docker入门级详解

Docker

1 docker安装

yum install docker

[[email protected] ~]# systemctl start docker
[[email protected] ~]# mkdir -p /etc/docker 
[[email protected] ~]# vim /etc/docker/daemon.json #配置阿里云镜像加速

{
"registry-mirrors": ["XXXXXXXXXXXXXXXX"]
}
[[email protected] ~]# systemctl daemon-reload #加载配置文件 [[email protected] ~]# systemctl restart docker #重启
[[email protected] ~]#

 

2 docker命令

2.1 docker帮助命令

  • docker version

     1 [[email protected] ~]# docker version
     2 Client:
     3  Version:         1.13.1
     4  API version:     1.26
     5  Package version: docker-1.13.1-103.git7f2769b.el7.centos.x86_64
     6  Go version:      go1.10.3
     7  Git commit:      7f2769b/1.13.1
     8  Built:           Sun Sep 15 14:06:47 2019
     9  OS/Arch:         linux/amd64
    10 ​
    11 Server:
    12  Version:         1.13.1
    13  API version:     1.26 (minimum version 1.12)
    14  Package version: docker-1.13.1-103.git7f2769b.el7.centos.x86_64
    15  Go version:      go1.10.3
    16  Git commit:      7f2769b/1.13.1
    17  Built:           Sun Sep 15 14:06:47 2019
    18  OS/Arch:         linux/amd64
    19  Experimental:    false
    20 [[email protected] ~]#

     

     
  • docker info

     1 [[email protected] ~]# docker info
     2 Containers: 1
     3  Running: 0
     4  Paused: 0
     5  Stopped: 1
     6 Images: 1
     7 Server Version: 1.13.1
     8 Storage Driver: overlay2
     9  Backing Filesystem: xfs
    10  Supports d_type: true
    11  Native Overlay Diff: true
    12 Logging Driver: journald
    13 Cgroup Driver: systemd
    14 Plugins:
    15  Volume: local
    16  Network: bridge host macvlan null overlay
    17 Swarm: inactive
    18 Runtimes: docker-runc runc
    19 Default Runtime: docker-runc
    20 Init Binary: /usr/libexec/docker/docker-init-current
    21 containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
    22 runc version: 9c3c5f853ebf0ffac0d087e94daef462133b69c7 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
    23 init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
    24 Security Options:
    25  seccomp
    26   WARNING: You're not using the default seccomp profile
    27   Profile: /etc/docker/seccomp.json
    28  selinux
    29 Kernel Version: 3.10.0-957.el7.x86_64
    30 Operating System: CentOS Linux 7 (Core)
    31 OSType: linux
    32 Architecture: x86_64
    33 Number of Docker Hooks: 3
    34 CPUs: 4
    35 Total Memory: 1.777 GiB
    36 Name: topcheer
    37 ID: SR5A:YSH6:3YGH:YEZ4:PWLB:EEVE:3L5S:Z5AR:ARIA:SDGX:CZI5:MJ7O
    38 Docker Root Dir: /var/lib/docker
    39 Debug Mode (client): false
    40 Debug Mode (server): false
    41 Registry: https://index.docker.io/v1/
    42 Experimental: false
    43 Insecure Registries:
    44  127.0.0.0/8
    45 Registry Mirrors:
    46  https://lara9y80.mirror.aliyuncs.com
    47 Live Restore Enabled: false
    48 Registries: docker.io (secure)
    49 [[email protected] ~]#

     

