Docker之容器的创建、启动、终止、删除、迁移等

摘要

容器是docker的核心概念之一。
简单的说，容器是镜像的一个运行实例，所不同的是他带有额外的可写文件层。如果认为虚拟机是模拟运行的是一整套操作系统(提供了运行状态环境和其他系统环境)和跑在上面的应用。那么docker容器就是独立运行的一个或一组应用，以及他们的必须运行环境

一、创建容器

docker创建容器可以用docker create命令来执行。

[[email protected] ~]# docker create -it debian:latest
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
a719479f5894: Pull complete 
91bac885982d: Pull complete 
Digest: sha256:a1577aa9dde28e51fb56dbad63b86b7db3ea44d4474ef656671c5a6596073d8c
Status: Downloaded newer image for debian:latest
f4086492e895f3203f56ec545990bc0b5da69be3c3e3c70e2ce1188d685c9c16
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
f4086492e895        debian:latest       "/bin/bash"         5 seconds ago       Created                                 elegant_curie
[[email protected] ~]# 

但是通过docker create命令创建的容器是停止的，我们可以用docker ps -a -q命令来查看哪些是停止状态的容器。

[[email protected] ~]# docker ps -a -q
f4086492e895
[[email protected] ~]# 

---

二、启动容器

Ⅰ、创建容器

上面说过了通过docker create创建的容器是停止状态的，那么我们就可以用docker start命令来启动容器。

[[email protected] ~]# docker start f4086492e895
f4086492e895
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
f4086492e895        debian:latest       "/bin/bash"         8 minutes ago       Up 6 seconds                            elegant_curie
[[email protected] ~]# 

Ⅱ、创建启动容器

其实这样有点烦，先创建在启动，其实我们可以用docker run命令来实现直接创建启动一个容器的，其实docker run命令等价于先执行docker create然后执行docker start命令。

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[[email protected] ~]# docker run debian:latest /bin/echo -e "\n\nHello, Here is Legion Blog."
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
a719479f5894: Pull complete 
91bac885982d: Pull complete 
Digest: sha256:a1577aa9dde28e51fb56dbad63b86b7db3ea44d4474ef656671c5a6596073d8c
Status: Downloaded newer image for debian:latest


Hello, Here is Legion Blog.
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                     PORTS               NAMES
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   7 seconds ago       Exited (0) 7 seconds ago                       loving_nobel
[[email protected] ~]# docker images |grep debian
debian              latest              91bac885982d        5 days ago          125.1 MB
[[email protected] ~]# docker ps -a -q
68e25a09499d
[[email protected] ~]# 

当使用docker run命令创建启动容器时，Docker在后台运行的标准操作有下面几个步骤

1、检测本地是否存在指定的镜像，不存在就从公有仓库下载

2、利用镜像创建并启动一个容器

3、分配一个文件系统，并在只读的镜像层外面挂载一层可读写层

4、从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中去

5、从地址池配置一个IP地址给容器

6、执行用户指定的应用程序

7、执行完毕后终止容器
上面的docker run debian:latest /bin/echo -e "\n\nHello, Here is Legion Blog."命令则是用debian镜像运行echo命令打印"\n\nHello, Here is Legion Blog."这句话。
下面我们再来做个小实验

[[email protected] ~]# docker run -t -i debian:latest /bin/bash
[email protected]:/# date
Sun Nov 15 07:04:31 UTC 2015
[email protected]:/# pwd
/
[email protected]:/# ls -l
total 64
drwxr-xr-x   2 root root 4096 Nov  9 20:17 bin
drwxr-xr-x   2 root root 4096 Aug 26 16:31 boot
drwxr-xr-x   5 root root  380 Nov 15 07:04 dev
drwxr-xr-x  41 root root 4096 Nov 15 07:04 etc
drwxr-xr-x   2 root root 4096 Aug 26 16:31 home
drwxr-xr-x   9 root root 4096 Nov 27  2014 lib
drwxr-xr-x   2 root root 4096 Nov  9 20:15 lib64
drwxr-xr-x   2 root root 4096 Nov  9 20:15 media
drwxr-xr-x   2 root root 4096 Nov  9 20:15 mnt
drwxr-xr-x   2 root root 4096 Nov  9 20:15 opt
dr-xr-xr-x 104 root root    0 Nov 15 07:04 proc
drwx------   2 root root 4096 Nov  9 20:15 root
drwxr-xr-x   3 root root 4096 Nov  9 20:15 run
drwxr-xr-x   2 root root 4096 Nov  9 20:17 sbin
drwxr-xr-x   2 root root 4096 Nov  9 20:15 srv
dr-xr-xr-x  13 root root    0 Nov 15 07:04 sys
drwxrwxrwt   2 root root 4096 Nov  9 20:17 tmp
drwxr-xr-x  10 root root 4096 Nov  9 20:15 usr
drwxr-xr-x  11 root root 4096 Nov  9 20:15 var
[email protected]:/# ps
  PID TTY          TIME CMD
    1 ?        00:00:00 bash
    7 ?        00:00:00 ps
[email protected]:/# 

