58c9cc3eb2bd2f68a1b68[root@topcheer ~]# docker imagesREPOSITORY  TAG IMAGE IDCREATED SIZEdocker.io/hello-worldlatest  fce289e99eb98 months ago1.84 kB[root@topcheer ~]#

2.3 容器命令

docker run

OPTIONS说明（常用）：有些是一个减号，有些是两个减号 --name="容器新名字": 为容器指定一个名称；-d: 后台运行容器，并返回容器ID，也即启动守护式容器；-i：以交互模式运行容器，通常与 -t 同时使用；-t：为容器重新分配一个伪输入终端，通常与 -i 同时使用；-P: 随机端口映射；-p: 指定端口映射，有以下四种格式  ip:hostPort:containerPort  ip::containerPort  hostPort:containerPort  containerPort  [root@topcheer ~]# docker run -it centos /bin/bash[root@3d2a94b63807 /]# cd /[root@3d2a94b63807 /]# ll

docker ps

OPTIONS说明（常用）： -a :列出当前所有正在运行的容器+历史上运行过的-l :显示最近创建的容器。-n：显示最近n个创建的容器。-q :静默模式，只显示容器编号。--no-trunc :不截断输出。退出容器 exit:容器停止退出 crtl p q容器不停止退出[root@topcheer ~]# docker psCONTAINER IDIMAGECOMMAND CREATED STATUS  PORTSNAMES3d2a94b63807centos  "/bin/bash" 3 minutes agoUp 3 minutesnostalgic_darwin[root@topcheer ~]#

docker stop

root@topcheer ~]# docker psCONTAINER IDIMAGECOMMAND CREATED STATUS  PORTSNAMES3d2a94b63807centos  "/bin/bash" 3 minutes agoUp 3 minutesnostalgic_darwin[root@topcheer ~]# docker stop 3d2a94b638073d2a94b63807

docker start

[root@topcheer ~]# docker start 3d2a94b638073d2a94b63807[root@topcheer ~]# docker psCONTAINER IDIMAGECOMMAND CREATED STATUS  PORTSNAMES3d2a94b63807centos  "/bin/bash" 6 minutes agoUp 17 secondsnostalgic_darwin[root@topcheer ~]#

docker rm

[root@topcheer ~]# docker rm -f $(docker ps -a -q)3d2a94b63807299b22d3d143[root@topcheer ~]# docker psCONTAINER IDIMAGECOMMAND CREATED STATUS  PORTSNAMES[root@topcheer ~]#

docker run -d

[root@topcheer ~]# docker run -d centos3c618cadb296fd013384201958f175085395a505a0aa1f7727e3c24b744b0b7f[root@topcheer ~]# 问题：然后docker ps -a 进行查看, 会发现容器已经退出很重要的要说明的一点: Docker容器后台运行,就必须有一个前台进程.容器运行的命令如果不是那些一直挂起的命令（比如运行top，tail），就是会自动退出的。 这个是docker的机制问题,比如你的web容器,我们以nginx为例，正常情况下,我们配置启动服务只需要启动响应的service即可。例如service nginx start但是,这样做,nginx为后台进程模式运行,就导致docker前台没有运行的应用,这样的容器后台启动后,会立即自杀因为他觉得他没事可做了.所以，最佳的解决方案是,将你要运行的程序以前台进程的形式运行

docker logs

*-t 是加入时间戳*-f 跟随最新的日志打印*--tail 数字 显示最后多少条[root@topcheer ~]# docker run -d centos /bin/sh -c "while true;do echo hello zzyy;sleep 2;done"6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667[root@topcheer ~]# docker ps -aCONTAINER IDIMAGECOMMAND  CREATED  STATUS  PORTSNAMES6c4bb3ce4c35centos  "/bin/sh -c 'while..."6 seconds agoUp 4 secondseloquent_shannon3c618cadb296centos  "/bin/bash"  About a minute agoExited (0) About a minute agoupbeat_jepsen[root@topcheer ~]# docker logs -f -t --tail 6c4bb3ce4c35"docker logs" requires exactly 1 argument(s).See 'docker logs --help'.Usage:  docker logs [OPTIONS] CONTAINERFetch the logs of a container[root@topcheer ~]# docker ps -aCONTAINER IDIMAGECOMMAND  CREATED STATUS PORTSNAMES6c4bb3ce4c35centos  "/bin/sh -c 'while..."47 seconds ago  Up 46 seconds  eloquent_shannon3c618cadb296centos  "/bin/bash"  2 minutes agoExited (0) 2 minutes agoupbeat_jepsen[root@topcheer ~]# docker logs -tf --tail10  6c4bb3ce4c35unknown flag: --tail10See 'docker logs --help'.[root@topcheer ~]# docker logs -tf --tail 10  6c4bb3ce4c352019-09-22T10:23:14.595414000Z hello zzyy2019-09-22T10:23:16.597109000Z hello zzyy2019-09-22T10:23:18.600019000Z hello zzyy2019-09-22T10:23:20.602673000Z hello zzyy2019-09-22T10:23:22.605026000Z hello zzyy2019-09-22T10:23:24.625059000Z hello zzyy

docker top 查看容器内运行的进程

[root@topcheer ~]# docker top 6c4bb3ce4c35UID PID PPIDCSTIMETTY TIMECMDroot116050  116030  018:21?00:00:00/bin/sh -c while true;do echo hello zzyy;sleep 2;doneroot116250  116050  218:25?00:00:00sleep 2[root@topcheer ~]#

docker inspect 查看容器内部细节

[root@topcheer ~]# docker inspect 6c4bb3ce4c35[{"Id": "6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667","Created": "2019-09-22T10:21:57.924998005Z","Path": "/bin/sh","Args": ["-c","while true;do echo hello zzyy;sleep 2;done"],"State": {"Status": "running","Running": true,"Paused": false,"Restarting": false,"OOMKilled": false,"Dead": false,"Pid": 116050,"ExitCode": 0,"Error": "","StartedAt": "2019-09-22T10:21:58.43216616Z","FinishedAt": "0001-01-01T00:00:00Z"},"Image": "sha256:67fa590cfc1c207c30b837528373f819f6262c884b7e69118d060a0c04d70ab8","ResolvConfPath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/resolv.conf","HostnamePath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/hostname","HostsPath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/hosts","LogPath": "","Name": "/eloquent_shannon","RestartCount": 0,"Driver": "overlay2","MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c71,c940","ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c71,c940","AppArmorProfile": "","ExecIDs": null,"HostConfig": {"Binds": null,"ContainerIDFile": "","LogConfig": {"Type": "jouald","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"CapAdd": null,"CapDrop": null,"Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "","Cgroup": "","Links": null,"OomScoreAdj": 0,"PidMode": "","Privileged": false,"PublishAllPorts": false,"ReadonlyRootfs": false,"SecurityOpt": null,"UTSMode": "","UsesMode": "","ShmSize": 67108864,"Runtime": "docker-runc","ConsoleSize": [0,0],"Isolation": "","CpuShares": 0,"Memory": 0,"NanoCpus": 0,"CgroupParent": "","BlkioWeight": 0,"BlkioWeightDevice": null,"BlkioDeviceReadBps": null,"BlkioDeviceWriteBps": null,"BlkioDeviceReadIOps": null,"BlkioDeviceWriteIOps": null,"CpuPeriod": 0,"CpuQuota": 0,"CpuRealtimePeriod": 0,"CpuRealtimeRuntime": 0,"CpusetCpus": "","CpusetMems": "","Devices": [],"DiskQuota": 0,"KeelMemory": 0,"MemoryReservation": 0,"MemorySwap": 0,"MemorySwappiness": -1,"OomKillDisable": false,"PidsLimit": 0,"Ulimits": null,"CpuCount": 0,"CpuPercent": 0,"IOMaximumIOps": 0,"IOMaximumBandwidth": 0},"GraphDriver": {"Name": "overlay2","Data": {"LowerDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff","MergedDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/merged","UpperDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/diff","WorkDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/work"}},"Mounts": [],"Config": {"Hostname": "6c4bb3ce4c35","Domainname": "","User": "","AttachStdin": false,"AttachStdout": false,"AttachStderr": false,"Tty": false,"OpenStdin": false,"StdinOnce": false,"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd": ["/bin/sh","-c","while true;do echo hello zzyy;sleep 2;done"],"Image": "centos","Volumes": null,"WorkingDir": "","Entrypoint": null,"OnBuild": null,"Labels": {"org.label-schema.build-date": "20190801","org.label-schema.license": "GPLv2","org.label-schema.name": "CentOS Base Image","org.label-schema.schema-version": "1.0","org.label-schema.vendor": "CentOS"}},"NetworkSettings": {"Bridge": "","SandboxID": "d5f116b329f01e9bab7f985282fd568e379c8e7aa4fcc3677b9b025ded771149","HairpinMode": false,"LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"Ports": {},"SandboxKey": "/var/run/docker/netns/d5f116b329f0","SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"EndpointID": "825091555bc0adfdf32667650884ec2b6274c44c787291870de32ec2cee8575b","Gateway": "172.17.0.1","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","MacAddress": "02:42:ac:11:00:02","Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "fe000671b1b7f9a2e634f409bd33ada7bed50e818a28c1d9c8245aba67b1b625","EndpointID": "825091555bc0adfdf32667650884ec2b6274c44c787291870de32ec2cee8575b","Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02"}}}}][root@topcheer ~]#

docker exec -it

[root@topcheer ~]# docker exec -it 6c4bb3ce4c35 /bin/bash[root@6c4bb3ce4c35 /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.5 root root340 Sep 22 10:21 devdrwxr-xr-x.1 root root66 Sep 22 10:21 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 251 root root 0 Sep 22 10:21 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 22 10:21 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep  2 01:15 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@6c4bb3ce4c35 /]#[root@topcheer ~]# docker attach 6c4bb3ce4c35hello zzyyhello zzyyhello zzyyhello zzyyattach 直接进入容器启动命令的终端，不会启动新的进程exec 是在容器中打开新的终端，并且可以启动新的进程

docker cp docker cp 容器ID:容器内路径目的主机路径

[root@topcheer ~]# docker cp 6c4bb3ce4c35:/tmp/yum.log /tmp/yum.log[root@topcheer ~]# cd /tmp[root@topcheer tmp]# ll总用量 144-rw-r--r--. 1 root root1148 8月  31 18:29 anaconda.logdrwxr-xr-x. 2 root root 18 8月  31 18:17 hsperfdata_root-rw-r--r--. 1 root root415 8月  31 18:29 ifcfg.log-rwx------. 1 root root836 8月  31 18:27 ks-script-zj2XPa-rw-r--r--. 1 root root  0 8月  31 18:28 packaging.log-rw-r--r--. 1 root root  0 8月  31 18:28 program.log-rw-r--r--. 1 root root  0 8月  31 18:28 sensitive-info.logdrwx------. 2 wgr  wgr  25 8月  31 18:31 ssh-FYigK4SAU4OMdrwx------. 2 wgr  wgr  25 9月2 09:18 ssh-zKscLR1XtYju-rw-r--r--. 1 root root  0 8月  31 18:28 storage.logdrwx------. 3 root root 17 8月  31 18:29 systemd-private-6a7934172f6c411fbf39074aa3902f99-bolt.service-Y8qrWSdrwx------. 3 root root 17 8月  31 18:29 systemd-private-6a7934172f6c411fbf39074aa3902f99-colord.service-7Jig8Hdrwx------. 3 root root 17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-cups.service-bBt1J6drwx------. 3 root root 17 8月  31 18:31 systemd-private-6a7934172f6c411fbf39074aa3902f99-fwupd.service-Gm5QpNdrwx------. 3 root root 17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-rtkit-daemon.service-VEQfTpdrwx------. 3 root root 17 8月  31 18:31 systemd-private-6a7934172f6c411fbf39074aa3902f99-systemd-hostnamed.service-TulnOVdrwx------. 3 root root 17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-systemd-machined.service-Jxxmt6drwx------. 3 root root 17 9月2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-bolt.service-LFuHXZdrwx------. 3 root root 17 9月2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-colord.service-LRGmILdrwx------. 3 root root 17 9月2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-cups.service-Qktpb4drwx------. 3 root root 17 9月2 09:18 systemd-private-7b6d429e399747c496a317824a2e8642-fwupd.service-aSrZvkdrwx------. 3 root root 17 9月2 09:15 systemd-private-7b6d429e399747c496a317824a2e8642-rtkit-daemon.service-nW4tNfdrwx------. 2 root root  6 9月  22 17:34 tmp.Bl496ZWqxndrwx------. 2 root root  6 9月  22 17:33 tmp.K31L5zqugcdrwx------. 2 wgr  wgr6 8月  31 18:31 tracker-extract-files.1000drwx------. 2 root root  6 9月2 09:15 vmware-root_6298-692293416drwx------. 2 root root  6 8月  31 18:28 vmware-root_6346-994818392-rw-------. 1 root root  0 8月1 09:09 yum.log-rw-------. 1 root root 133031 9月2 09:19 yum_save_tx.2019-09-02.09-19.4iKsVG.yumtx[root@topcheer tmp]#