  • docker --help

    [[email protected] ~]# docker --help
    ​
    Usage:  docker COMMAND
    ​
    A self-sufficient runtime for containers
    ​
    Options:
          --config string      Location of client config files (default "/root/.docker")
      -D, --debug              Enable debug mode
          --help               Print usage
      -H, --host list          Daemon socket(s) to connect to (default [])
      -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
          --tls                Use TLS; implied by --tlsverify
          --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
          --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
          --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
          --tlsverify          Use TLS and verify the remote
      -v, --version            Print version information and quit
    ​
    Management Commands:
      container   Manage containers
      image       Manage images
      network     Manage networks
      node        Manage Swarm nodes
      plugin      Manage plugins
      secret      Manage Docker secrets
      service     Manage services
      stack       Manage Docker stacks
      swarm       Manage Swarm
      system      Manage Docker
      volume      Manage volumes
    ​
    Commands:
      attach      Attach to a running container
      build       Build an image from a Dockerfile
      commit      Create a new image from a container's changes
      cp          Copy files/folders between a container and the local filesystem
      create      Create a new container
      diff        Inspect changes on a container's filesystem
      events      Get real time events from the server
      exec        Run a command in a running container
      export      Export a container's filesystem as a tar archive
      history     Show the history of an image
      images      List images
      import      Import the contents from a tarball to create a filesystem image
      info        Display system-wide information
      inspect     Return low-level information on Docker objects
      kill        Kill one or more running containers
      load        Load an image from a tar archive or STDIN
      login       Log in to a Docker registry
      logout      Log out from a Docker registry
      logs        Fetch the logs of a container
      pause       Pause all processes within one or more containers
      port        List port mappings or a specific mapping for the container
      ps          List containers
      pull        Pull an image or a repository from a registry
      push        Push an image or a repository to a registry
      rename      Rename a container
      restart     Restart one or more containers
      rm          Remove one or more containers
      rmi         Remove one or more images
      run         Run a command in a new container
      save        Save one or more images to a tar archive (streamed to STDOUT by default)
      search      Search the Docker Hub for images
      start       Start one or more stopped containers
      stats       Display a live stream of container(s) resource usage statistics
      stop        Stop one or more running containers
      tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
      top         Display the running processes of a container
      unpause     Unpause all processes within one or more containers
      update      Update configuration of one or more containers
      version     Show the Docker version information
      wait        Block until one or more containers stop, then print their exit codes
    ​
    Run 'docker COMMAND --help' for more information on a command.
    [[email protected] ~]#

     

2.2 镜像命令

  • docker images

    [[email protected] ~]# docker images
    REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
    docker.io/hello-world   latest              fce289e99eb9        8 months ago        1.84 kB
    [[email protected] ~]#
    REPOSITORY:表示镜像的仓库源
    TAG:镜像的标签
    IMAGE ID:镜像ID
    CREATED:镜像创建时间
    SIZE:镜像大小
     同一仓库源可以有多个 TAG,代表这个仓库源的不同个版本,我们使用 REPOSITORY:TAG 来定义不同的镜像。
    如果你不指定一个镜像的版本标签,例如你只使用 ubuntu,docker 将默认使用 ubuntu:latest 镜像
  • docker search