上面用到了-t -i两个参数选项。这里解释下，-t表示让docker分配一个为终端(pseudo-tty)并绑定到容器的标准输入上，-i表示让容器的标准输入保持打开。然后我们就可以在创建的终端来执行命令，从上面的小实验我们可以发现，在容器里面完全没有多余的进程。这就是docker的优点。^_^

同时当我们不需要这个容器终端的时候我们可以按Ctrl+D或者执行exit命令来退出容器，对于这个新建的容器并打开了一个终端后我们执行退出动作后他就完成了他的使命，退出的时候容器就会自动的进入终止状态了

[email protected]:/# exit
exit
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a578b01bc9bd        debian:latest       "/bin/bash"                7 minutes ago       Exited (0) 5 seconds ago                        sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   25 minutes ago      Exited (0) 25 minutes ago                       loving_nobel
[[email protected] ~]# docker ps -a -q
a578b01bc9bd
68e25a09499d
[[email protected] ~]# 

Ⅲ、容器的守护状态运行。

在实际应用中我们更多的是需要容器在后台以守护状态(Daemonized)形式运行，我们可以使用-d参数来实现容器的后台守护状态运行。

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a578b01bc9bd        debian:latest       "/bin/bash"                15 minutes ago      Exited (0) 8 minutes ago                        sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   34 minutes ago      Exited (0) 34 minutes ago                       loving_nobel
[[email protected] ~]# docker run -d debian /bin/bash -c "while true; do echo hello docker; sleep 3;done"
a2bda91ae015d5166a31af082fb78126d054633cc381cc75dbd5e7894d5dac6e
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     4 seconds ago       Up 3 seconds                                    loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                17 minutes ago      Exited (0) 9 minutes ago                        sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   35 minutes ago      Exited (0) 35 minutes ago                       loving_nobel
[[email protected] ~]# docker logs a2bda91ae015
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
hello docker
[[email protected] ~]# 

上面我们就是用Debian镜像运行了一个容器，容器在后台以守护进程的方式运行着while true; do echo hello docker; sleep 3;done循环，最后我们通过docker logs a2bda91ae015命令可以看到容器的输出信息，证实这个容器一直在后台运行着。

---

三、终止容器

我们可以使用docker stop命令来终止一个运行中的容器

命令用法：docker stop [-t|--time[=10]]

它会首先向容器发送SIGTERM信号，等待一段时间后(默认为10秒)，再发送SIGKILL信号来终止容器。

当docker容器中指定的应用终结时，容器也自动终止。例如上面我用用exit命令退出那个终端的时候所创建的容器也立刻终止了。

我们可以用docker stop命令终止一个容器也可以使用docker start命令来重新启动，也可以使用docker restart命令来将一个运行终端额容器终止后再重新启动它。