attachAttach to a running container # 当前 shell 下 attach 连接指定运行镜像build Build an image from a Dockerfile  # 通过 Dockerfile 定制镜像commitCreate a new image from a container changes# 提交当前容器为新的镜像cpCopy files/folders from the containers filesystem to the host path#从容器中拷贝指定文件或者目录到宿主机中createCreate a new container# 创建一个新的容器，同 run，但不启动容器diff  Inspect changes on a container's filesystem# 查看 docker 容器变化eventsGet real time events from the server  # 从 docker 服务获取容器实时事件exec  Run a command in an existing container# 在已存在的容器上运行命令exportStream the contents of a container as a tar archive# 导出容器的内容流作为一个 tar 归档文件[对应 import ]historyShow the history of an image  # 展示一个镜像形成历史imagesList images# 列出系统当前镜像importCreate a new filesystem image from the contents of a tarball # 从tar包中的内容创建一个新的文件系统映像[对应export]info  Display system-wide information# 显示系统相关信息inspectRetu low-level information on a container# 查看容器详细信息kill  Kill a running container  # kill 指定 docker 容器load  Load an image from a tar archive  # 从一个 tar 包中加载一个镜像[对应 save]login Register or Login to the docker registry server# 注册或者登陆一个 docker 源服务器logoutLog out from a Docker registry server  # 从当前 Docker registry 退出logs  Fetch the logs of a container # 输出当前容器日志信息port  Lookup the public-facing port which is NAT-ed to PRIVATE_PORT# 查看映射端口对应的容器内部源端口pause Pause all processes within a container# 暂停容器psList containers# 列出容器列表pull  Pull an image or a repository from the docker registry server# 从docker镜像源服务器拉取指定镜像或者库镜像push  Push an image or a repository to the docker registry server# 推送指定镜像或者库镜像至docker源服务器restartRestart a running container# 重启运行的容器rmRemove one or more containers # 移除一个或者多个容器rmiRemove one or more images # 移除一个或多个镜像[无容器使用该镜像才可删除，否则需删除相关容器才可继续或 -f 强制删除]runRun a command in a new container  # 创建一个新的容器并运行一个命令save  Save an image to a tar archive# 保存一个镜像为一个 tar 包[对应 load]searchSearch for an image on the Docker Hub # 在 docker hub 中搜索镜像start Start a stopped containers# 启动容器stop  Stop a running containers # 停止容器tagTag an image into a repository# 给源中镜像打标签topLookup the running processes of a container# 查看容器中运行的进程信息unpauseUnpause a paused container# 取消暂停容器versionShow the docker version information# 查看 docker 版本号wait  Block until a container stops, then print its exit code# 截取容器停止时的退出状态值

3 docker镜像

3.1 docker镜像是什么

UnionFS（联合文件系统）：Union文件系统（UnionFS）是一种分层、轻量级并且高性能的文件系统，它支持对文件系统的修改作为一次提交来一层层的叠加，同时可以将不同目录挂载到同一个虚拟文件系统下(unite several directories into a single virtual filesystem)。Union 文件系统是 Docker 镜像的基础。镜像可以通过分层来进行继承，基于基础镜像（没有父镜像），可以制作各种具体的应用镜像。

特性：一次同时加载多个文件系统，但从外面看起来，只能看到一个文件系统，联合加载会把各层文件系统叠加起来，这样最终的文件系统会包含所有底层的文件和目录

docker镜像加载原理

docker的镜像实际上由一层一层的文件系统组成，这种层级的文件系统UnionFS。 bootfs(boot file system)主要包含bootloader和keel, bootloader主要是引导加载keel, Linux刚启动时会加载bootfs文件系统，在Docker镜像的最底层是bootfs。这一层与我们典型的Linux/Unix系统是一样的，包含boot加载器和内核。当boot加载完成之后整个内核就都在内存中了，此时内存的使用权已由bootfs转交给内核，此时系统也会卸载bootfs。

rootfs (root file system) ，在bootfs之上。包含的就是典型 Linux 系统中的 /dev, /proc, /bin, /etc 等标准目录和文件。rootfs就是各种不同的操作系统发行版，比如Ubuntu，Centos等等。

平时我们安装进虚拟机的CentOS都是好几个G，为什么docker这里才200M？？

对于一个精简的OS，rootfs可以很小，只需要包括最基本的命令、工具和程序库就可以了，因为底层直接用Host的keel，自己只需要提供 rootfs 就行了。由此可见对于不同的linux发行版, bootfs基本是一致的, rootfs会有差别, 因此不同的发行版可以公用bootfs。

docker分层镜像

以我们的pull为例，在下载的过程中我们可以看到docker的镜像好像是在一层一层的在下载

最大的一个好处就是 - 共享资源

比如：有多个镜像都从相同的 base 镜像构建而来，那么宿主机只需在磁盘上保存一份base镜像，同时内存中也只需加载一份 base 镜像，就可以为所有容器服务了。而且镜像的每一层都可以被共享。

特点

Docker镜像都是只读的当容器启动时，一个新的可写层被加载到镜像的顶部。这一层通常被称作“容器层”，“容器层”之下的都叫“镜像层”。

3.2 镜像的commit

docker commit -m=“提交的描述信息” -a=“作者” 容器ID 要创建的目标镜像名:[标签名]

先拉取官方tomcat，运行

[root@topcheer tmp]# docker run -it -p 8888:8080 tomcatUsing CATALINA_BASE:/usr/local/tomcatUsing CATALINA_HOME:/usr/local/tomcatUsing CATALINA_TMPDIR: /usr/local/tomcat/tempUsing JRE_HOME:/usr/local/openjdk-8Using CLASSPATH:/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar22-Sep-2019 13:28:56.568 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:Apache Tomcat/8.5.4622-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:  Sep 16 2019 18:16:19 UTC22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.46.022-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:Linux22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:3.10.0-957.el7.x86_6422-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:  amd6422-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/o-p 主机端口:docker容器端口-P 随机分配端口i:交互t:终端

删除文件

[root@topcheer tmp]# docker psCONTAINER IDIMAGECOMMAND  CREATED STATUS  PORTSNAMES5910b3a257fftomcat  "catalina.sh run"3 minutes agoUp 3 minutes0.0.0.0:8888->8080/tcpbrave_knuth6c4bb3ce4c35centos  "/bin/sh -c 'while..."3 hours ago Up 3 hourseloquent_shannon[root@topcheer tmp]# docker exec -it 5910b3a257ff /bin/bashroot@5910b3a257ff:/usr/local/tomcat# llbash: ll: command not foundroot@5910b3a257ff:/usr/local/tomcat# ls -ltotal 124-rw-r--r--. 1 root root  19318 Sep 16 18:19 BUILDING.txt-rw-r--r--. 1 root root5407 Sep 16 18:19 CONTRIBUTING.md-rw-r--r--. 1 root root  57011 Sep 16 18:19 LICENSE-rw-r--r--. 1 root root1726 Sep 16 18:19 NOTICE-rw-r--r--. 1 root root3255 Sep 16 18:19 README.md-rw-r--r--. 1 root root7139 Sep 16 18:19 RELEASE-NOTES-rw-r--r--. 1 root root  16262 Sep 16 18:19 RUNNING.txtdrwxr-xr-x. 2 root root4096 Sep 20 01:40 bindrwxr-sr-x. 1 root root 22 Sep 22 13:28 confdrwxr-sr-x. 2 root staff78 Sep 20 01:40 includedrwxr-xr-x. 2 root root4096 Sep 20 01:40 libdrwxrwxrwx. 1 root root177 Sep 22 13:28 logsdrwxr-sr-x. 3 root staff151 Sep 20 01:40 native-jni-libdrwxrwxrwx. 2 root root 30 Sep 20 01:40 tempdrwxr-xr-x. 7 root root 81 Sep 16 18:17 webappsdrwxrwxrwx. 1 root root 22 Sep 22 13:28 workroot@5910b3a257ff:/usr/local/tomcat#root@5910b3a257ff:/usr/local/tomcat/webapps# ls -ltotal 8drwxr-xr-x.  3 root root 4096 Sep 20 01:40 ROOTdrwxr-xr-x. 15 root root 4096 Sep 20 01:40 docsdrwxr-xr-x.  6 root root83 Sep 20 01:40 examplesdrwxr-xr-x.  5 root root87 Sep 20 01:40 host-managerdrwxr-xr-x.  5 root root  103 Sep 20 01:40 managerroot@5910b3a257ff:/usr/local/tomcat/webapps# rm -rf docs/root@5910b3a257ff:/usr/local/tomcat/webapps#

提交镜像

[root@topcheer tmp]# docker ps -lCONTAINER IDIMAGECOMMAND CREATED STATUS  PORTSNAMES5910b3a257fftomcat  "catalina.sh run"6 minutes agoUp 6 minutes0.0.0.0:8888->8080/tcpbrave_knuth[root@topcheer tmp]# docker commit -a="wgr" -m "test del docs" 5910b3a257ff topcher/tomcat:1.0.1sha256:3d8737216a1e91c4b2f66a054eeb7e48031f5bff7a05a4a5ce4e5c519cc40084[root@topcheer tmp]#[root@topcheer tmp]# docker commit -a="wgr" -m "test del docs" 5910b3a257ff topcher/tomcat:1.0.1sha256:3d8737216a1e91c4b2f66a054eeb7e48031f5bff7a05a4a5ce4e5c519cc40084[root@topcheer tmp]# docker imagesREPOSITORY  TAG IMAGE IDCREATED SIZEtopcher/tomcat  1.0.13d8737216a1e22 seconds ago  508 MBdocker.io/tomcatlatest  8973f493aa0a2 days ago  508 MBdocker.io/centoslatest  67fa590cfc1c4 weeks ago 202 MBdocker.io/hello-worldlatest  fce289e99eb98 months ago1.84 kB[root@topcheer tmp]#

运行镜像

[root@topcheer tmp]# docker run -it -p 8080:8080 topcher/tomcat:1.0.1Using CATALINA_BASE:/usr/local/tomcatUsing CATALINA_HOME:/usr/local/tomcatUsing CATALINA_TMPDIR: /usr/local/tomcat/tempUsing JRE_HOME:/usr/local/openjdk-8Using CLASSPATH:/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar22-Sep-2019 13:38:55.628 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:Apache Tomcat/8.5.4622-Sep-2019 13:38:55.631 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:  Sep 16 2019 18:16:19 UTC22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.46.022-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:Linux22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:3.10.0-957.el7.x86_6422-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:  amd6422-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/openjdk-8/jre22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:1.8.0_222-b1022-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:Oracle Corporation22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/local/tomcat22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat

确实为刚刚commit的镜像

4 docker数据卷

4.1 理念

先来看看Docker的理念：

将运用与运行的环境打包形成容器运行，运行可以伴随着容器，但是我们对数据的要求希望是持久化的
容器之间希望有可能共享数据

Docker容器产生的数据，如果不通过docker commit生成新的镜像，使得数据做为镜像的一部分保存下来，那么当容器删除后，数据自然也就没有了。

为了能保存数据在docker中我们使用卷。

4.2 作用

卷就是目录或文件，存在于一个或多个容器中，由docker挂载到容器，但不属于联合文件系统，因此能够绕过Union File System提供一些用于持续存储或共享数据的特性：

卷的设计目的就是数据的持久化，完全独立于容器的生存周期，因此Docker不会在容器删除时删除其挂载的数据卷

特点： 1：数据卷可在容器之间共享或重用数据 2：卷中的更改可以直接生效 3：数据卷中的更改不会包含在镜像的更新中 4：数据卷的生命周期一直持续到没有容器使用它为止

容器的持久化有点类似我们Redis里面的rdb和aof文件

容器间继承+共享数据类似Maven的父工程

4.3 通过命令添加数据卷

docker run -it -v /宿主机绝对路径目录:/容器内目录镜像名

[root@topcheer tmp]# docker run -it -v /wgrData:/containerData 67fa590cfc1c /bin/bash[root@a518695bb7bc /]# ls -ltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root 6 Sep 22 13:50 containerDatadrwxr-xr-x.5 root root360 Sep 22 13:50 devdrwxr-xr-x.1 root root66 Sep 22 13:50 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 265 root root 0 Sep 22 13:50 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 22 13:50 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep  2 01:15 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@a518695bb7bc /]# cd containerData/[root@a518695bb7bc containerData]# touch wgr.txttouch: cannot touch 'wgr.txt': Permission denied##后面说加参数，这边权限不够[root@topcheer /]# cd wgrData[root@topcheer wgrData]# ll总用量 0[root@topcheer wgrData]# touch wgr.txt[root@topcheer wgrData]#[root@a518695bb7bc containerData]# ls -ltotal 0-rw-r--r--. 1 root root 0 Sep 22 13:50 wgr.txt[root@a518695bb7bc containerData]#

