docker命令分析--简介

---

作者： 耗子007

---

所有命令均基于docker1.11版本

docker命令

可以通过docker –help查看docker命令的所有功能描述。结果如下：

# docker --help
Usage: docker [OPTIONS] COMMAND [arg...]
       docker daemon [ --help | ... ]
       docker [ --help | -v | --version ]

A self-sufficient runtime for containers.

Options:

  --config=~/.docker              Location of client config files
  -D, --debug                     Enable debug mode
  -H, --host=[]                   Daemon socket(s) to connect to
  -h, --help                      Print usage
  -l, --log-level=info            Set the logging level
  --tls                           Use TLS; implied by --tlsverify
  --tlscacert=~/.docker/ca.pem    Trust certs signed only by this CA
  --tlscert=~/.docker/cert.pem    Path to TLS certificate file
  --tlskey=~/.docker/key.pem      Path to TLS key file
  --tlsverify                     Use TLS and verify the remote
  -v, --version                   Print version information and quit

Commands:
    accel     Manage docker accelerators
    attach    Attach to a running container
    build     Build an image from a Dockerfile
    commit    Create a new image from a container's changes
    cp        Copy files/folders between a container and the local filesystem
    create    Create a new container
    diff      Inspect changes on a container's filesystem
    events    Get real time events from the server
    exec      Run a command in a running container
    export    Export a container's filesystem as a tar archive
    history   Show the history of an image
    images    List images
    import    Import the contents from a tarball to create a filesystem image
    info      Display system-wide information
    inspect   Return low-level information on a container or image
    kill      Kill a running container
    load      Load an image from a tar archive or STDIN
    login     Log in to a Docker registry
    logout    Log out from a Docker registry
    logs      Fetch the logs of a container
    network   Manage Docker networks
    pause     Pause all processes within a container
    port      List port mappings or a specific mapping for the CONTAINER
    ps        List containers
    pull      Pull an image or a repository from a registry
    push      Push an image or a repository to a registry
    rename    Rename a container
    restart   Restart a container
    rm        Remove one or more containers
    rmi       Remove one or more images
    run       Run a command in a new container
    save      Save one or more images to a tar archive
    search    Search the Docker Hub for images
    start     Start one or more stopped containers
    stats     Display a live stream of container(s) resource usage statistics
    stop      Stop a running container
    tag       Tag an image into a repository
    top       Display the running processes of a container
    unpause   Unpause all processes within a container
    update    Update configuration of one or more containers
    version   Show the Docker version information
    volume    Manage Docker volumes
    wait      Block until a container stops, then print its exit code

Run 'docker COMMAND --help' for more information on a command.

第一步，先介绍一下docker命令的基本格式和用法；然后，分析docker命令涉及的选项options、环境变量以及配置文件；而docker的子命令在后续的文章中详细描述。
需要注意，三种配置优先级：

• 命令选项options优先于环境变量和配置文件
• 环境变量优先于配置文件

docker命令格式

# docker --help
Usage: docker [OPTIONS] COMMAND [arg...]
       docker daemon [ --help | ... ]
       docker [ --help | -v | --version ]

命令选项

Options:

  --config=~/.docker              client配置文件的路径
  -D, --debug                     使能debug模式
  -H, --host=[]                   docker daemon的socket文件路径
  -h, --help                      帮助手册
  -l, --log-level=info            设置日志级别
  --tls                           Use TLS; implied by --tlsverify
  --tlscacert=~/.docker/ca.pem    Trust certs signed only by this CA
  --tlscert=~/.docker/cert.pem    Path to TLS certificate file
  --tlskey=~/.docker/key.pem      Path to TLS key file
  --tlsverify                     Use TLS and verify the remote
  -v, --version                   打印版本信息

环境变量

docker命令行直接支持如下环境变量：

• DOCKER_API_VERSION – docker的API版本(例如：1.23)
• DOCKER_CONFIG – client的配置文件路径
• DOCKER_CERT_PATH – 证书的文件路径
• DOCKER_DRIVER – 镜像驱动使用
• DOCKER_HOST – docker daemon的socket文件路径
• DOCKER_NOWARN_KERNEL_VERSION – 忽略Linux内核不适配Docker的警告
• DOCKER_RAMDISK – If set this will disable ‘pivot_root’.
• DOCKER_TLS_VERIFY – 设置是否使用TLS并验证远端服务
• DOCKER_CONTENT_TRUST – When set Docker uses notary to sign and verify images. Equates to –disable-content-trust=false for build, create, pull, push, run.
• DOCKER_CONTENT_TRUST_SERVER – The URL of the Notary server to use. This defaults to the same URL as the registry.
• DOCKER_TMPDIR – docker临时文件存放路径

由于Docker是用go开发的，所以Docker可以使用go runtime的所有环境变量，例如：

• HTTP_PROXY
• HTTPS_PROXY
• NO_PROXY

注：在给Docker配置代理的时候，如果docker是用systemd启动的话，直接配置全局代理可能无效。可以使用如下方式：

	mkdir /etc/systemd/system/docker.service.d
	touch /etc/systemd/system/docker.service.d/http-proxy.conf
添加
	[Service] Environment="HTTP_PROXY=http://proxy.example.com:80/"
	或者
	Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"

刷新配置：sudo systemctl daemon-reload
验证配置是否成功：systemctl show --property=Environment docker
重启docker服务：sudo systemctl restart docker

配置文件

除了，环境变量，Docker也支持通过配置文件的方式设置一些值。配置文件默认的位置是~/.docker/，可以通过两个方式修改：

• 设置环境变量DOCKER_CONFIG
• 设置docker命令选项–config

除了config.json，配置文件目录下面其他的文件最好不好修改。config.json的配置项对应环境变量和命令行的选项的功能。
config.json包含很多配置项，这里只测试一下detachKeys：离开一个容器但是保持容器运行的快捷键，默认是ctrl+p,ctrl+q。这里把它修改为ctrl+e,e.

# cat testconfig/config.json
{
	"detachKeys": "ctrl-e,e"
}
//加载配置文件
# docker --config ~/testconfig/ attach a03840eb1632

这样ctrl+e,e就可以离开容器并保持容器继续运行了。

子命令

后续的文章会把docker的子命令分为五类分析：

• 镜像相关
• 容器相关
• 维测相关
• 组件相关
• 其他