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     11 minutes ago      Up 11 minutes                                   loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                29 minutes ago      Exited (0) 21 minutes ago                       sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   47 minutes ago      Exited (0) 47 minutes ago                       loving_nobel
[[email protected] ~]# docker stop a2bda91ae015
a2bda91ae015
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                       PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     12 minutes ago      Exited (137) 4 seconds ago                       loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                29 minutes ago      Exited (0) 22 minutes ago                        sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   48 minutes ago      Exited (0) 48 minutes ago                        loving_nobel
[[email protected] ~]# docker start a2bda91ae015
a2bda91ae015
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     12 minutes ago      Up 2 seconds                                    loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                29 minutes ago      Exited (0) 22 minutes ago                       sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   48 minutes ago      Exited (0) 48 minutes ago                       loving_nobel
[[email protected] ~]# docker restart a2bda91ae015
a2bda91ae015
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                      PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     12 minutes ago      Up 3 seconds                                    loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                30 minutes ago      Exited (0) 22 minutes ago                       sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   48 minutes ago      Exited (0) 48 minutes ago                       loving_nobel
[[email protected] ~]# docker stop --time=2 a2bda91ae015
a2bda91ae015
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                    CREATED             STATUS                       PORTS               NAMES
a2bda91ae015        debian              "/bin/bash -c 'while "     13 minutes ago      Exited (137) 3 seconds ago                       loving_chandrasekhar
a578b01bc9bd        debian:latest       "/bin/bash"                30 minutes ago      Exited (0) 23 minutes ago                        sick_lalande
68e25a09499d        debian:latest       "/bin/echo -e '\\n\\nHe"   48 minutes ago      Exited (0) 48 minutes ago                        loving_nobel
[[email protected] ~]# 

---

四、进入容器

在使用-d参数时候，容器启动后会进入后台，用户无法看到容器中的信息。某些时候我们是需要进入容器进行操作的，这里我们就可以使用docker attach、docker exec命令或者nsenter工具等来完成。

Ⅰ、attach命令

docker attach是一个Docker自带的命令，下面来说说attach命令的使用方法：

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[[email protected] ~]# docker run -t -i -d debian
7f16264f7ab46e68b70dc8d982300c3a277d273cb425be6be739915c563ccb3c
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         3 seconds ago       Up 2 seconds                            tender_raman
[[email protected] ~]# docker attach 7f1
[email protected]:/# 
[email protected]:/# ps
  PID TTY          TIME CMD
    1 ?        00:00:00 bash
    6 ?        00:00:00 ps
[email protected]:/# exit
exit
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                     PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         About a minute ago   Exited (0) 2 seconds ago                       tender_raman
[[email protected] ~]# 

其实使用docker attach命令有时候很不方便，当多个窗口同时attach到同一个容器的时候，所有窗口都会同步显示，当某个窗口因命令阻塞的时候，其他窗口也无法执行操作了。

Ⅱ、exec命令

在Docker1.3版本开始，提供了一个更方便的命令exec。可以直接在容器内运行命令。

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         5 minutes ago       Exited (0) 4 minutes ago                       tender_raman
[[email protected] ~]# docker start 7f16264f7ab4
7f16264f7ab4
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         5 minutes ago       Up 2 seconds                            tender_raman
[[email protected] ~]# docker exec -ti 7f16264f7ab4 /bin/bash
[email protected]:/# ps 
  PID TTY          TIME CMD
    6 ?        00:00:00 bash
   10 ?        00:00:00 ps
[email protected]:/# date
Sun Nov 15 07:59:29 UTC 2015
[email protected]:/# 

Ⅲ、nsenter工具

1、nsenter的安装

nsenter工具在util-linux包的2.23版本后都包含。如果系统中的util-linux包中没有这个命令，那么可以通过源码编译安装上

[[email protected] ~]# which nsenter
/usr/bin/nsenter
[[email protected] ~]# nsenter -V
nsenter,?? util-linux 2.23.2
[[email protected] ~]# 

[[email protected] ~]# wget https://www.kernel.org/pub/linux/utils/util-linux/v2.27/util-linux-2.27.tar.xz
[[email protected] ~]# tar xf util-linux-2.27.tar.xz 
[[email protected] ~]# cd util-linux-2.27/
[[email protected] ~/util-linux-2.27]# ./configure --without-ncurses
[[email protected] ~/util-linux-2.27]# make nsenter
[[email protected] ~/util-linux-2.27]# \cp nsenter /usr/bin/
[[email protected] ~/util-linux-2.27]# which nsenter 
/usr/bin/nsenter
[[email protected] ~/util-linux-2.27]# nsenter -V
nsenter，来自 util-linux 2.27
[[email protected] ~/util-linux-2.27]# 

2、nsenter的使用

为了使用nsenter工具连接到容器，我们首先需要找到容器的进程PID号，可以通过下面的命令获取

f-docker-pid() { docker inspect --format "{{ .State.Pid}}" $1; }
docker-pid <CONTAINER ID>
nsenter --target <PID> --mount --uts --ipc --net --pid