     
    [[email protected] ~]# docker search redis
    INDEX       NAME                                       DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
    docker.io   docker.io/redis                            Redis is an open source key-value store th...   7342      [OK]
    docker.io   docker.io/bitnami/redis                    Bitnami Redis Docker Image                      127                  [OK]
    docker.io   docker.io/sameersbn/redis                                                                  77                   [OK]
    docker.io   docker.io/grokzen/redis-cluster            Redis cluster 3.0, 3.2, 4.0 & 5.0               56
    docker.io   docker.io/rediscommander/redis-commander   Alpine image for redis-commander - Redis m...   31                   [OK]
    docker.io   docker.io/kubeguide/redis-master           redis-master with "Hello World!"                29
    docker.io   docker.io/redislabs/redis                  Clustered in-memory database engine compat...   23
    docker.io   docker.io/arm32v7/redis                    Redis is an open source key-value store th...   17
    docker.io   docker.io/redislabs/redisearch             Redis With the RedisSearch module pre-load...   17
    docker.io   docker.io/oliver006/redis_exporter          Prometheus Exporter for Redis Metrics. Su...   15
    docker.io   docker.io/webhippie/redis                  Docker images for Redis                         10                   [OK]
    docker.io   docker.io/s7anley/redis-sentinel-docker    Redis Sentinel                                  9                    [OK]
    docker.io   docker.io/insready/redis-stat              Docker image for the real-time Redis monit...   8                    [OK]
    docker.io   docker.io/redislabs/redisgraph             A graph database module for Redis               8                    [OK]
    docker.io   docker.io/arm64v8/redis                    Redis is an open source key-value store th...   6
    docker.io   docker.io/bitnami/redis-sentinel           Bitnami Docker Image for Redis Sentinel         6                    [OK]
    docker.io   docker.io/centos/redis-32-centos7          Redis in-memory data structure store, used...   4
    docker.io   docker.io/redislabs/redismod               An automated build of redismod - latest Re...   4                    [OK]
    docker.io   docker.io/circleci/redis                   CircleCI images for Redis                       2                    [OK]
    docker.io   docker.io/frodenas/redis                   A Docker Image for Redis                        2                    [OK]
    docker.io   docker.io/runnable/redis-stunnel           stunnel to redis provided by linking conta...   1                    [OK]
    docker.io   docker.io/tiredofit/redis                  Redis Server w/ Zabbix monitoring and S6 O...   1                    [OK]
    docker.io   docker.io/wodby/redis                      Redis container image with orchestration        1                    [OK]
    docker.io   docker.io/cflondonservices/redis           Docker image for running redis                  0
    docker.io   docker.io/xetamus/redis-resource           forked redis-resource                           0                    [OK]
    [[email protected] ~]#
  • docker pull

    [[email protected] ~]# docker pull  docker.io/redis
    Using default tag: latest
    Trying to pull repository docker.io/library/redis ...
    latest: Pulling from docker.io/library/redis
    b8f262c62ec6: Pull complete
    93789b5343a5: Pull complete
    49cdbb315637: Pull complete
    2c1ff453e5c9: Pull complete
    9341ee0a5d4a: Pull complete
    770829e1df34: Pull complete
    Digest: sha256:5dcccb533dc0deacce4a02fe9035134576368452db0b4323b98a4b2ba2d3b302
    Status: Downloaded newer image for docker.io/redis:latest
    [[email protected] ~]# docker images
    REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
    docker.io/redis         latest              63130206b0fa        9 days ago          98.2 MB
    docker.io/hello-world   latest              fce289e99eb9        8 months ago        1.84 kB
    [[email protected] ~]#
  • docker rmi

    [[email protected] ~]# docker rmi 63130206b0fa
    Untagged: docker.io/redis:latest
    Untagged: docker.io/[email protected]:5dcccb533dc0deacce4a02fe9035134576368452db0b4323b98a4b2ba2d3b302
    Deleted: sha256:63130206b0fa808e4545a0cb4a1f14f6d40b8a7e2e6fda0a31fd326c2ac0971c
    Deleted: sha256:9476758634326bb436208264d0541e9a0d42e4add35d00c2a7408f810223013d
    Deleted: sha256:0f3d9de16a216bfa5e2c2bd0e3c2ba83afec01a1b326d9f39a5ea7aecc112baf
    Deleted: sha256:452d665d4efca3e6067c89a332c878437d250312719f9ea8fff8c0e350b6e471
    Deleted: sha256:d6aec371927a9d4bfe4df4ee8e510624549fc08bc60871ce1f145997f49d4d37
    Deleted: sha256:2957e0a13c30e89650dd6c00644c04aa87ce516284c76a67c4b32cbb877de178
    Deleted: sha256:2db44bce66cde56fca25aeeb7d09dc924b748e3adfe58c9cc3eb2bd2f68a1b68
    [[email protected] ~]# docker images
    REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
    docker.io/hello-world   latest              fce289e99eb9        8 months ago        1.84 kB
    [[email protected] ~]#

     

2.3 容器命令

  • docker run

    OPTIONS说明(常用):有些是一个减号,有些是两个减号
     
    --name="容器新名字": 为容器指定一个名称;
    -d: 后台运行容器,并返回容器ID,也即启动守护式容器;
    -i:以交互模式运行容器,通常与 -t 同时使用;
    -t:为容器重新分配一个伪输入终端,通常与 -i 同时使用;
    -P: 随机端口映射;
    -p: 指定端口映射,有以下四种格式
          ip:hostPort:containerPort
          ip::containerPort
          hostPort:containerPort
          containerPort
          