[root@topcheer wgrData]# docker inspect a518695bb7bc[{"Id": "a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d","Created": "2019-09-22T13:50:02.271544718Z","Path": "/bin/bash","Args": [],"State": {"Status": "running","Running": true,"Paused": false,"Restarting": false,"OOMKilled": false,"Dead": false,"Pid": 126235,"ExitCode": 0,"Error": "","StartedAt": "2019-09-22T13:50:02.8043339Z","FinishedAt": "0001-01-01T00:00:00Z"},"Image": "sha256:67fa590cfc1c207c30b837528373f819f6262c884b7e69118d060a0c04d70ab8","ResolvConfPath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/resolv.conf","HostnamePath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/hostname","HostsPath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/hosts","LogPath": "","Name": "/priceless_mccarthy","RestartCount": 0,"Driver": "overlay2","MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c554,c859","ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c554,c859","AppArmorProfile": "","ExecIDs": null,"HostConfig": {"Binds": ["/wgrData:/containerData"],"ContainerIDFile": "","LogConfig": {"Type": "jouald","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"CapAdd": null,"CapDrop": null,"Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "","Cgroup": "","Links": null,"OomScoreAdj": 0,"PidMode": "","Privileged": false,"PublishAllPorts": false,"ReadonlyRootfs": false,"SecurityOpt": null,"UTSMode": "","UsesMode": "","ShmSize": 67108864,"Runtime": "docker-runc","ConsoleSize": [0,0],"Isolation": "","CpuShares": 0,"Memory": 0,"NanoCpus": 0,"CgroupParent": "","BlkioWeight": 0,"BlkioWeightDevice": null,"BlkioDeviceReadBps": null,"BlkioDeviceWriteBps": null,"BlkioDeviceReadIOps": null,"BlkioDeviceWriteIOps": null,"CpuPeriod": 0,"CpuQuota": 0,"CpuRealtimePeriod": 0,"CpuRealtimeRuntime": 0,"CpusetCpus": "","CpusetMems": "","Devices": [],"DiskQuota": 0,"KeelMemory": 0,"MemoryReservation": 0,"MemorySwap": 0,"MemorySwappiness": -1,"OomKillDisable": false,"PidsLimit": 0,"Ulimits": null,"CpuCount": 0,"CpuPercent": 0,"IOMaximumIOps": 0,"IOMaximumBandwidth": 0},"GraphDriver": {"Name": "overlay2","Data": {"LowerDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff","MergedDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/merged","UpperDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/diff","WorkDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/work"}},"Mounts": [{"Type": "bind","Source": "/wgrData","Destination": "/containerData","Mode": "","RW": true,"Propagation": "rprivate"}],"Config": {"Hostname": "a518695bb7bc","Domainname": "","User": "","AttachStdin": true,"AttachStdout": true,"AttachStderr": true,"Tty": true,"OpenStdin": true,"StdinOnce": true,"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd": ["/bin/bash"],"Image": "67fa590cfc1c","Volumes": null,"WorkingDir": "","Entrypoint": null,"OnBuild": null,"Labels": {"org.label-schema.build-date": "20190801","org.label-schema.license": "GPLv2","org.label-schema.name": "CentOS Base Image","org.label-schema.schema-version": "1.0","org.label-schema.vendor": "CentOS"}},"NetworkSettings": {"Bridge": "","SandboxID": "99fff9167aad470c7e05b16c4f0a7995a8b65ec62bbd8b547e526618f6ad426b","HairpinMode": false,"LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"Ports": {},"SandboxKey": "/var/run/docker/netns/99fff9167aad","SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"EndpointID": "51a7cabaa6a8ec85f43faca98bb1f12ad8cdc7e7bc9c323aa689ec209b557405","Gateway": "172.17.0.1","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.5","IPPrefixLen": 16,"IPv6Gateway": "","MacAddress": "02:42:ac:11:00:05","Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "fe000671b1b7f9a2e634f409bd33ada7bed50e818a28c1d9c8245aba67b1b625","EndpointID": "51a7cabaa6a8ec85f43faca98bb1f12ad8cdc7e7bc9c323aa689ec209b557405","Gateway": "172.17.0.1","IPAddress": "172.17.0.5","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:05"}}}}][root@topcheer wgrData]#

4.4 测试

容器停止退出后，主机修改后数据是否同步

[root@topcheer wgrData]# docker stop a518695bb7bca518695bb7bc[root@topcheer wgrData]# ll总用量 0-rw-r--r--. 1 root root 0 9月  22 21:50 wgr.txt[root@topcheer wgrData]# vim wgr.txt[root@topcheer wgrData]# docker ps -aCONTAINER IDIMAGE  COMMAND  CREATED STATUSPORTSNAMESa518695bb7bc67fa590cfc1c"/bin/bash"  13 minutes ago  Exited (137) About a minute agopriceless_mccarthy936835c7272btopcher/tomcat:1.0.1"catalina.sh run"24 minutes ago  Up 24 minutes 0.0.0.0:8080->8080/tcpangry_northcutt5910b3a257fftomcat "catalina.sh run"34 minutes ago  Up 34 minutes 0.0.0.0:8888->8080/tcpbrave_knuth6c4bb3ce4c35centos "/bin/sh -c 'while..."3 hours ago Up 3 hours eloquent_shannon[root@topcheer wgrData]# docker start a518695bb7bca518695bb7bc[root@topcheer wgrData]# docker exec -it a518695bb7bc /bin/bash[root@a518695bb7bc /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root21 Sep 22 14:02 containerDatadrwxr-xr-x.5 root root360 Sep 22 14:03 devdrwxr-xr-x.1 root root66 Sep 22 13:50 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 267 root root 0 Sep 22 14:03 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 22 13:50 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep  2 01:15 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@a518695bb7bc /]# cd containerData/[root@a518695bb7bc containerData]# lltotal 4-rw-r--r--. 1 root root 8 Sep 22 14:02 wgr.txt[root@a518695bb7bc containerData]# cat wgr.txteqweqeq[root@a518695bb7bc containerData]#

添加权限

[root@topcheer wgrData]# docker run -it --privileged=true  -v /wgrData1:/containerData1 67fa590cfc1c /bin/bash[root@2de3c8ed278e /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root 6 Sep 22 14:19 containerData1drwxr-xr-x.  15 root root  3120 Sep 22 14:19 devdrwxr-xr-x.1 root root66 Sep 22 14:19 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 272 root root 0 Sep 22 14:19 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 22 14:19 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep  2 01:15 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@2de3c8ed278e /]# cd containerData1/[root@2de3c8ed278e containerData1]# touch wgr.txt[root@2de3c8ed278e containerData1]#

限制权限

[root@topcheer wgrData]# docker stop 936835c7272b936835c7272b[root@topcheer wgrData]# docker run -it -v /wgrData2:/containerData2:ro 67fa590cfc1c /bin/bash[root@377e0b8a96a2 /]# "Mounts": [{"Type": "bind","Source": "/wgrData2","Destination": "/containerData2","Mode": "ro","RW": false,"Propagation": "rprivate"}],

4.5 Dockerfile添加

可在Dockerfile中使用VOLUME指令来给镜像添加一个或多个数据卷

[root@topcheer mydocker]# vim Dockerfile[root@topcheer mydocker]# docker build -f Dockerfile -t wgr/centos .Sending build context to Docker daemon 2.048 kBStep 1/4 : FROM centos ---> 67fa590cfc1cStep 2/4 : VOLUME /dataVolumeContainer1 /dataVolumeContainer2 ---> Running in 1fece8932e92 ---> 5c15da2cfe9aRemoving intermediate container 1fece8932e92Step 3/4 : CMD echo "finished,--------success1" ---> Running in 708260afecce ---> 8039778cf467Removing intermediate container 708260afecceStep 4/4 : CMD /bin/bash ---> Running in 54e07ae3feb5 ---> fb7e3d506043Removing intermediate container 54e07ae3feb5Successfully built fb7e3d506043[root@topcheer mydocker]# cat Dockerfile# volume testFROM centosVOLUME ["/dataVolumeContainer1","/dataVolumeContainer2"]CMD echo "finished,--------success1"CMD /bin/bash[root@topcheer mydocker]#

[root@topcheer mydocker]# docker imagesREPOSITORY  TAG IMAGE IDCREATED  SIZEwgr/centos  latest  fb7e3d506043About a minute ago202 MBmytomcat9latest  6c243064a02820 hours ago 749 MBmyip1.2 00a0a1f80e3620 hours ago 271 MBmyiplatest  420c99c3b70720 hours ago 271 MBmycentosfile1.1 f022cd7b901720 hours ago 395 MBtopcher/tomcat  1.0.13d8737216a1e23 hours ago 508 MBdocker.io/tomcatlatest  8973f493aa0a3 days ago508 MBdocker.io/centoslatest  67fa590cfc1c4 weeks ago  202 MBdocker.io/hello-worldlatest  fce289e99eb98 months ago 1.84 kB[root@topcheer mydocker]# docker run -it wgr/centos /bin/bash[root@a63d98e5a625 /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root 6 Sep 23 12:52 dataVolumeContainer1drwxr-xr-x.2 root root 6 Sep 23 12:52 dataVolumeContainer2drwxr-xr-x.5 root root360 Sep 23 12:52 devdrwxr-xr-x.1 root root66 Sep 23 12:52 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 208 root root 0 Sep 23 12:52 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 23 12:52 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep 23 12:25 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@a63d98e5a625 /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root 6 Sep 23 12:52 dataVolumeContainer1drwxr-xr-x.2 root root 6 Sep 23 12:52 dataVolumeContainer2drwxr-xr-x.5 root root360 Sep 23 12:52 devdrwxr-xr-x.1 root root66 Sep 23 12:52 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 208 root root 0 Sep 23 12:52 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 23 12:52 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep 23 12:25 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@a63d98e5a625 /]# cd dataVolumeContainerbash: cd: dataVolumeContainer: No such file or directory[root@a63d98e5a625 /]# cd dataVolumeContainer1[root@a63d98e5a625 dataVolumeContainer1]# lltotal 0[root@a63d98e5a625 dataVolumeContainer1]# touch 1.txt[root@a63d98e5a625 dataVolumeContainer1]#[root@a63d98e5a625 dataVolumeContainer1]#[root@a63d98e5a625 dataVolumeContainer1]# [root@topcheer mydocker]#[root@topcheer mydocker]# docker inspect a63d98e5a625[{"Id": "a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b","Created": "2019-09-23T12:52:45.588897445Z","Path": "/bin/bash","Args": [],"State": {"Status": "running","Running": true,"Paused": false,"Restarting": false,"OOMKilled": false,"Dead": false,"Pid": 18139,"ExitCode": 0,"Error": "","StartedAt": "2019-09-23T12:52:49.795395625Z","FinishedAt": "0001-01-01T00:00:00Z"},"Image": "sha256:fb7e3d506043d6ee7ca70b2dd2c18eb053d2a9fcc11b812c536f852a53d8c6cf","ResolvConfPath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/resolv.conf","HostnamePath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/hostname","HostsPath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/hosts","LogPath": "","Name": "/stoic_lamport","RestartCount": 0,"Driver": "overlay2","MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c816,c976","ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c816,c976","AppArmorProfile": "","ExecIDs": null,"HostConfig": {"Binds": null,"ContainerIDFile": "","LogConfig": {"Type": "jouald","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"CapAdd": null,"CapDrop": null,"Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "","Cgroup": "","Links": null,"OomScoreAdj": 0,"PidMode": "","Privileged": false,"PublishAllPorts": false,"ReadonlyRootfs": false,"SecurityOpt": null,"UTSMode": "","UsesMode": "","ShmSize": 67108864,"Runtime": "docker-runc","ConsoleSize": [0,0],"Isolation": "","CpuShares": 0,"Memory": 0,"NanoCpus": 0,"CgroupParent": "","BlkioWeight": 0,"BlkioWeightDevice": null,"BlkioDeviceReadBps": null,"BlkioDeviceWriteBps": null,"BlkioDeviceReadIOps": null,"BlkioDeviceWriteIOps": null,"CpuPeriod": 0,"CpuQuota": 0,"CpuRealtimePeriod": 0,"CpuRealtimeRuntime": 0,"CpusetCpus": "","CpusetMems": "","Devices": [],"DiskQuota": 0,"KeelMemory": 0,"MemoryReservation": 0,"MemorySwap": 0,"MemorySwappiness": -1,"OomKillDisable": false,"PidsLimit": 0,"Ulimits": null,"CpuCount": 0,"CpuPercent": 0,"IOMaximumIOps": 0,"IOMaximumBandwidth": 0},"GraphDriver": {"Name": "overlay2","Data": {"LowerDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff","MergedDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/merged","UpperDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/diff","WorkDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/work"}},"Mounts": [{"Type": "volume","Name": "3cef2f791e18ba2f31798ef27ab1f066f012d5b4e2447e0d4cf2d15bb76af352","Source": "/var/lib/docker/volumes/3cef2f791e18ba2f31798ef27ab1f066f012d5b4e2447e0d4cf2d15bb76af352/_data","Destination": "/dataVolumeContainer2","Driver": "local","Mode": "","RW": true,"Propagation": ""},{"Type": "volume","Name": "fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d","Source": "/var/lib/docker/volumes/fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d/_data","Destination": "/dataVolumeContainer1","Driver": "local","Mode": "","RW": true,"Propagation": ""}],"Config": {"Hostname": "a63d98e5a625","Domainname": "","User": "","AttachStdin": true,"AttachStdout": true,"AttachStderr": true,"Tty": true,"OpenStdin": true,"StdinOnce": true,"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd": ["/bin/bash"],"Image": "wgr/centos","Volumes": {"/dataVolumeContainer1": {},"/dataVolumeContainer2": {}},"WorkingDir": "","Entrypoint": null,"OnBuild": null,"Labels": {"org.label-schema.build-date": "20190801","org.label-schema.license": "GPLv2","org.label-schema.name": "CentOS Base Image","org.label-schema.schema-version": "1.0","org.label-schema.vendor": "CentOS"}},"NetworkSettings": {"Bridge": "","SandboxID": "4bd5f69d0dffd043bb7948d327839f0ab92780a9e4aa74cc62e4555a47c35902","HairpinMode": false,"LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"Ports": {},"SandboxKey": "/var/run/docker/netns/4bd5f69d0dff","SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"EndpointID": "69971af973442c794869f43d21a152b8530d648da8b1967e419fde7db0efac13","Gateway": "172.17.0.1","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","MacAddress": "02:42:ac:11:00:03","Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "c7d7aaeb71644a84fdda020955a64ae3a2905c8369a08536c24c956bdba11b58","EndpointID": "69971af973442c794869f43d21a152b8530d648da8b1967e419fde7db0efac13","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03"}}}}][root@topcheer mydocker]# cd /var/lib/docker/volumes/fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d/_data[root@topcheer _data]# ll总用量 0-rw-r--r--. 1 root root 0 9月  23 20:53 1.txt[root@topcheer _data]#

Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied 解决办法：在挂载目录后多加一个--privileged=true参数即可

4.6 数据卷容器

4.6.1 概念

命名的容器挂载数据卷，其它容器通过挂载这个(父容器)实现数据共享，挂载数据卷的容器，称之为数据卷容器

4.6.2 实验

[root@topcheer _data]# docker run -it --name dc02 --volumes-from  stoic_lamport  wgr/centos[root@d8e6cc3bad6f /]# lltotal 12-rw-r--r--.1 root root 12090 Aug  1 01:10 anaconda-post.loglrwxrwxrwx.1 root root 7 Aug  1 01:09 bin -> usr/bindrwxr-xr-x.2 root root19 Sep 23 12:53 dataVolumeContainer1drwxr-xr-x.2 root root 6 Sep 23 12:52 dataVolumeContainer2drwxr-xr-x.5 root root360 Sep 23 13:05 devdrwxr-xr-x.1 root root66 Sep 23 13:05 etcdrwxr-xr-x.2 root root 6 Apr 11  2018 homelrwxrwxrwx.1 root root 7 Aug  1 01:09 lib -> usr/liblrwxrwxrwx.1 root root 9 Aug  1 01:09 lib64 -> usr/lib64drwxr-xr-x.2 root root 6 Apr 11  2018 mediadrwxr-xr-x.2 root root 6 Apr 11  2018 mntdrwxr-xr-x.2 root root 6 Apr 11  2018 optdr-xr-xr-x. 220 root root 0 Sep 23 13:05 procdr-xr-x---.2 root root114 Aug  1 01:10 rootdrwxr-xr-x.1 root root21 Sep 23 13:05 runlrwxrwxrwx.1 root root 8 Aug  1 01:09 sbin -> usr/sbindrwxr-xr-x.2 root root 6 Apr 11  2018 srvdr-xr-xr-x.  13 root root 0 Sep 23 12:25 sysdrwxrwxrwt.7 root root132 Aug  1 01:10 tmpdrwxr-xr-x.  13 root root155 Aug  1 01:09 usrdrwxr-xr-x.  18 root root238 Aug  1 01:09 var[root@d8e6cc3bad6f /]# cd dataVolumeContainer1[root@d8e6cc3bad6f dataVolumeContainer1]# lltotal 0-rw-r--r--. 1 root root 0 Sep 23 12:53 1.txt[root@d8e6cc3bad6f dataVolumeContainer1]#[root@a63d98e5a625 /]# cd dataVolumeContainer2[root@a63d98e5a625 dataVolumeContainer2]# lltotal 0-rw-r--r--. 1 root root 0 Sep 23 13:06 2.txt[root@a63d98e5a625 dataVolumeContainer2]#[root@topcheer ~]# docker run -it --name dc03 --volumes-from  stoic_lamport  wgr/centos[root@24ee76550315 /]# cd /dataVolumeContainer2[root@24ee76550315 dataVolumeContainer2]# lltotal 0-rw-r--r--. 1 root root 0 Sep 23 13:06 2.txt[root@24ee76550315 dataVolumeContainer2]#

结论：容器之间配置信息的传递，数据卷的生命周期一直持续到没有容器使用它为止

5 Dockerfile详解

Dockerfile是用来构建Docker镜像的构建文件，是由一系列命令和参数构成的脚本。

编写Dockerfile文件 --- docker build --- docker run

如图，centos为例

5.1 DockerFile构建过程解析

Dockerfile内容基础知识

1：每条保留字指令都必须为大写字母且后面要跟随至少一个参数

2：指令按照从上到下，顺序执行

3：#表示注释

4：每条指令都会创建一个新的镜像层，并对镜像进行提交
Docker执行Dockerfile的大致流程

（1）docker从基础镜像运行一个容器

（2）执行一条指令并对容器作出修改

（3）执行类似docker commit的操作提交一个新的镜像层

（4）docker再基于刚提交的镜像运行一个新容器

（5）执行dockerfile中的下一条指令直到所有指令都执行完成
总结

从应用软件的角度来看，Dockerfile、Docker镜像与Docker容器分别代表软件的三个不同阶段，
- Dockerfile是软件的原材料
- Docker镜像是软件的交付品
- Docker容器则可以认为是软件的运行态。 Dockerfile面向开发，Docker镜像成为交付标准，Docker容器则涉及部署与运维，三者缺一不可，合力充当Docker体系的基石。

1 Dockerfile，需要定义一个Dockerfile，Dockerfile定义了进程需要的一切东西。Dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道，这时需要考虑如何设计namespace的权限控制)等等;

2 Docker镜像，在用Dockerfile定义一个文件之后，docker build时会产生一个Docker镜像，当运行 Docker镜像时，会真正开始提供服务;

3 Docker容器，容器是直接提供服务的。

5.2 Dockerfile指令

FROM	基础镜像，当前新镜像是基于哪个镜像的
MAINTAINER	镜像维护者的姓名和邮箱地址
RUN	容器构建时需要运行的命令
EXPOSE	当前容器对外暴露出的端口
WORKDIR	指定在创建容器后，终端默认登陆的进来工作目录，一个落脚点
ENV	用来在构建镜像过程中设置环境变量
ADD	将宿主机目录下的文件拷贝进镜像且ADD命令会自动处理URL和解压tar压缩包
COPY	类似ADD，拷贝文件和目录到镜像中。将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置
VOLUME	容器数据卷，用于数据保存和持久化工作
CMD	Dockerfile 中可以有多个 CMD 指令，但只有最后一个生效，CMD 会被 docker run 之后的参数替换
ENTRYPOINT	ENTRYPOINT 的目的和 CMD 一样，都是在指定容器启动程序及参数
ONBUILD	当构建一个被继承的Dockerfile时运行命令，父镜像在被子继承后父镜像的onbuild被触发

注：Docker Hub 中 99% 的镜像都是通过在 base 镜像中安装和配置需要的软件构建出来的

5.3 制作案例--自定义镜像mycentos

自定义mycentos目的使我们自己的镜像具备如下：登陆后的默认路径 vim编辑器查看网络配置ifconfig支持

编写Dockerfile

FROM centosMAINTAINER wgr<wang.gr@topcheer.com> ENV MYPATH /usr/localWORKDIR $MYPATH RUN yum -y install vimRUN yum -y install net-tools EXPOSE 80 CMD echo $MYPATHCMD echo "success--------------ok"CMD /bin/bash

开始构建

[root@topcheer myfile]# docker build -t mycentosfile:1.1 .Sending build context to Docker daemon 2.048 kBStep 1/10 : FROM centos ---> 67fa590cfc1cStep 2/10 : MAINTAINER wgr<wang.gr@topcheer.com> ---> Running in 1f88baf9b360 ---> 871c31a91729Removing intermediate container 1f88baf9b360Step 3/10 : ENV MYPATH /usr/local ---> Running in b069dd98cebf ---> 084266f310f4Removing intermediate container b069dd98cebfStep 4/10 : WORKDIR $MYPATH ---> 4d957d2ce926Removing intermediate container fe5768a9a5b5Step 5/10 : RUN yum -y install vim ---> Running in fd8a0b061957Loaded plugins: fastestmirror, ovlDetermining fastest mirrors * base: mirror.jdcloud.com * extras: centos.ustc.edu.cn * updates: centos.ustc.edu.cnResolving Dependencies--> Running transaction check---> Package vim-enhanced.x86_64 2:7.4.629-6.el7 will be installed--> Processing Dependency: vim-common = 2:7.4.629-6.el7 for package: 2:vim-enhanced-7.4.629-6.el7.x86_64--> Processing Dependency: which for package: 2:vim-enhanced-7.4.629-6.el7.x86_64--> Processing Dependency: perl(:MODULE_COMPAT_5.16.3) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64--> Processing Dependency: libperl.so()(64bit) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64--> Processing Dependency: libgpm.so.2()(64bit) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64--> Running transaction check---> Package gpm-libs.x86_64 0:1.20.7-6.el7 will be installed.....................Complete! ---> 67a4329fa503Removing intermediate container e92c8b523c7cStep 7/10 : EXPOSE 80 ---> Running in bf6935680423 ---> e47d782ab0f5Removing intermediate container bf6935680423Step 8/10 : CMD echo $MYPATH ---> Running in e0c51d8c13ba ---> 850284459ab5Removing intermediate container e0c51d8c13baStep 9/10 : CMD echo "success--------------ok" ---> Running in 339022b46c36 ---> 7117b7f8d635Removing intermediate container 339022b46c36Step 10/10 : CMD /bin/bash ---> Running in ad662d3129a4 ---> f022cd7b9017Removing intermediate container ad662d3129a4Successfully built f022cd7b9017[root@topcheer myfile]#

运行

[root@topcheer myfile]# docker imagesREPOSITORY  TAG IMAGE IDCREATED SIZEmycentosfile1.1 f022cd7b901727 seconds ago  395 MBtopcher/tomcat  1.0.13d8737216a1e2 hours ago 508 MBdocker.io/tomcatlatest  8973f493aa0a2 days ago  508 MBdocker.io/centoslatest  67fa590cfc1c4 weeks ago 202 MBdocker.io/hello-worldlatest  fce289e99eb98 months ago1.84 kB[root@topcheer myfile]# docker run -it mycentosfile:1.1[root@48e1ce50cb3f local]# lltotal 0drwxr-xr-x. 2 root root  6 Apr 11  2018 bindrwxr-xr-x. 2 root root  6 Apr 11  2018 etcdrwxr-xr-x. 2 root root  6 Apr 11  2018 gamesdrwxr-xr-x. 2 root root  6 Apr 11  2018 includedrwxr-xr-x. 2 root root  6 Apr 11  2018 libdrwxr-xr-x. 2 root root  6 Apr 11  2018 lib64drwxr-xr-x. 2 root root  6 Apr 11  2018 libexecdrwxr-xr-x. 2 root root  6 Apr 11  2018 sbindrwxr-xr-x. 5 root root 49 Aug  1 01:09 sharedrwxr-xr-x. 2 root root  6 Apr 11  2018 src[root@48e1ce50cb3f local]# pwd/usr/local[root@48e1ce50cb3f local]# vim 1.txt[root@48e1ce50cb3f local]# ifconfigeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.0.6  netmask 255.255.0.0  broadcast 0.0.0.0inet6 fe80::42:acff:fe11:6  prefixlen 64  scopeid 0x20<link>ether 02:42:ac:11:00:06  txqueuelen 0  (Etheet)RX packets 8  bytes 656 (656.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 8  bytes 656 (656.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1000  (Local Loopback)RX packets 0  bytes 0 (0.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 0  bytes 0 (0.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0[root@48e1ce50cb3f local]# [root@topcheer myfile]#[root@topcheer myfile]#[root@topcheer myfile]#[root@topcheer myfile]# docker history f022cd7b9017IMAGECREATED CREATED BY  SIZECOMMENTf022cd7b90172 minutes ago/bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "/b...0 B7117b7f8d6352 minutes ago/bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "ec...0 B850284459ab52 minutes ago/bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "ec...0 Be47d782ab0f52 minutes ago/bin/sh -c #(nop)  EXPOSE 80/tcp0 B67a4329fa5032 minutes ago/bin/sh -c yum -y install net-tools 69 MB4b7b749294d02 minutes ago/bin/sh -c yum -y install vim124 MB4d957d2ce9263 minutes ago/bin/sh -c #(nop) WORKDIR /usr/local0 B084266f310f43 minutes ago/bin/sh -c #(nop)  ENV MYPATH=/usr/local0 B871c31a917293 minutes ago/bin/sh -c #(nop)  MAINTAINER wgr<wang.gr@...0 B67fa590cfc1c4 weeks ago /bin/sh -c #(nop)  CMD ["/bin/bash"]0 B<missing>4 weeks ago /bin/sh -c #(nop)  LABEL org.label-schema....0 B<missing>4 weeks ago /bin/sh -c #(nop) ADD file:4e7247c06de9ad1...202 MB[root@topcheer myfile]#

