run docker as server & client-阿里云开发者社区

在安装完docker-io或docker包后, 我们可以通过man docker查看帮助.

docker命令有两个主要的功能,

1. 运行服务端

2. 运行客户端, 连接到服务端执行一些容器相关的操作(如启动, 停止, 提交, 下载, 上传image等)

一般我们启动服务端是用service docker start来启动的.

如果要使用docker命令启动服务端, 必须加-d参数启动, 例如 :

[root@db-172-16-3-221 ~]# docker -d
2014/10/30 14:56:19 WARNING: You are running linux kernel version 2.6.32-431.el6.x86_64, which might be unstable running docker. Please upgrade your kernel to 3.8.0.
2014/10/30 14:56:19 docker daemon: 1.1.2 d84a070/1.1.2; execdriver: native; graphdriver: 
[74bebae4] +job serveapi(unix:///var/run/docker.sock)
[74bebae4] +job initserver()
[74bebae4.initserver()] Creating server
2014/10/30 14:56:19 Listening for HTTP on unix (/var/run/docker.sock)
[74bebae4] +job init_networkdriver()
[74bebae4] -job init_networkdriver() = OK (0)
2014/10/30 14:56:19 Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
Loading containers: ..................: done.
[74bebae4.initserver()] Creating pidfile
[74bebae4.initserver()] Setting up signal traps
[74bebae4] -job initserver() = OK (0)
[74bebae4] +job acceptconnections()
[74bebae4] -job acceptconnections() = OK (0)

启动服务端后, 就可以通过docker COMMAND客户端命令连接到服务端执行一些操作了.

接下来主要解释一下作为服务端, 我们可以指定哪些参数.

man docker
DOCKER(1)                                                            DOCKER(1)

NAME
       docker - Docker image and container command line interface
SYNOPSIS
       docker [OPTIONS] COMMAND [arg...]
DESCRIPTION
       docker has two distinct functions.  It is used for starting the Docker daemon and to run the CLI (i.e., to com-
       mand the daemon to manage images, containers etc.)
        So docker is both a server, as a daemon, and a client to the daemon, through the CLI.

       To run the Docker daemon you do not specify any of the commands listed below but must specify  the  -d  option.
       The other options listed below are for the daemon only.

       The Docker CLI has over 30 commands.  The commands are listed below and each has its own man page which explain
       usage and arguments.

       To see the man page for a command run man docker .

以下所有选项都是针对服务端的.

OPTIONS
       -D=true|false Enable debug mode.  Default is false.

是否开启DEBUG

  -H, --host=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or unix://[/path/to/socket]  to  use.   The
       socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://*
       or fd://socketfd.

将服务端绑定到其他端口或unix sock, 一般情况下, 如果你的docker服务端不需要远程管理的话, 建议不监听在任何TCP端口, 只监听unix sock即可. 但是如果部署云环境的话, 是需要监听tcp端口的, 便于管理.

  --api-enable-cors=true|false Enable CORS headers in the remote API.  Default is false.

       -b="" Attach containers to a pre-existing network bridge; use 'none' to disable container networking

如果你的服务器使用了openvswitch来管理虚拟交换机的话, 那么启动时可以将docker绑定到非默认网桥 :

查看当前网桥 :

[root@db-172-16-3-221 docker]# brctl show 
bridge name     bridge id               STP enabled     interfaces
docker0         8000.000000000000       no
[root@db-172-16-3-221 docker]# ifconfig 
docker0   Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::c814:5eff:fee0:1759/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:464 (464.0 b)  TX bytes:468 (468.0 b)
[root@db-172-16-3-221 docker]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 5c:f3:fc:94:12:00 brd ff:ff:ff:ff:ff:ff
    inet 172.16.3.221/24 brd 172.16.3.255 scope global eth0
    inet6 fe80::5ef3:fcff:fe94:1200/64 scope link 
       valid_lft forever preferred_lft forever
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
    inet6 fe80::c814:5eff:fee0:1759/64 scope link 
       valid_lft forever preferred_lft forever
[root@db-172-16-3-221 docker]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 5c:f3:fc:94:12:00 brd ff:ff:ff:ff:ff:ff
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 5c:f3:fc:94:12:02 brd ff:ff:ff:ff:ff:ff
4: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 5e:f3:fc:95:12:03 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

   --bip="" Use the provided CIDR notation address for the dynamically created bridge (docker0);  Mutually  exclusive of -b

和-b 冲突

       -d=true|false Enable daemon mode.  Default is false.

