banner
云野阁

云野阁

闲云野鹤,八方逍遥
HomeArchives关于

Docker Knowledge Organization

#运维#Linux#docker#总结#知识梳理24
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This document provides a summary of Docker-related commands and configurations. Key topics include: 1. **Container Autostart Settings**: - To enable autostart, use: `docker update --restart=always <containerID>`. - To disable autostart, use: `docker update --restart=no <containerID>`. 2. **Metadata Retrieval**: - Use `docker inspect <id>` to get metadata for containers or images. 3. **Container Networking**: - Create a network with specific subnet and IP range: `docker network create --subnet <subnet> --ip-range <ip-range> <network-name>`. - List networks with `docker network ls` and remove a network with `docker network rm <networkID>`. 4. **Container IP and Names**: - Retrieve all container IPs using a specific inspect command. - List all container names with `docker ps -a --format {{.Names}}`. 5. **Image Creation**: - Create an image from a container without directory mapping: `docker commit <containerID> <image-name>`. - Include commit message and author: `docker commit -m "<message>" -a "<author>" <containerID> <image-name>`. 6. **Handling Mapped Directories/Files**: - When creating images from containers with mapped directories, the mapped files are not included. Two solutions are provided: 1. Create an image, then copy the mapped files into a new container before packaging. 2. Provide the mapped files separately when sharing the image. 7. **Exporting and Importing Images**: - Export an image as a compressed file: `docker save -o /home/<image-name>.tar <image-name>:latest`. - Import an image using various methods, such as `docker load --input /home/<image-name>.tar`. 8. **Docker Installation

Container Auto-Start Settings#

If the container was created without specifying --restart=always, it can be set using the update command.

docker update --restart=always containerID

Disable Container Auto-Start#

docker update --restart=no containerID

Get Container/Image Metadata#

docker inspect id

Container Network#

Create a container network.

#docker network create --subnet subnet range --ip-range available IP address range Docker network name
docker network create --subnet 172.20.0.0/16 --ip-range 172.20.1.102/29 zabbix-net

Delete Created Container Network#

#View container networks
docker network ls
#Delete container network
docker network rm containerID

View All Container IPs#

 docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)

View All Container Names#

#View all container names
docker ps -a --format {{.Names}}

Generate Docker Image (Without Directory Mapping)#

docker commit id/containerName imageName

# Generate an image with commit message and author
docker commit -m "commit message" -a "author" id/containerName imageName
#View commit message and author
 docker inspect --format 'Commit Message:{{.Comment}},  Author:{{.Author}}' imageName

Handling containers with directory/file mappings

For containers that have mapped host files/directories, the mapped files/directories will not be included when packaging into an image.

Two solutions are provided for this situation:

  1. First generate the image file, then create a container using the newly generated image, copy the original mapped directory/file into the container, and then package it. This will result in an image file with the source directory.
docker cp fileOrDirectoryToCopy containerIDOrName:destinationInContainer
  1. When providing the image externally, include the mapped files. Specify the mapping relationship when running the image.

Export Image as a Compressed Package#

docker save -o /home/imageName.tar imageName:latest

Import imageName.tar as an Image#

# Import method one
docker load --input /home/skj.tar
# Import method two
$ docker load -i /home/skj.tar
# Import method three
$ docker load < /home/skj.tar

Run Docker Compose File to Create Related Containers#

docker compose -f docker-compose-XXXXXXX.yml up -d

When creating a Docker Compose file, use an existing network. The command to write the network content in the script is as follows:

networks:
  networkName:
    external: true

Docker Command Completion#

 curl -L https://raw.githubusercontent.com/docker/composcompose > /etc/bash_completion.d/docker-compose
 #Re-login
 bash

One-Click Docker Installation#

Docker Image Sources

  "registry-mirrors": [
    "https://registry.docker-cn.com",
    "http://hub-mirror.c.163.com",
    "https://dockerhub.azk8s.cn",
    "https://mirror.ccs.tencentyun.com",
    "https://registry.cn-hangzhou.aliyuncs.com",
    "https://docker.mirrors.ustc.edu.cn",
    "https://docker.m.daocloud.io",
    "https://noohub.ru",
    "https://huecker.io",
    "https://dockerhub.timeweb.cloud"
  ]

Method One: CentOS#

#Use the official script for automatic installation, default to install the latest version
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

systemctl start docker
systemctl enable docker

#Set up repository installation
sudo yum install -y yum-utils
#Official source
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#Aliyun source (recommended)
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Method Two: openEuler 22.03 (LTS-SP2) Non-Administrator#