5.4 CMD/ENTRYPOINT 详解

都是指定一个容器启动时要运行的命令

CMD

Dockerfile 中可以有多个 CMD 指令，但只有最后一个生效，CMD 会被 docker run 之后的参数替换

[root@topcheer myfile]# docker run -it 3d8737216a1e ls -ltotal 124-rw-r--r--. 1 root root  19318 Sep 16 18:19 BUILDING.txt-rw-r--r--. 1 root root5407 Sep 16 18:19 CONTRIBUTING.md-rw-r--r--. 1 root root  57011 Sep 16 18:19 LICENSE-rw-r--r--. 1 root root1726 Sep 16 18:19 NOTICE-rw-r--r--. 1 root root3255 Sep 16 18:19 README.md-rw-r--r--. 1 root root7139 Sep 16 18:19 RELEASE-NOTES-rw-r--r--. 1 root root  16262 Sep 16 18:19 RUNNING.txtdrwxr-xr-x. 2 root root4096 Sep 20 01:40 bindrwxr-sr-x. 1 root root 22 Sep 22 13:28 confdrwxr-sr-x. 2 root staff78 Sep 20 01:40 includedrwxr-xr-x. 2 root root4096 Sep 20 01:40 libdrwxrwxrwx. 1 root root177 Sep 22 13:28 logsdrwxr-sr-x. 3 root staff151 Sep 20 01:40 native-jni-libdrwxrwxrwx. 2 root root 30 Sep 20 01:40 tempdrwxr-xr-x. 1 root root 18 Sep 22 13:33 webappsdrwxrwxrwx. 1 root root 22 Sep 22 13:28 work[root@topcheer myfile]#

注：tomcat的Dockerfile最后一个命令为CMD /bin/bash，手动输入参数，会进行替换

ENTRYPOINT

docker run 之后的参数会被当做参数传递给 ENTRYPOINT，之后形成新的命令组合

[root@topcheer myfile]# docker build -f dockerfile1 -t myip .Sending build context to Docker daemon 2.048 kBStep 1/3 : FROM centos ---> 67fa590cfc1cStep 2/3 : RUN yum install -y curl ---> Running in 24d685efc352Loaded plugins: fastestmirror, ovlDetermining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.huaweicloud.comResolving Dependencies--> Running transaction check---> Package curl.x86_64 0:7.29.0-51.el7_6.3 will be updated---> Package curl.x86_64 0:7.29.0-54.el7 will be an update--> Processing Dependency: libcurl = 7.29.0-54.el7 for package: curl-7.29.0-54.el7.x86_64--> Running transaction check---> Package libcurl.x86_64 0:7.29.0-51.el7_6.3 will be updated---> Package libcurl.x86_64 0:7.29.0-54.el7 will be an update--> Finished Dependency ResolutionDependencies Resolved================================================================================ Package  ArchVersionRepository Size================================================================================Updating: curl x86_64  7.29.0-54.el7 base  270 kUpdating for dependencies: libcurl  x86_64  7.29.0-54.el7 base  222 kTransaction Summary================================================================================Upgrade  1 Package (+1 Dependent package)Total download size: 493 kDownloading packages:Delta RPMs disabled because /usr/bin/applydeltarpm not installed.waing: /var/cache/yum/x86_64/7/base/packages/libcurl-7.29.0-54.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYPublic key for libcurl-7.29.0-54.el7.x86_64.rpm is not installed--------------------------------------------------------------------------------Total  988 kB/s | 493 kB  00:00Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package: centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS) From: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7Running transaction checkRunning transaction testTransaction test succeededRunning transaction  Updating: libcurl-7.29.0-54.el7.x86_64 1/4  Updating: curl-7.29.0-54.el7.x86_642/4  Cleanup: curl-7.29.0-51.el7_6.3.x86_643/4  Cleanup: libcurl-7.29.0-51.el7_6.3.x86_64 4/4  Verifying  : libcurl-7.29.0-54.el7.x86_64 1/4  Verifying  : curl-7.29.0-54.el7.x86_642/4  Verifying  : curl-7.29.0-51.el7_6.3.x86_643/4  Verifying  : libcurl-7.29.0-51.el7_6.3.x86_64 4/4Updated:  curl.x86_64 0:7.29.0-54.el7Dependency Updated:  libcurl.x86_64 0:7.29.0-54.el7Complete! ---> ed86a4b09c55Removing intermediate container 24d685efc352Step 3/3 : CMD curl -s http://ip.cn ---> Running in c98ca5fa9fed ---> 420c99c3b707Removing intermediate container c98ca5fa9fedSuccessfully built 420c99c3b707[root@topcheer myfile]#root@topcheer myfile]# cat dockerfile1FROM centosRUN yum install -y curlCMD [ "curl", "-s", "http://ip.cn" ]

加入参数 -i

[root@topcheer myfile]# docker run 420c99c3b707 -icontainer_linux.go:235: starting container process caused "exec: \"-i\": executable file not found in $PATH"/usr/bin/docker-current: Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "exec: \"-i\": executable file not found in $PATH".[root@topcheer myfile]#

我们可以看到可执行文件找不到的报错，executable file not found。之前我们说过，跟在镜像名后面的是 command，运行时会替换 CMD 的默认值。因此这里的 -i 替换了原来的 CMD，而不是添加在原来的 curl -s http://ip.cn 后面。而 -i 根本不是命令，所以自然找不到。

那么如果我们希望加入 -i 这参数，我们就必须重新完整的输入这个命令：

$ docker run myip curl -s http://ip.cn -i

[root@topcheer myfile]# docker build -f dockerfile2 -t myip:1.2 .Sending build context to Docker daemon 3.072 kBStep 1/3 : FROM centos ---> 67fa590cfc1cStep 2/3 : RUN yum install -y curl ---> Using cache ---> ed86a4b09c55Step 3/3 : ENTRYPOINT curl -s http://ip.cn ---> Running in 695e59ae2f9f ---> 00a0a1f80e36Removing intermediate container 695e59ae2f9fSuccessfully built 00a0a1f80e36[root@topcheer myfile]#root@topcheer myfile]# cat dockerfile2FROM centosRUN yum install -y curlENTRYPOINT [ "curl", "-s", "http://ip.cn" ][root@topcheer myfile]#[root@topcheer myfile]# docker run 00a0a1f80e36 -iHTTP/1.1 301 Moved PermanentlyDate: Sun, 22 Sep 2019 16:21:12 GMTTransfer-Encoding: chunkedConnection: keep-aliveCache-Control: max-age=3600Expires: Sun, 22 Sep 2019 17:21:12 GMTLocation: https://ip.cn/Server: cloudflareCF-RAY: 51a59c51fca7d356-LAX[root@topcheer myfile]#

5.5 自定义镜像Tomcat9

[root@topcheer myfile]# mkdir -p /zzyyuse/mydockerfile/tomcat9[root@topcheer myfile]# cd /zzyyuse/mydockerfile/tomcat9/[root@topcheer tomcat9]# mv touch touch.txt[root@topcheer tomcat9]# ll总用量 202568-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gz-rw-r--r--. 1 root root 8 9月  23 00:26 touch.txt[root@topcheer tomcat9]# vim dockerfile[root@topcheer tomcat9]# docker build -f dockerfile -t mytomcat9 .Sending build context to Docker daemon 207.4 MBStep 1/15 : FROM centos ---> 67fa590cfc1cStep 2/15 : MAINTAINER wgr<wang.gr@Topcheer.com> ---> Running in 1d226a95e4bd ---> 1757ce5df080Removing intermediate container 1d226a95e4bdStep 3/15 : COPY touch.txt /usr/local/cincontainer.txt ---> 47027886f2b6Removing intermediate container 7f9c861f6ebfStep 4/15 : ADD jdk-8u221-linux-x64.tar.gz /usr/local/ ---> af6a09494e41Removing intermediate container 1ce823526620Step 5/15 : ADD apache-tomcat-9.0.26.tar.gz /usr/local/ ---> 30ed83402115Removing intermediate container 63f92f905d88Step 6/15 : RUN yum -y install vim ---> Running in 52768f621694Complete! ---> 1a786e61417cRemoving intermediate container 52768f621694Step 7/15 : ENV MYPATH /usr/local ---> Running in a9ffa71dea83 ---> 3e22143a0c16Removing intermediate container a9ffa71dea83Step 8/15 : WORKDIR $MYPATH ---> 6371b1f9c73cRemoving intermediate container 0f276bf3ce88Step 9/15 : ENV JAVA_HOME /usr/local/jdk1.8.0_221 ---> Running in 41ccc23b039d ---> 41a86caa4a67Removing intermediate container 41ccc23b039dStep 10/15 : ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar ---> Running in d8b2069614ec ---> b2d06aada292Removing intermediate container d8b2069614ecStep 11/15 : ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.26 ---> Running in b8129aaa2c20 ---> 6f4277b94c01Removing intermediate container b8129aaa2c20Step 12/15 : ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.26 ---> Running in 310832c60e55 ---> 965e54b0e595Removing intermediate container 310832c60e55Step 13/15 : ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin ---> Running in e9c4f9fe44a2 ---> 7102c04d53b2Removing intermediate container e9c4f9fe44a2Step 14/15 : EXPOSE 8080 ---> Running in 329adfcaba35 ---> 601bffd46d5aRemoving intermediate container 329adfcaba35Step 15/15 : CMD /usr/local/apache-tomcat-9.0.26/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.26/bin/logs/catalina.out ---> Running in 1ecc7244a41f ---> 6c243064a028Removing intermediate container 1ecc7244a41fSuccessfully built 6c243064a028

Dockerfile

[root@topcheer tomcat9]# cat dockerfile

FROM centosMAINTAINERwgr<wang.gr@Topcheer.com>#把宿主机当前上下文的c.txt拷贝到容器/usr/local/路径下COPY touch.txt /usr/local/cincontainer.txt#把java与tomcat添加到容器中ADD jdk-8u221-linux-x64.tar.gz /usr/local/ADD apache-tomcat-9.0.26.tar.gz /usr/local/#安装vim编辑器RUN yum -y install vim#设置工作访问时候的WORKDIR路径，登录落脚点ENV MYPATH /usr/localWORKDIR $MYPATH#配置java与tomcat环境变量ENV JAVA_HOME /usr/local/jdk1.8.0_221ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarENV CATALINA_HOME /usr/local/apache-tomcat-9.0.26ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.26ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin#容器运行时监听的端口EXPOSE  8080#启动时运行tomcatCMD /usr/local/apache-tomcat-9.0.26/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.26/bin/logs/catalina.out[root@topcheer tomcat9]#

运行容器

[root@topcheer tomcat9]# docker run -d -p 9080:8080 --name myt9 -v /zzyyuse/mydockerfile/tomcat9/test:/usr/local/apache-tomcat-9.0.26/webapps/test -v /zzyyuse/mydockerfile/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.26/logs --privileged=true mytomcat9caf65bdc80f404157081f45f74a3056150504a80a44d7217f31ab95bf604c053[root@topcheer tomcat9]#[root@topcheer tomcat9]# ll总用量 202572-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz-rw-r--r--. 1 root root929 9月  23 00:47 dockerfile-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gzdrwxr-xr-x. 2 root root 6 9月  23 00:51 testdrwxr-xr-x. 2 root root197 9月  23 00:51 tomcat9logs-rw-r--r--. 1 root root 8 9月  23 00:26 touch.txt[root@topcheer tomcat9]#Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied解决办法：在挂载目录后多加一个--privileged=true参数即可[root@topcheer tomcat9]# docker ps -lCONTAINER IDIMAGECOMMAND  CREATED  STATUS  PORTSNAMEScaf65bdc80f4mytomcat9"/bin/sh -c '/usr/..."About a minute agoUp About a minute0.0.0.0:9080->8080/tcpmyt9[root@topcheer tomcat9]#