    [[email protected] ~]# docker run -it centos /bin/bash
    [[email protected] /]# cd /
    [[email protected] /]# ll

     

  • docker ps

    OPTIONS说明(常用):
     
    -a :列出当前所有正在运行的容器+历史上运行过的
    -l :显示最近创建的容器。
    -n:显示最近n个创建的容器。
    -q :静默模式,只显示容器编号。
    --no-trunc :不截断输出。
    退出容器 exit:容器停止退出 crtl p q容器不停止退出
    [[email protected] ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
    3d2a94b63807        centos              "/bin/bash"         3 minutes ago       Up 3 minutes                            nostalgic_darwin
    [[email protected] ~]#
  • docker stop

    [email protected] ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
    3d2a94b63807        centos              "/bin/bash"         3 minutes ago       Up 3 minutes                            nostalgic_darwin
    [[email protected] ~]# docker stop 3d2a94b63807
    3d2a94b63807
  • docker start

    [[email protected] ~]# docker start 3d2a94b63807
    3d2a94b63807
    [[email protected] ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
    3d2a94b63807        centos              "/bin/bash"         6 minutes ago       Up 17 seconds                           nostalgic_darwin
    [[email protected] ~]#​
  • docker rm

    [[email protected] ~]# docker rm -f $(docker ps -a -q)
    3d2a94b63807
    299b22d3d143
    [[email protected] ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
    [[email protected] ~]#​
  • docker run -d

    [[email protected] ~]# docker run -d centos
    3c618cadb296fd013384201958f175085395a505a0aa1f7727e3c24b744b0b7f
    [[email protected] ~]#
     
    问题:然后docker ps -a 进行查看, 会发现容器已经退出
    很重要的要说明的一点: Docker容器后台运行,就必须有一个前台进程.
    容器运行的命令如果不是那些一直挂起的命令(比如运行top,tail),就是会自动退出的。
     
    这个是docker的机制问题,比如你的web容器,我们以nginx为例,正常情况下,我们配置启动服务只需要启动响应的service即可。例如
    service nginx start
    但是,这样做,nginx为后台进程模式运行,就导致docker前台没有运行的应用,
    这样的容器后台启动后,会立即自杀因为他觉得他没事可做了.
    所以,最佳的解决方案是,将你要运行的程序以前台进程的形式运行

     

  • docker logs

    *   -t 是加入时间戳
    *   -f 跟随最新的日志打印
    *   --tail 数字 显示最后多少条
    [[email protected] ~]# docker run -d centos /bin/sh -c "while true;do echo hello zzyy;sleep 2;done"
    6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667
    [[email protected] ~]# docker ps -a
    CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                          PORTS               NAMES
    6c4bb3ce4c35        centos              "/bin/sh -c 'while..."   6 seconds ago        Up 4 seconds                                        eloquent_shannon
    3c618cadb296        centos              "/bin/bash"              About a minute ago   Exited (0) About a minute ago                       upbeat_jepsen
    [[email protected] ~]# docker logs -f -t --tail 6c4bb3ce4c35
    "docker logs" requires exactly 1 argument(s).
    See 'docker logs --help'.
    ​
    Usage:  docker logs [OPTIONS] CONTAINER
    ​
    Fetch the logs of a container
    [[email protected] ~]# docker ps -a
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
    6c4bb3ce4c35        centos              "/bin/sh -c 'while..."   47 seconds ago      Up 46 seconds                                  eloquent_shannon
    3c618cadb296        centos              "/bin/bash"              2 minutes ago       Exited (0) 2 minutes ago                       upbeat_jepsen
    [[email protected] ~]# docker logs -tf --tail10  6c4bb3ce4c35
    unknown flag: --tail10
    See 'docker logs --help'.
    [[email protected] ~]# docker logs -tf --tail 10  6c4bb3ce4c35
    2019-09-22T10:23:14.595414000Z hello zzyy
    2019-09-22T10:23:16.597109000Z hello zzyy
    2019-09-22T10:23:18.600019000Z hello zzyy
    2019-09-22T10:23:20.602673000Z hello zzyy
    2019-09-22T10:23:22.605026000Z hello zzyy
    2019-09-22T10:23:24.625059000Z hello zzyy
     