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         34 minutes ago      Up 29 minutes                           tender_raman
[[email protected] ~]# f-docker-pid() { docker inspect --format "{{ .State.Pid}}" $1; }
[[email protected] ~]# nsenter --target $(f-docker-pid 7f16264f7ab4) --mount --uts --ipc --net --pid
[email protected]:/# date
Sun Nov 15 08:29:37 UTC 2015
[email protected]:/# logout
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         36 minutes ago      Up 31 minutes                           tender_raman
[[email protected] ~]# 

为了以后方便使用我这做了shell函数写到.bashrc文件了

[[email protected] ~]# echo 'tools-nsenter() { nsenter --target $(docker inspect --format "{{ .State.Pid}}" $1) --mount --uts --ipc --net --pid; }' >> ~/.bashrc
[[email protected] ~]# source .bashrc
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7f16264f7ab4        debian              "/bin/bash"         58 minutes ago      Up 53 minutes                           tender_raman
[[email protected] ~]# tools-nsenter 7f16264f7ab4
[email protected]:/# date
Sun Nov 15 08:53:22 UTC 2015
[email protected]:/# ps
  PID TTY          TIME CMD
  216 ?        00:00:00 bash
  253 ?        00:00:00 ps
[email protected]:/# logout
[[email protected] ~]# 

这样以后就可以更方便的使用nsenter命令来连接容器来

---

五、删除容器

删除容器我们可以使用docker rm命令，被删除的容器需要是终止状态的

命令用法：docker rm [OPTIONS] CONTAINER [CONTINER...]。支持的参数有-f -l -v

-f, --force=false:强项终止并删除一个运行中的容器。

-l, --link=false:删除容器的连接，但保留容器。

-v, --volumes=false:删除容器挂载的数据卷。

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
b8971dc66962        debian              "/bin/bash"         9 seconds ago       Up 8 seconds                            agitated_chandrasekhar
[[email protected] ~]# docker rm b8971dc66962
Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
Error: failed to remove containers: [b8971dc66962]
[[email protected] ~]# docker rm -f b8971dc66962
b8971dc66962
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[[email protected] ~]# 

---

六、容器的迁移

Ⅰ、导出容器

导出容器是指一个已经创建的容器导出到一个文件，不管此时这个容器是否处于运行状态，可以使用docker export命令。

命令用法：docker export CONTAINER

[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[[email protected] ~]# docker run -t -i -d debian
0291b910e062dd348696386875f3e73e55a32366540bad1742f45bfcc987a455
[[email protected] ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
0291b910e062        debian              "/bin/bash"         2 seconds ago       Up 1 seconds                            gloomy_galileo
[[email protected] ~]# docker export 0291b910e062 > debian-2015_11_15.tar
[[email protected] ~]# ls -l debian-2015_11_15.tar
0644 -rw-r--r-- 1 root root 130947584 11月 15 09:16 debian-2015_11_15.tar
[[email protected] ~]# 

Ⅱ、导入容器

导入容器是指将一个指定的文件导入到容器，可以使用命令docker import。

命令用法：docker import CONTAINER

[[email protected] ~]# docker export 0291b910e062 > debian-2015_11_15.tar
[[email protected] ~]# ls -l debian-2015_11_15.tar
0644 -rw-r--r-- 1 root root 130947584 11月 15 09:16 debian-2015_11_15.tar
[[email protected] ~]# cat debian-2015_11_15.tar | docker import - runbash/debian:v1.0
0b1d5532571e3f829a2c90e7353262c1f6f18bf0cbdd1930fa324344bf5cebc8
[[email protected] ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
runbash/debian      v1.0                0b1d5532571e        13 seconds ago      125.1 MB
ubuntu              latest              d1b426312675        14 hours ago        286.2 MB
lookback/ubuntu     baseos              d1b426312675        14 hours ago        286.2 MB
ubuntu              14.04               e9ae3c220b23        5 days ago          187.9 MB
debian              latest              91bac885982d        5 days ago          125.1 MB
centos              6.7                 7e8fbd86f46d        4 weeks ago         190.6 MB
[[email protected] ~]#