验证

测试

[root@topcheer test]# vim web.xml[root@topcheer test]# vim a.jsp[root@topcheer test]# ll总用量 8-rw-r--r--. 1 root root 511 9月  23 00:55 a.jsp-rw-r--r--. 1 root root 337 9月  23 00:55 web.xml[root@topcheer test]# cd ..[root@topcheer tomcat9]# ll总用量 202572-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz-rw-r--r--. 1 root root929 9月  23 00:47 dockerfile-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gzdrwxr-xr-x. 2 root root34 9月  23 00:55 testdrwxr-xr-x. 2 root root197 9月  23 00:51 tomcat9logs-rw-r--r--. 1 root root 8 9月  23 00:26 touch.txt[root@topcheer tomcat9]# cd tomcat9logs/[root@topcheer tomcat9logs]# ll总用量 24-rw-r-----. 1 root root 6574 9月  23 00:51 catalina.2019-09-22.log-rw-r-----. 1 root root 6574 9月  23 00:51 catalina.out-rw-r-----. 1 root root0 9月  23 00:51 host-manager.2019-09-22.log-rw-r-----. 1 root root  408 9月  23 00:51 localhost.2019-09-22.log-rw-r-----. 1 root root  825 9月  23 00:54 localhost_access_log.2019-09-22.txt-rw-r-----. 1 root root0 9月  23 00:51 manager.2019-09-22.log[root@topcheer tomcat9logs]# tail -200f catalina.out22-Sep-2019 16:51:48.924 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:Apache Tomcat/9.0.2622-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:  Sep 16 2019 15:51:39 UTC22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.26.022-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:Linux22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:3.10.0-957.el7.x86_6422-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:  amd6422-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/jdk1.8.0_221/jre22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:1.8.0_221-b1122-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:Oracle Corporation22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/local/apache-tomcat-9.0.2622-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/apache-tomcat-9.0.2622-Sep-2019 16:51:49.078 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/apache-tomcat-9.0.26/conf/logging.properties22-Sep-2019 16:51:49.079 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager22-Sep-2019 16:51:49.079 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=204822-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources22-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=002722-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/apache-tomcat-9.0.2622-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/apache-tomcat-9.0.2622-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/apache-tomcat-9.0.26/temp22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]22-Sep-2019 16:51:50.237 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]22-Sep-2019 16:51:50.269 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]22-Sep-2019 16:51:50.272 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [1,885] milliseconds22-Sep-2019 16:51:50.341 INFO [main] org.apache.catalina.core.StandardService.startInteal Starting service [Catalina]22-Sep-2019 16:51:50.341 INFO [main] org.apache.catalina.core.StandardEngine.startInteal Starting Servlet engine: [Apache Tomcat/9.0.26]22-Sep-2019 16:51:50.362 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/ROOT]22-Sep-2019 16:51:50.906 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/ROOT] has finished in [543] ms22-Sep-2019 16:51:50.906 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/docs]22-Sep-2019 16:51:50.924 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/docs] has finished in [17] ms22-Sep-2019 16:51:50.924 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/examples]22-Sep-2019 16:51:51.585 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/examples] has finished in [660] ms22-Sep-2019 16:51:51.585 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/host-manager]22-Sep-2019 16:51:51.625 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/host-manager] has finished in [40] ms22-Sep-2019 16:51:51.626 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/manager]22-Sep-2019 16:51:51.771 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/manager] has finished in [145] ms22-Sep-2019 16:51:51.771 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/test]22-Sep-2019 16:51:51.880 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/test] has finished in [109] ms22-Sep-2019 16:51:51.885 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]22-Sep-2019 16:51:51.902 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]22-Sep-2019 16:51:51.906 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1,632] milliseconds

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns="http://java.sun.com/xml/ns/javaee"  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"  id="WebApp_ID" version="2.5"><display-name>test</display-name> </web-app>

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>  <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title>  </head>  <body>-----------welcome------------<%="i am in docker tomcat self "%><br><br><% System.out.println("=============docker tomcat self");%>  </body></html>

结果：

6 Docker常用安装

6.1 安装Mysql

[root@topcheer ~]# docker run -p 12345:3306 --name mysql1 --privileged=true -v /zzyyuse/mysql/conf:/etc/mysql/conf.d -v /zzyyuse/mysql/logs:/logs -v /zzyyuse/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -d b8fd9553f1f0682b15d35235e3499c6fe862734eb40c91533bbb51f5fd44af89ad3d640e8e78[root@topcheer ~]# docker ps -l[root@topcheer ~]# docker exec -it 682b15d35235 /bin/bashroot@682b15d35235:/# ll

6.2 安装redis

docker run -p 6666:6666 --privileged=true -v /zzyyuse/myredis/data:/data -v /zzyyuse/myredis/conf/redis.conf:/usr/local/etc/redis/redis.conf  -d 01a52b3b5cd1 redis-server /usr/local/etc/redis/redis.conf --appendonly yes0cd9055715bca21e460a20bdca9e705860f84b3d0320c37242dd72205a7efc79