  • docker top 查看容器内运行的进程

    [[email protected] ~]# docker top 6c4bb3ce4c35
    UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
    root                116050              116030              0                   18:21               ?                   00:00:00            /bin/sh -c while true;do echo hello zzyy;sleep 2;done
    root                116250              116050              2                   18:25               ?                   00:00:00            sleep 2
    [[email protected] ~]#
    ​

     

  • docker inspect 查看容器内部细节

    [[email protected] ~]# docker inspect 6c4bb3ce4c35
    [
        {
            "Id": "6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667",
            "Created": "2019-09-22T10:21:57.924998005Z",
            "Path": "/bin/sh",
            "Args": [
                "-c",
                "while true;do echo hello zzyy;sleep 2;done"
            ],
            "State": {
                "Status": "running",
                "Running": true,
                "Paused": false,
                "Restarting": false,
                "OOMKilled": false,
                "Dead": false,
                "Pid": 116050,
                "ExitCode": 0,
                "Error": "",
                "StartedAt": "2019-09-22T10:21:58.43216616Z",
                "FinishedAt": "0001-01-01T00:00:00Z"
            },
            "Image": "sha256:67fa590cfc1c207c30b837528373f819f6262c884b7e69118d060a0c04d70ab8",
            "ResolvConfPath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/resolv.conf",
            "HostnamePath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/hostname",
            "HostsPath": "/var/lib/docker/containers/6c4bb3ce4c35a5380b553e686b806a1581bfb8dd0a115f63fa9b14da6195e667/hosts",
            "LogPath": "",
            "Name": "/eloquent_shannon",
            "RestartCount": 0,
            "Driver": "overlay2",
            "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c71,c940",
            "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c71,c940",
            "AppArmorProfile": "",
            "ExecIDs": null,
            "HostConfig": {
                "Binds": null,
                "ContainerIDFile": "",
                "LogConfig": {
                    "Type": "journald",
                    "Config": {}
                },
                "NetworkMode": "default",
                "PortBindings": {},
                "RestartPolicy": {
                    "Name": "no",
                    "MaximumRetryCount": 0
                },
                "AutoRemove": false,
                "VolumeDriver": "",
                "VolumesFrom": null,
                "CapAdd": null,
                "CapDrop": null,
                "Dns": [],
                "DnsOptions": [],
                "DnsSearch": [],
                "ExtraHosts": null,
                "GroupAdd": null,
                "IpcMode": "",
                "Cgroup": "",
                "Links": null,
                "OomScoreAdj": 0,
                "PidMode": "",
                "Privileged": false,
                "PublishAllPorts": false,
                "ReadonlyRootfs": false,
                "SecurityOpt": null,
                "UTSMode": "",
                "UsernsMode": "",
                "ShmSize": 67108864,
                "Runtime": "docker-runc",
                "ConsoleSize": [
                    0,
                    0
                ],
                "Isolation": "",
                "CpuShares": 0,
                "Memory": 0,
                "NanoCpus": 0,
                "CgroupParent": "",
                "BlkioWeight": 0,
                "BlkioWeightDevice": null,
                "BlkioDeviceReadBps": null,
                "BlkioDeviceWriteBps": null,
                "BlkioDeviceReadIOps": null,
                "BlkioDeviceWriteIOps": null,
                "CpuPeriod": 0,
                "CpuQuota": 0,
                "CpuRealtimePeriod": 0,
                "CpuRealtimeRuntime": 0,
                "CpusetCpus": "",
                "CpusetMems": "",
                "Devices": [],
                "DiskQuota": 0,
                "KernelMemory": 0,
                "MemoryReservation": 0,
                "MemorySwap": 0,
                "MemorySwappiness": -1,
                "OomKillDisable": false,
                "PidsLimit": 0,
                "Ulimits": null,
                "CpuCount": 0,
                "CpuPercent": 0,
                "IOMaximumIOps": 0,
                "IOMaximumBandwidth": 0
            },
            "GraphDriver": {
                "Name": "overlay2",