#!/bin/bash
#############Description#############
:<<!
Install Docker CE, set to auto-start on boot
Modify Docker storage path
!
#############Description#############
echo "[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
" > /etc/yum.repos.d/docker-ce.repo

yum install container-selinux
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin --nogpgcheck --nobest
#Start Docker and set to auto-start on boot
systemctl start docker
systemctl enable docker
#Check version
docker -v
docker compose version
echo "***********************
Docker installation successful
***********************"

mkdir -p /data/dockerData
#/data/docker is the new storage path
echo '
{
  "data-root": "/data/dockerData"
}' > /etc/docker/daemon.json
systemctl restart docker
echo "Docker storage location changed to /data/dockerData"

Method Three: openEuler 22.03 (LTS-SP2) Administrator#

#!/bin/bash
#############Description#############
:<<!
Install Docker CE, set to auto-start on boot
Modify Docker storage path
!
#############Description#############

#Configure the yum repository for Docker CE
echo "[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://download.docker.com/linux/centos/7/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
" > /etc/yum.repos.d/docker-ce.repo

yum install container-selinux
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin --nogpgcheck --nobest
#Start Docker and set to auto-start on boot
systemctl start docker
systemctl enable docker
#Check version
docker -v
docker compose version
echo "***********************
Docker installation successful
***********************"

mkdir -p /data/dockerData
#/data/docker is the new storage path
echo '
{
  "data-root": "/data/dockerData"
}' > /etc/docker/daemon.json
systemctl restart docker
echo "Docker storage location changed to /data/dockerData"

Method Four: openEuler 20.03 (LTS)x86#

#Install openEuler image source
wget -O /etc/yum.repos.d/openEulerOS.repo https://repo.huaweicloud.com/repository/conf/openeuler_x86_64.repo
#Install dependency software source
wget -O /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo 
#
sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache

Docker Container Fails to Restart, Error Message as Follows#

Error response from daemon: Cannot restart container 66dd752e0bd4: id already in use

Solution:

#View container ID
docker ps -a
#View container process
ps -aux | grep containerID
#Kill the process
kill -9 containerProcess

Start again, success!

Method Five: openEuler 22.03#

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/\$releasever/7/g' /etc/yum.repos.d/docker-ce.repo

Issues with Using Installation Image Sources Inside Docker Containers, as Shown Below#

1711208367091-1-1711208371676-4

Configuring DNS in the /etc/docker/daemon.json file can resolve this.

vi /etc/docker/daemon.json
{
 "dns": ["8.8.8.8", "114.114.114.114"]
 }

Pull Official Images from gcr.io, k8s.gcr.io, registry.k8s.io, quay.io, ghcr.io Script#

Method One:

wget https://raw.githubusercontent.com/anjia0532/gcr.io_mirror/master/pull-k8s-image.sh chmod +x pull-k8s-image.sh

vi pull-images.sh
###########################################3
#!/bin/sh

k8s_img=$1
mirror_img=$(echo ${k8s_img}|
        sed 's/quay\.io/anjia0532\/quay/g;s/ghcr\.io/anjia0532\/ghcr/g;s/registry\.k8s\.io/anjia0532\/google-containers/g;s/k8s\.gcr\.io/anjia0532\/google-containers/g;s/gcr\.io/anjia0532/g;s/\//\./g;s/ /\n/g;s/anjia0532\./anjia0532\//g' |
        uniq)

if [ -x "$(command -v docker)" ]; then
  sudo docker pull ${mirror_img}
  sudo docker tag ${mirror_img} ${k8s_img}
  exit 0
fi

if [ -x "$(command -v ctr)" ]; then
  sudo ctr -n k8s.io image pull docker.io/${mirror_img}
  sudo ctr -n k8s.io image tag docker.io/${mirror_img} ${k8s_img}
  exit 0
fi

echo "command not found:docker or ctr"
###############################################
chmod +x pull-images.sh
#Execution format
./pull-images.sh  imageName

Method Two:

https://dockerproxy.com/

Docker's iptables Policy#

#Display the rule information in the DOCKER-USER chain
iptables -nL DOCKER-USER
# Execute the following command on host 10.10.3.117: (ens192 is the actual network card)
#Deny all IPs access to Docker's port 80
iptables -I DOCKER-USER -i ens192 -p tcp --dport 80 -j DROP
#Only allow 10.10.3.122 to access Docker's port 80
iptables -I DOCKER-USER -i ens192 -s 10.10.3.122 -p tcp --dport 80 -j ACCEPT
#Delete the default rule in the DOCKER-USER chain
iptables -D DOCKER-USER -j RETURN
#Save the DOCKER-USER policy
service iptables save
#Set iptables to start on boot, making the policy permanent
systemctl enable iptables.service
#Or
/etc/rc.d/init.d/iptables save
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.