# Redis configuration file example.## Note that in order to read the configuration file, Redis must be# started with the file path as first argument:## ./redis-server /path/to/redis.conf # Note on units: when memory size is needed, it is possible to specify# it in the usual form of 1k 5GB 4M and so forth:## 1k => 1000 bytes# 1kb => 1024 bytes# 1m => 1000000 bytes# 1mb => 1024*1024 bytes# 1g => 1000000000 bytes# 1gb => 1024*1024*1024 bytes## units are case insensitive so 1GB 1Gb 1gB are all the same.################################## INCLUDES ################################### # Include one or more other config files here.  This is useful if you# have a standard template that goes to all Redis servers but also need# to customize a few per-server settings.  Include files can include# other files, so use this wisely.## Notice option "include" won't be rewritten by command "CONFIG REWRITE"# from admin or Redis Sentinel. Since Redis always uses the last processed# line as value of a configuration directive, you'd better put includes# at the beginning of this file to avoid overwriting config change at runtime.## If instead you are interested in using includes to override configuration# options, it is better to use include as the last line.## include /path/to/local.conf# include /path/to/other.conf ################################## NETWORK ##################################### # By default, if no "bind" configuration directive is specified, Redis listens# for connections from all the network interfaces available on the server.# It is possible to listen to just one or multiple selected interfaces using# the "bind" configuration directive, followed by one or more IP addresses.## Examples:## bind 192.168.1.100 10.0.0.1# bind 127.0.0.1 ::1## ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the# inteet, binding to all the interfaces is dangerous and will expose the# instance to everybody on the inteet. So by default we uncomment the# following bind directive, that will force Redis to listen only into# the IPv4 lookback interface address (this means Redis will be able to# accept connections only from clients running into the same computer it# is running).## IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES# JUST COMMENT THE FOLLOWING LINE.# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#bind 127.0.0.1 # Protected mode is a layer of security protection, in order to avoid that# Redis instances left open on the inteet are accessed and exploited.## When protected mode is on and if:## 1) The server is not binding explicitly to a set of addresses using the#"bind" directive.# 2) No password is configured.## The server only accepts connections from clients connecting from the# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain# sockets.## By default protected mode is enabled. You should disable it only if# you are sure you want clients from other hosts to connect to Redis# even if no authentication is configured, nor a specific set of interfaces# are explicitly listed using the "bind" directive.protected-mode yes # Accept connections on the specified port, default is 6379 (IANA #815344).# If port 0 is specified Redis will not listen on a TCP socket.port 6666 # TCP listen() backlog.## In high requests-per-second environments you need an high backlog in order# to avoid slow clients connections issues. Note that the Linux keel# will silently truncate it to the value of /proc/sys/net/core/somaxconn so# make sure to raise both the value of somaxconn and tcp_max_syn_backlog# in order to get the desired effect.tcp-backlog 511 # Unix socket.## Specify the path for the Unix socket that will be used to listen for# incoming connections. There is no default, so Redis will not listen# on a unix socket when not specified.## unixsocket /tmp/redis.sock# unixsocketperm 700 # Close the connection after a client is idle for N seconds (0 to disable)timeout 0 # TCP keepalive.## If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence# of communication. This is useful for two reasons:## 1) Detect dead peers.# 2) Take the connection alive from the point of view of network#equipment in the middle.## On Linux, the specified value (in seconds) is the period used to send ACKs.# Note that to close the connection the double of the time is needed.# On other keels the period depends on the keel configuration.## A reasonable value for this option is 300 seconds, which is the new# Redis default starting with Redis 3.2.1.tcp-keepalive 300 ################################# GENERAL ##################################### # By default Redis does not run as a daemon. Use 'yes' if you need it.# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.#daemonize no # If you run Redis from upstart or systemd, Redis can interact with your# supervision tree. Options:#supervised no  - no supervision interaction#supervised upstart - signal upstart by putting Redis into SIGSTOP mode#supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET#supervised auto- detect upstart or systemd method based on#UPSTART_JOB or NOTIFY_SOCKET environment variables# Note: these supervision methods only signal "process is ready."#They do not enable continuous liveness pings back to your supervisor.supervised no # If a pid file is specified, Redis writes it where specified at startup# and removes it at exit.## When the server runs non daemonized, no pid file is created if none is# specified in the configuration. When the server is daemonized, the pid file# is used even if not specified, defaulting to "/var/run/redis.pid".## Creating a pid file is best effort: if Redis is not able to create it# nothing bad happens, the server will start and run normally.pidfile /var/run/redis_6379.pid # Specify the server verbosity level.# This can be one of:# debug (a lot of information, useful for development/testing)# verbose (many rarely useful info, but not a mess like the debug level)# notice (moderately verbose, what you want in production probably)# waing (only very important / critical messages are logged)loglevel notice # Specify the log file name. Also the empty string can be used to force# Redis to log on the standard output. Note that if you use standard# output for logging but daemonize, logs will be sent to /dev/nulllogfile "" # To enable logging to the system logger, just set 'syslog-enabled' to yes,# and optionally update the other syslog parameters to suit your needs.# syslog-enabled no # Specify the syslog identity.# syslog-ident redis # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.# syslog-facility local0 # Set the number of databases. The default database is DB 0, you can select# a different one on a per-connection basis using SELECT <dbid> where# dbid is a number between 0 and 'databases'-1databases 16 ################################ SNAPSHOTTING  ################################## Save the DB on disk:##save <seconds> <changes>##Will save the DB if both the given number of seconds and the given#number of write operations against the DB occurred.##In the example below the behaviour will be to save:#after 900 sec (15 min) if at least 1 key changed#after 300 sec (5 min) if at least 10 keys changed#after 60 sec if at least 10000 keys changed##Note: you can disable saving completely by commenting out all "save" lines.##It is also possible to remove all the previously configured save#points by adding a save directive with a single empty string argument#like in the following example:##save "" save 120 1save 300 10save 60 10000 # By default Redis will stop accepting writes if RDB snapshots are enabled# (at least one save point) and the latest background save failed.# This will make the user aware (in a hard way) that data is not persisting# on disk properly, otherwise chances are that no one will notice and some# disaster will happen.## If the background saving process will start working again Redis will# automatically allow writes again.## However if you have setup your proper monitoring of the Redis server# and persistence, you may want to disable this feature so that Redis will# continue to work as usual even if there are problems with disk,# permissions, and so forth.stop-writes-on-bgsave-error yes # Compress string objects using LZF when dump .rdb databases?# For default that's set to 'yes' as it's almost always a win.# If you want to save some CPU in the saving child set it to 'no' but# the dataset will likely be bigger if you have compressible values or keys.rdbcompression yes # Since version 5 of RDB a CRC64 checksum is placed at the end of the file.# This makes the format more resistant to corruption but there is a performance# hit to pay (around 10%) when saving and loading RDB files, so you can disable it# for maximum performances.## RDB files created with checksum disabled have a checksum of zero that will# tell the loading code to skip the check.rdbchecksum yes # The filename where to dump the DBdbfilename dump.rdb # The working directory.## The DB will be written inside this directory, with the filename specified# above using the 'dbfilename' configuration directive.## The Append Only File will also be created inside this directory.## Note that you must specify a directory here, not a file name.dir ./ ################################# REPLICATION ################################# # Master-Slave replication. Use slaveof to make a Redis instance a copy of# another Redis server. A few things to understand ASAP about Redis replication.## 1) Redis replication is asynchronous, but you can configure a master to#stop accepting writes if it appears to be not connected with at least#a given number of slaves.# 2) Redis slaves are able to perform a partial resynchronization with the#master if the replication link is lost for a relatively small amount of#time. You may want to configure the replication backlog size (see the next#sections of this file) with a sensible value depending on your needs.# 3) Replication is automatic and does not need user intervention. After a#network partition slaves automatically try to reconnect to masters#and resynchronize with them.## slaveof <masterip> <masterport># If the master is password protected (using the "requirepass" configuration# directive below) it is possible to tell the slave to authenticate before# starting the replication synchronization process, otherwise the master will# refuse the slave request.## masterauth <master-password># When a slave loses its connection with the master, or when the replication# is still in progress, the slave can act in two different ways:## 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will#still reply to client requests, possibly with out of date data, or the#data set may just be empty if this is the first synchronization.## 2) if slave-serve-stale-data is set to 'no' the slave will reply with#an error "SYNC with master in progress" to all the kind of commands#but to INFO and SLAVEOF.#slave-serve-stale-data yes# You can configure a slave instance to accept writes or not. Writing against# a slave instance may be useful to store some ephemeral data (because data# written on a slave will be easily deleted after resync with the master) but# may also cause problems if clients are writing to it because of a# misconfiguration.## Since Redis 2.6 by default slaves are read-only.## Note: read only slaves are not designed to be exposed to untrusted clients# on the inteet. It's just a protection layer against misuse of the instance.# Still a read only slave exports by default all the administrative commands# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve# security of read only slaves using 'rename-command' to shadow all the# administrative / dangerous commands.slave-read-only yes# Replication SYNC strategy: disk or socket.## -------------------------------------------------------# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY# -------------------------------------------------------## New slaves and reconnecting slaves that are not able to continue the replication# process just receiving differences, need to do what is called a "full# synchronization". An RDB file is transmitted from the master to the slaves.# The transmission can happen in two different ways:## 1) Disk-backed: The Redis master creates a new process that writes the RDB# file on disk. Later the file is transferred by the parent# process to the slaves incrementally.# 2) Diskless: The Redis master creates a new process that directly writes the#  RDB file to slave sockets, without touching the disk at all.## With disk-backed replication, while the RDB file is generated, more slaves# can be queued and served with the RDB file as soon as the current child producing# the RDB file finishes its work. With diskless replication instead once# the transfer starts, new slaves arriving will be queued and a new transfer# will start when the current one terminates.## When diskless replication is used, the master waits a configurable amount of# time (in seconds) before starting the transfer in the hope that multiple slaves# will arrive and the transfer can be parallelized.## With slow disks and fast (large bandwidth) networks, diskless replication# works better.repl-diskless-sync no# When diskless replication is enabled, it is possible to configure the delay# the server waits in order to spawn the child that transfers the RDB via socket# to the slaves.## This is important since once the transfer starts, it is not possible to serve# new slaves arriving, that will be queued for the next RDB transfer, so the server# waits a delay in order to let more slaves arrive.## The delay is specified in seconds, and by default is 5 seconds. To disable# it entirely just set it to 0 seconds and the transfer will start ASAP.repl-diskless-sync-delay 5# Slaves send PINGs to server in a predefined interval. It's possible to change# this interval with the repl_ping_slave_period option. The default value is 10# seconds.## repl-ping-slave-period 10# The following option sets the replication timeout for:## 1) Bulk transfer I/O during SYNC, from the point of view of slave.# 2) Master timeout from the point of view of slaves (data, pings).# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).## It is important to make sure that this value is greater than the value# specified for repl-ping-slave-period otherwise a timeout will be detected# every time there is low traffic between the master and the slave.## repl-timeout 60# Disable TCP_NODELAY on the slave socket after SYNC?## If you select "yes" Redis will use a smaller number of TCP packets and# less bandwidth to send data to slaves. But this can add a delay for# the data to appear on the slave side, up to 40 milliseconds with# Linux keels using a default configuration.## If you select "no" the delay for data to appear on the slave side will# be reduced but more bandwidth will be used for replication.## By default we optimize for low latency, but in very high traffic conditions# or when the master and slaves are many hops away, tuing this to "yes" may# be a good idea.repl-disable-tcp-nodelay no# Set the replication backlog size. The backlog is a buffer that accumulates# slave data when slaves are disconnected for some time, so that when a slave# wants to reconnect again, often a full resync is not needed, but a partial# resync is enough, just passing the portion of data the slave missed while# disconnected.## The bigger the replication backlog, the longer the time the slave can be# disconnected and later be able to perform a partial resynchronization.## The backlog is only allocated once there is at least a slave connected.## repl-backlog-size 1mb# After a master has no longer connected slaves for some time, the backlog# will be freed. The following option configures the amount of seconds that# need to elapse, starting from the time the last slave disconnected, for# the backlog buffer to be freed.## A value of 0 means to never release the backlog.## repl-backlog-ttl 3600# The slave priority is an integer number published by Redis in the INFO output.# It is used by Redis Sentinel in order to select a slave to promote into a# master if the master is no longer working correctly.## A slave with a low priority number is considered better for promotion, so# for instance if there are three slaves with priority 10, 100, 25 Sentinel will# pick the one with priority 10, that is the lowest.## However a special priority of 0 marks the slave as not able to perform the# role of master, so a slave with priority of 0 will never be selected by# Redis Sentinel for promotion.## By default the priority is 100.slave-priority 100# It is possible for a master to stop accepting writes if there are less than# N slaves connected, having a lag less or equal than M seconds.## The N slaves need to be in "online" state.## The lag in seconds, that must be <= the specified value, is calculated from# the last ping received from the slave, that is usually sent every second.## This option does not GUARANTEE that N replicas will accept the write, but# will limit the window of exposure for lost writes in case not enough slaves# are available, to the specified number of seconds.## For example to require at least 3 slaves with a lag <= 10 seconds use:## min-slaves-to-write 3# min-slaves-max-lag 10## Setting one or the other to 0 disables the feature.## By default min-slaves-to-write is set to 0 (feature disabled) and# min-slaves-max-lag is set to 10.# A Redis master is able to list the address and port of the attached# slaves in different ways. For example the "INFO replication" section# offers this information, which is used, among other tools, by# Redis Sentinel in order to discover slave instances.# Another place where this info is available is in the output of the# "ROLE" command of a masteer.## The listed IP and address normally reported by a slave is obtained# in the following way:##IP: The address is auto detected by checking the peer address#of the socket used by the slave to connect with the master.##Port: The port is communicated by the slave during the replication#handshake, and is normally the port that the slave is using to#list for connections.## However when port forwarding or Network Address Translation (NAT) is# used, the slave may be actually reachable via different IP and port# pairs. The following two options can be used by a slave in order to# report to its master a specific set of IP and port, so that both INFO# and ROLE will report those values.## There is no need to use both the options if you need to override just# the port or the IP address.## slave-announce-ip 5.5.5.5# slave-announce-port 1234################################## SECURITY #################################### Require clients to issue AUTH <PASSWORD> before processing any other# commands.  This might be useful in environments in which you do not trust# others with access to the host running redis-server.## This should stay commented out for backward compatibility and because most# people do not need auth (e.g. they run their own servers).## Waing: since Redis is pretty fast an outside user can try up to# 150k passwords per second against a good box. This means that you should# use a very strong password otherwise it will be very easy to break.## requirepass foobared# Command renaming.## It is possible to change the name of dangerous commands in a shared# environment. For instance the CONFIG command may be renamed into something# hard to guess so that it will still be available for inteal-use tools# but not available for general clients.## Example:## rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52## It is also possible to completely kill a command by renaming it into# an empty string:## rename-command CONFIG ""## Please note that changing the name of commands that are logged into the# AOF file or transmitted to slaves may cause problems.################################### LIMITS ##################################### Set the max number of connected clients at the same time. By default# this limit is set to 10000 clients, however if the Redis server is not# able to configure the process file limit to allow for the specified limit# the max number of allowed clients is set to the current file limit# minus 32 (as Redis reserves a few file descriptors for inteal uses).## Once the limit is reached Redis will close all the new connections sending# an error 'max number of clients reached'.## maxclients 10000# Don't use more memory than the specified amount of bytes.# When the memory limit is reached Redis will try to remove keys# according to the eviction policy selected (see maxmemory-policy).## If Redis can't remove keys according to the policy, or if the policy is# set to 'noeviction', Redis will start to reply with errors to commands# that would use more memory, like SET, LPUSH, and so on, and will continue# to reply to read-only commands like GET.## This option is usually useful when using Redis as an LRU cache, or to set# a hard memory limit for an instance (using the 'noeviction' policy).## WARNING: If you have slaves attached to an instance with maxmemory on,# the size of the output buffers needed to feed the slaves are subtracted# from the used memory count, so that network problems / resyncs will# not trigger a loop where keys are evicted, and in tu the output# buffer of slaves is full with DELs of keys evicted triggering the deletion# of more keys, and so forth until the database is completely emptied.## In short... if you have slaves attached it is suggested that you set a lower# limit for maxmemory so that there is some free RAM on the system for slave# output buffers (but this is not needed if the policy is 'noeviction').## maxmemory <bytes># MAXMEMORY POLICY: how Redis will select what to remove when maxmemory# is reached. You can select among five behaviors:## volatile-lru -> remove the key with an expire set using an LRU algorithm# allkeys-lru -> remove any key according to the LRU algorithm# volatile-random -> remove a random key with an expire set# allkeys-random -> remove a random key, any key# volatile-ttl -> remove the key with the nearest expire time (minor TTL)# noeviction -> don't expire at all, just retu an error on write operations## Note: with any of the above policies, Redis will retu an error on write#operations, when there are no suitable keys for eviction.