                "Data": {
                    "LowerDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff",
                    "MergedDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/merged",
                    "UpperDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/diff",
                    "WorkDir": "/var/lib/docker/overlay2/d8d3dca6c9115b3c782bf358a744475e78f5e62b627cca79e10a34e754310933/work"
                }
            },
            "Mounts": [],
            "Config": {
                "Hostname": "6c4bb3ce4c35",
                "Domainname": "",
                "User": "",
                "AttachStdin": false,
                "AttachStdout": false,
                "AttachStderr": false,
                "Tty": false,
                "OpenStdin": false,
                "StdinOnce": false,
                "Env": [
                    "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
                ],
                "Cmd": [
                    "/bin/sh",
                    "-c",
                    "while true;do echo hello zzyy;sleep 2;done"
                ],
                "Image": "centos",
                "Volumes": null,
                "WorkingDir": "",
                "Entrypoint": null,
                "OnBuild": null,
                "Labels": {
                    "org.label-schema.build-date": "20190801",
                    "org.label-schema.license": "GPLv2",
                    "org.label-schema.name": "CentOS Base Image",
                    "org.label-schema.schema-version": "1.0",
                    "org.label-schema.vendor": "CentOS"
                }
            },
            "NetworkSettings": {
                "Bridge": "",
                "SandboxID": "d5f116b329f01e9bab7f985282fd568e379c8e7aa4fcc3677b9b025ded771149",
                "HairpinMode": false,
                "LinkLocalIPv6Address": "",
                "LinkLocalIPv6PrefixLen": 0,
                "Ports": {},
                "SandboxKey": "/var/run/docker/netns/d5f116b329f0",
                "SecondaryIPAddresses": null,
                "SecondaryIPv6Addresses": null,
                "EndpointID": "825091555bc0adfdf32667650884ec2b6274c44c787291870de32ec2cee8575b",
                "Gateway": "172.17.0.1",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "IPAddress": "172.17.0.2",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "MacAddress": "02:42:ac:11:00:02",
                "Networks": {
                    "bridge": {
                        "IPAMConfig": null,
                        "Links": null,
                        "Aliases": null,
                        "NetworkID": "fe000671b1b7f9a2e634f409bd33ada7bed50e818a28c1d9c8245aba67b1b625",
                        "EndpointID": "825091555bc0adfdf32667650884ec2b6274c44c787291870de32ec2cee8575b",
                        "Gateway": "172.17.0.1",
                        "IPAddress": "172.17.0.2",
                        "IPPrefixLen": 16,
                        "IPv6Gateway": "",
                        "GlobalIPv6Address": "",
                        "GlobalIPv6PrefixLen": 0,
                        "MacAddress": "02:42:ac:11:00:02"
                    }
                }
            }
        }
    ]
    [[email protected] ~]#

     

  • docker exec -it

    [[email protected] ~]# docker exec -it 6c4bb3ce4c35 /bin/bash
    [[email protected] /]# ll
    total 12
    -rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
    drwxr-xr-x.   5 root root   340 Sep 22 10:21 dev
    drwxr-xr-x.   1 root root    66 Sep 22 10:21 etc
    drwxr-xr-x.   2 root root     6 Apr 11  2018 home
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
    lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
    drwxr-xr-x.   2 root root     6 Apr 11  2018 media
    drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
    drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
    dr-xr-xr-x. 251 root root     0 Sep 22 10:21 proc
    dr-xr-x---.   2 root root   114 Aug  1 01:10 root
    drwxr-xr-x.   1 root root    21 Sep 22 10:21 run
    lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
    drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
    dr-xr-xr-x.  13 root root     0 Sep  2 01:15 sys
    drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
    drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
    drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
    [[email protected] /]#
    [[email protected] ~]# docker attach 6c4bb3ce4c35
    hello zzyy
    hello zzyy
    hello zzyy
    hello zzyy
    attach 直接进入容器启动命令的终端,不会启动新的进程
    exec 是在容器中打开新的终端,并且可以启动新的进程