作为server运行

       --dns="" Force Docker to use specific DNS servers

指定dns

-g="" Path to use as the root of the Docker runtime.  Default is /var/lib/docker.

改变docker root路径 , 默认是/var/lib/docker, 所有的本地image, container产生的中间结果都在这个目录, 所以建议启动时修改它到一个比较大的目录下. 使用/etc/init.d/docker来启动docker server的话, 如果我们要使用其他目录, 建议修改/etc/init.d/docker

例如
        $exec -d $other_args &>> $logfile &
改成
        $exec -d -g /data01/docker &>> $logfile &

那么将以/data01/docker为root启动docker server

   --icc=true|false Enable inter-container communication.  Default is true.

是否允许container之间内部通讯, 其实是通过自动维护防火墙来实现的

       --ip="" Default IP address to use when binding container ports.  Default is 0.0.0.0.

当使用run -P来绑定container的端口时, 默认绑定到本地的0.0.0.0地址.

  --iptables=true|false Disable Docker's addition of iptables rules.  Default is true.

是否启用docker防火墙规则

       --mtu=VALUE Set the containers network mtu.  Default is 1500.

mtu值, 如果L2网络中有使用某些协议后可能使得封装后的数据包超过网络设备允许的极限, 那么可以减少mtu值.

  -p="" Path to use for daemon PID file.  Default is /var/run/docker.pid

pid文件路径

       -r=true|false Restart previously running containers.  Default is true.

是否自动重启以前允许的container

       -s="" Force the Docker runtime to use a specific storage driver.

强制启动DOCKER时加载特殊的存储驱动

       -v=true|false Print version information and quit.  Default is false.

打印版本信息, 例如

[root@db-172-16-3-221 ~]# docker -v
Docker version 1.1.2, build d84a070/1.1.2
和在docker server启动后, 使用docker info连接到docker server查看的信息不一样.
例如
[root@db-172-16-3-221 ~]# docker info
Containers: 0
Images: 0
Storage Driver: devicemapper
 Pool Name: docker-253:0-2148941360-pool
 Data file: /data01/docker/devicemapper/devicemapper/data
 Metadata file: /data01/docker/devicemapper/devicemapper/metadata
 Data Space Used: 291.5 Mb
 Data Space Total: 102400.0 Mb
 Metadata Space Used: 0.7 Mb
 Metadata Space Total: 2048.0 Mb
Execution Driver: native-0.2
Kernel Version: 2.6.32-431.el6.x86_64
Username: digoal
Registry: [https://index.docker.io/v1/]

      --selinux-enabled=true|false Enable selinux support.  Default is false.

是否启动selinux

以下是docker作为客户端使用的方法.

COMMANDS
       docker-attach(1) Attach to a running container
       docker-build(1) Build an image from a Dockerfile
       docker-commit(1) Create a new image from a container's changes
       docker-cp(1) Copy files/folders from a container's filesystem to the host at path
       docker-diff(1) Inspect changes on a container's filesystem
       docker-events(1) Get real time events from the server
       docker-export(1) Stream the contents of a container as a tar archive
       docker-history(1) Show the history of an image
       docker-images(1) List images
       docker-import(1) Create a new filesystem image from the contents of a tarball
       docker-info(1) Display system-wide information
       docker-inspect(1) Return low-level information on a container
       docker-kill(1) Kill a running container (which includes the wrapper process and everything inside it)
       docker-load(1) Load an image from a tar archive
       docker-login(1) Register or Login to a Docker registry server
       docker-logs(1) Fetch the logs of a container
       docker-pause(1) Pause all processes within a container
       docker-port(1) Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
       docker-ps(1) List containers
       docker-pull(1) Pull an image or a repository from a Docker registry server
       docker-push(1) Push an image or a repository to a Docker registry server
       docker-restart(1) Restart a running container
       docker-rm(1) Remove one or more containers
       docker-rmi(1) Remove one or more images
       docker-run(1) Run a command in a new container
       docker-save(1) Save an image to a tar archive
       docker-search(1) Search for an image in the Docker index
       docker-start(1) Start a stopped container
       docker-stop(1) Stop a running container
       docker-tag(1) Tag an image into a repository
       docker-top(1) Lookup the running processes of a container
       docker-unpause(1) Unpause all processes within a container
       docker-version(1) Show the Docker version information
       docker-wait(1) Block until a container stops, then print its exit code

[参考]

1. http://blog.163.com/digoal@126/blog/static/1638770402014930101521709/

run docker as server & client

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像