##At the date of writing these commands are: set setnx setex append#incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd#sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby#zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby#getset mset msetnx exec sort## The default is:## maxmemory-policy noeviction# LRU and minimal TTL algorithms are not precise algorithms but approximated# algorithms (in order to save memory), so you can tune it for speed or# accuracy. For default Redis will check five keys and pick the one that was# used less recently, you can change the sample size using the following# configuration directive.## The default of 5 produces good enough results. 10 Approximates very closely# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.## maxmemory-samples 5############################## APPEND ONLY MODE ################################ By default Redis asynchronously dumps the dataset on disk. This mode is# good enough in many applications, but an issue with the Redis process or# a power outage may result into a few minutes of writes lost (depending on# the configured save points).## The Append Only File is an alteative persistence mode that provides# much better durability. For instance using the default data fsync policy# (see later in the config file) Redis can lose just one second of writes in a# dramatic event like a server power outage, or a single write if something# wrong with the Redis process itself happens, but the operating system is# still running correctly.## AOF and RDB persistence can be enabled at the same time without problems.# If the AOF is enabled on startup Redis will load the AOF, that is the file# with the better durability guarantees.## Please check http://redis.io/topics/persistence for more information.appendonly no# The name of the append only file (default: "appendonly.aof")appendfilename "appendonly.aof"# The fsync() call tells the Operating System to actually write data on disk# instead of waiting for more data in the output buffer. Some OS will really flush# data on disk, some other OS will just try to do it ASAP.## Redis supports three different modes:## no: don't fsync, just let the OS flush the data when it wants. Faster.# always: fsync after every write to the append only log. Slow, Safest.# everysec: fsync only one time every second. Compromise.## The default is "everysec", as that's usually the right compromise between# speed and data safety. It's up to you to understand if you can relax this to# "no" that will let the operating system flush the output buffer when# it wants, for better performances (but if you can live with the idea of# some data loss consider the default persistence mode that's snapshotting),# or on the contrary, use "always" that's very slow but a bit safer than# everysec.## More details please check the following article:# http://antirez.com/post/redis-persistence-demystified.html## If unsure, use "everysec".# appendfsync alwaysappendfsync everysec# appendfsync no# When the AOF fsync policy is set to always or everysec, and a background# saving process (a background save or AOF log background rewriting) is# performing a lot of I/O against the disk, in some Linux configurations# Redis may block too long on the fsync() call. Note that there is no fix for# this currently, as even performing fsync in a different thread will block# our synchronous write(2) call.## In order to mitigate this problem it's possible to use the following option# that will prevent fsync() from being called in the main process while a# BGSAVE or BGREWRITEAOF is in progress.## This means that while another child is saving, the durability of Redis is# the same as "appendfsync none". In practical terms, this means that it is# possible to lose up to 30 seconds of log in the worst scenario (with the# default Linux settings).## If you have latency problems tu this to "yes". Otherwise leave it as# "no" that is the safest pick from the point of view of durability.no-appendfsync-on-rewrite no# Automatic rewrite of the append only file.# Redis is able to automatically rewrite the log file implicitly calling# BGREWRITEAOF when the AOF log size grows by the specified percentage.## This is how it works: Redis remembers the size of the AOF file after the# latest rewrite (if no rewrite has happened since the restart, the size of# the AOF at startup is used).## This base size is compared to the current size. If the current size is# bigger than the specified percentage, the rewrite is triggered. Also# you need to specify a minimal size for the AOF file to be rewritten, this# is useful to avoid rewriting the AOF file even if the percentage increase# is reached but it is still pretty small.## Specify a percentage of zero in order to disable the automatic AOF# rewrite feature.auto-aof-rewrite-percentage 100auto-aof-rewrite-min-size 64mb# An AOF file may be found to be truncated at the end during the Redis# startup process, when the AOF data gets loaded back into memory.# This may happen when the system where Redis is running# crashes, especially when an ext4 filesystem is mounted without the# data=ordered option (however this can't happen when Redis itself# crashes or aborts but the operating system still works correctly).## Redis can either exit with an error when this happens, or load as much# data as possible (the default now) and start if the AOF file is found# to be truncated at the end. The following option controls this behavior.## If aof-load-truncated is set to yes, a truncated AOF file is loaded and# the Redis server starts emitting a log to inform the user of the event.# Otherwise if the option is set to no, the server aborts with an error# and refuses to start. When the option is set to no, the user requires# to fix the AOF file using the "redis-check-aof" utility before to restart# the server.## Note that if the AOF file will be found to be corrupted in the middle# the server will still exit with an error. This option only applies when# Redis will try to read more data from the AOF file but not enough bytes# will be found.aof-load-truncated yes################################ LUA SCRIPTING  ################################ Max execution time of a Lua script in milliseconds.## If the maximum execution time is reached Redis will log that a script is# still in execution after the maximum allowed time and will start to# reply to queries with an error.## When a long running script exceeds the maximum execution time only the# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be# used to stop a script that did not yet called write commands. The second# is the only way to shut down the server in the case a write command was# already issued by the script but the user doesn't want to wait for the natural# termination of the script.## Set it to 0 or a negative value for unlimited execution without waings.lua-time-limit 5000################################ REDIS CLUSTER  ################################# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however# in order to mark it as "mature" we need to wait for a non trivial percentage# of users to deploy it in production.# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++## Normal Redis instances can't be part of a Redis Cluster; only nodes that are# started as cluster nodes can. In order to start a Redis instance as a# cluster node enable the cluster support uncommenting the following:## cluster-enabled yes# Every cluster node has a cluster configuration file. This file is not# intended to be edited by hand. It is created and updated by Redis nodes.# Every Redis Cluster node requires a different cluster configuration file.# Make sure that instances running in the same system do not have# overlapping cluster configuration file names.## cluster-config-file nodes-6379.conf# Cluster node timeout is the amount of milliseconds a node must be unreachable# for it to be considered in failure state.# Most other inteal time limits are multiple of the node timeout.## cluster-node-timeout 15000# A slave of a failing master will avoid to start a failover if its data# looks too old.## There is no simple way for a slave to actually have a exact measure of# its "data age", so the following two checks are performed:## 1) If there are multiple slaves able to failover, they exchange messages#in order to try to give an advantage to the slave with the best#replication offset (more data from the master processed).#Slaves will try to get their rank by offset, and apply to the start#of the failover a delay proportional to their rank.## 2) Every single slave computes the time of the last interaction with#its master. This can be the last ping or command received (if the master#is still in the "connected" state), or the time that elapsed since the#disconnection with the master (if the replication link is currently down).#If the last interaction is too old, the slave will not try to failover#at all.## The point "2" can be tuned by user. Specifically a slave will not perform# the failover if, since the last interaction with the master, the time# elapsed is greater than:##(node-timeout * slave-validity-factor) + repl-ping-slave-period## So for example if node-timeout is 30 seconds, and the slave-validity-factor# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the# slave will not try to failover if it was not able to talk with the master# for longer than 310 seconds.## A large slave-validity-factor may allow slaves with too old data to failover# a master, while a too small value may prevent the cluster from being able to# elect a slave at all.## For maximum availability, it is possible to set the slave-validity-factor# to a value of 0, which means, that slaves will always try to failover the# master regardless of the last time they interacted with the master.# (However they'll always try to apply a delay proportional to their# offset rank).## Zero is the only value able to guarantee that when all the partitions heal# the cluster will always be able to continue.## cluster-slave-validity-factor 10# Cluster slaves are able to migrate to orphaned masters, that are masters# that are left without working slaves. This improves the cluster ability# to resist to failures as otherwise an orphaned master can't be failed over# in case of failure if it has no working slaves.## Slaves migrate to orphaned masters only if there are still at least a# given number of other working slaves for their old master. This number# is the "migration barrier". A migration barrier of 1 means that a slave# will migrate only if there is at least 1 other working slave for its master# and so forth. It usually reflects the number of slaves you want for every# master in your cluster.## Default is 1 (slaves migrate only if their masters remain with at least# one slave). To disable migration just set it to a very large value.# A value of 0 can be set but is useful only for debugging and dangerous# in production.## cluster-migration-barrier 1# By default Redis Cluster nodes stop accepting queries if they detect there# is at least an hash slot uncovered (no available node is serving it).# This way if the cluster is partially down (for example a range of hash slots# are no longer covered) all the cluster becomes, eventually, unavailable.# It automatically retus available as soon as all the slots are covered again.## However sometimes you want the subset of the cluster which is working,# to continue to accept queries for the part of the key space that is still# covered. In order to do so, just set the cluster-require-full-coverage# option to no.## cluster-require-full-coverage yes# In order to setup your cluster make sure to read the documentation# available at http://redis.io web site.################################## SLOW LOG #################################### The Redis Slow Log is a system to log queries that exceeded a specified# execution time. The execution time does not include the I/O operations# like talking with the client, sending the reply and so forth,# but just the time needed to actually execute the command (this is the only# stage of command execution where the thread is blocked and can not serve# other requests in the meantime).## You can configure the slow log with two parameters: one tells Redis# what is the execution time, in microseconds, to exceed in order for the# command to get logged, and the other parameter is the length of the# slow log. When a new command is logged the oldest one is removed from the# queue of logged commands.# The following time is expressed in microseconds, so 1000000 is equivalent# to one second. Note that a negative number disables the slow log, while# a value of zero forces the logging of every command.slowlog-log-slower-than 10000# There is no limit to this length. Just be aware that it will consume memory.# You can reclaim memory used by the slow log with SLOWLOG RESET.slowlog-max-len 128################################ LATENCY MONITOR ############################### The Redis latency monitoring subsystem samples different operations# at runtime in order to collect data related to possible sources of# latency of a Redis instance.## Via the LATENCY command this information is available to the user that can# print graphs and obtain reports.## The system only logs operations that were performed in a time equal or# greater than the amount of milliseconds specified via the# latency-monitor-threshold configuration directive. When its value is set# to zero, the latency monitor is tued off.## By default latency monitoring is disabled since it is mostly not needed# if you don't have latency issues, and collecting data has a performance# impact, that while very small, can be measured under big load. Latency# monitoring can easily be enabled at runtime using the command# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.latency-monitor-threshold 0############################# EVENT NOTIFICATION ############################### Redis can notify Pub/Sub clients about events happening in the key space.# This feature is documented at http://redis.io/topics/notifications## For instance if keyspace events notification is enabled, and a client# performs a DEL operation on key "foo" stored in the Database 0, two# messages will be published via Pub/Sub:## PUBLISH __keyspace@0__:foo del# PUBLISH __keyevent@0__:del foo## It is possible to select the events that Redis will notify among a set# of classes. Every class is identified by a single character:##  K Keyspace events, published with __keyspace@<db>__ prefix.#  E Keyevent events, published with __keyevent@<db>__ prefix.#  g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...#  $ String commands#  l List commands#  s Set commands#  h Hash commands#  z Sorted set commands#  x Expired events (events generated every time a key expires)#  e Evicted events (events generated when a key is evicted for maxmemory)#  A Alias for g$lshzxe, so that the "AKE" string means all the events.##  The "notify-keyspace-events" takes as argument a string that is composed#  of zero or multiple characters. The empty string means that notifications#  are disabled.##  Example: to enable list and generic events, from the point of view of the#event name, use:##  notify-keyspace-events Elg##  Example 2: to get the stream of the expired keys subscribing to channel# name __keyevent@0__:expired use:##  notify-keyspace-events Ex##  By default all notifications are disabled because most users don't need#  this feature and the feature has some overhead. Note that if you don't#  specify at least one of K or E, no events will be delivered.notify-keyspace-events ""############################### ADVANCED CONFIG ################################ Hashes are encoded using a memory efficient data structure when they have a# small number of entries, and the biggest entry does not exceed a given# threshold. These thresholds can be configured using the following directives.hash-max-ziplist-entries 512hash-max-ziplist-value 64# Lists are also encoded in a special way to save a lot of space.# The number of entries allowed per inteal list node can be specified# as a fixed maximum size or a maximum number of elements.# For a fixed maximum size, use -5 through -1, meaning:# -5: max size: 64 Kb  <-- not recommended for normal workloads# -4: max size: 32 Kb  <-- not recommended# -3: max size: 16 Kb  <-- probably not recommended# -2: max size: 8 Kb<-- good# -1: max size: 4 Kb<-- good# Positive numbers mean store up to _exactly_ that number of elements# per list node.# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),# but if your use case is unique, adjust the settings as necessary.list-max-ziplist-size -2# Lists may also be compressed.# Compress depth is the number of quicklist ziplist nodes from *each* side of# the list to *exclude* from compression.  The head and tail of the list# are always uncompressed for fast push/pop operations.  Settings are:# 0: disable all list compression# 1: depth 1 means "don't start compressing until after 1 node into the list,#going from either the head or tail"#So: [head]->node->node->...->node->[tail]#[head], [tail] will always be uncompressed; inner nodes will compress.# 2: [head]->[next]->node->node->...->node->[prev]->[tail]#2 here means: don't compress head or head->next or tail->prev or tail,#but compress all nodes between them.# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]# etc.list-compress-depth 0# Sets have a special encoding in just one case: when a set is composed# of just strings that happen to be integers in radix 10 in the range# of 64 bit signed integers.# The following configuration setting sets the limit in the size of the# set in order to use this special memory saving encoding.set-max-intset-entries 512# Similarly to hashes and lists, sorted sets are also specially encoded in# order to save a lot of space. This encoding is only used when the length and# elements of a sorted set are below the following limits:zset-max-ziplist-entries 128zset-max-ziplist-value 64# HyperLogLog sparse representation bytes limit. The limit includes the# 16 bytes header. When an HyperLogLog using the sparse representation crosses# this limit, it is converted into the dense representation.## A value greater than 16000 is totally useless, since at that point the# dense representation is more memory efficient.## The suggested value is ~ 3000 in order to have the benefits of# the space efficient encoding without slowing down too much PFADD,# which is O(N) with the sparse encoding. The value can be raised to# ~ 10000 when CPU is not a conce, but space is, and the data set is# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.hll-sparse-max-bytes 3000# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in# order to help rehashing the main Redis hash table (the one mapping top-level# keys to values). The hash table implementation Redis uses (see dict.c)# performs a lazy rehashing: the more operation you run into a hash table# that is rehashing, the more rehashing "steps" are performed, so if the# server is idle the rehashing is never complete and some more memory is used# by the hash table.## The default is to use this millisecond 10 times every second in order to# actively rehash the main dictionaries, freeing memory when possible.## If unsure:# use "activerehashing no" if you have hard latency requirements and it is# not a good thing in your environment that Redis can reply from time to time# to queries with 2 milliseconds delay.## use "activerehashing yes" if you don't have such hard requirements but# want to free memory asap when possible.activerehashing yes# The client output buffer limits can be used to force disconnection of clients# that are not reading data from the server fast enough for some reason (a# common reason is that a Pub/Sub client can't consume messages as fast as the# publisher can produce them).## The limit can be set differently for the three different classes of clients:## normal -> normal clients including MONITOR clients# slave  -> slave clients# pubsub -> clients subscribed to at least one pubsub channel or patte## The syntax of every client-output-buffer-limit directive is the following:## client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>## A client is immediately disconnected once the hard limit is reached, or if# the soft limit is reached and remains reached for the specified number of# seconds (continuously).# So for instance if the hard limit is 32 megabytes and the soft limit is# 16 megabytes / 10 seconds, the client will get disconnected immediately# if the size of the output buffers reach 32 megabytes, but will also get# disconnected if the client reaches 16 megabytes and continuously overcomes# the limit for 10 seconds.## By default normal clients are not limited because they don't receive data# without asking (in a push way), but just after a request, so only# asynchronous clients may create a scenario where data is requested faster# than it can read.## Instead there is a default limit for pubsub and slave clients, since# subscribers and slaves receive data in a push fashion.## Both the hard or the soft limit can be disabled by setting them to zero.client-output-buffer-limit normal 0 0 0client-output-buffer-limit slave 256mb 64mb 60client-output-buffer-limit pubsub 32mb 8mb 60# Redis calls an inteal function to perform many background tasks, like# closing connections of clients in timeout, purging expired keys that are# never requested, and so forth.## Not all tasks are performed with the same frequency, but Redis checks for# tasks to perform according to the specified "hz" value.## By default "hz" is set to 10. Raising the value will use more CPU when# Redis is idle, but at the same time will make Redis more responsive when# there are many keys expiring at the same time, and timeouts may be# handled with more precision.## The range is between 1 and 500, however a value over 100 is usually not# a good idea. Most users should use the default of 10 and raise this up to# 100 only in environments where very low latency is required.hz 10# When a child rewrites the AOF file, if the following option is enabled# the file will be fsync-ed every 32 MB of data generated. This is useful# in order to commit the file to the disk more incrementally and avoid# big latency spikes.aof-rewrite-incremental-fsync yes