     

  • docker cp docker cp 容器ID:容器内路径 目的主机路径

    [[email protected] ~]# docker cp 6c4bb3ce4c35:/tmp/yum.log /tmp/yum.log
    [[email protected] ~]# cd /tmp
    [[email protected] tmp]# ll
    总用量 144
    -rw-r--r--. 1 root root   1148 8月  31 18:29 anaconda.log
    drwxr-xr-x. 2 root root     18 8月  31 18:17 hsperfdata_root
    -rw-r--r--. 1 root root    415 8月  31 18:29 ifcfg.log
    -rwx------. 1 root root    836 8月  31 18:27 ks-script-zj2XPa
    -rw-r--r--. 1 root root      0 8月  31 18:28 packaging.log
    -rw-r--r--. 1 root root      0 8月  31 18:28 program.log
    -rw-r--r--. 1 root root      0 8月  31 18:28 sensitive-info.log
    drwx------. 2 wgr  wgr      25 8月  31 18:31 ssh-FYigK4SAU4OM
    drwx------. 2 wgr  wgr      25 9月   2 09:18 ssh-zKscLR1XtYju
    -rw-r--r--. 1 root root      0 8月  31 18:28 storage.log
    drwx------. 3 root root     17 8月  31 18:29 systemd-private-6a7934172f6c411fbf39074aa3902f99-bolt.service-Y8qrWS
    drwx------. 3 root root     17 8月  31 18:29 systemd-private-6a7934172f6c411fbf39074aa3902f99-colord.service-7Jig8H
    drwx------. 3 root root     17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-cups.service-bBt1J6
    drwx------. 3 root root     17 8月  31 18:31 systemd-private-6a7934172f6c411fbf39074aa3902f99-fwupd.service-Gm5QpN
    drwx------. 3 root root     17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-rtkit-daemon.service-VEQfTp
    drwx------. 3 root root     17 8月  31 18:31 systemd-private-6a7934172f6c411fbf39074aa3902f99-systemd-hostnamed.service-TulnOV
    drwx------. 3 root root     17 8月  31 18:28 systemd-private-6a7934172f6c411fbf39074aa3902f99-systemd-machined.service-Jxxmt6
    drwx------. 3 root root     17 9月   2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-bolt.service-LFuHXZ
    drwx------. 3 root root     17 9月   2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-colord.service-LRGmIL
    drwx------. 3 root root     17 9月   2 09:16 systemd-private-7b6d429e399747c496a317824a2e8642-cups.service-Qktpb4
    drwx------. 3 root root     17 9月   2 09:18 systemd-private-7b6d429e399747c496a317824a2e8642-fwupd.service-aSrZvk
    drwx------. 3 root root     17 9月   2 09:15 systemd-private-7b6d429e399747c496a317824a2e8642-rtkit-daemon.service-nW4tNf
    drwx------. 2 root root      6 9月  22 17:34 tmp.Bl496ZWqxn
    drwx------. 2 root root      6 9月  22 17:33 tmp.K31L5zqugc
    drwx------. 2 wgr  wgr       6 8月  31 18:31 tracker-extract-files.1000
    drwx------. 2 root root      6 9月   2 09:15 vmware-root_6298-692293416
    drwx------. 2 root root      6 8月  31 18:28 vmware-root_6346-994818392
    -rw-------. 1 root root      0 8月   1 09:09 yum.log
    -rw-------. 1 root root 133031 9月   2 09:19 yum_save_tx.2019-09-02.09-19.4iKsVG.yumtx
    [[email protected] tmp]#
    ​

     

    attach    Attach to a running container                 # 当前 shell 下 attach 连接指定运行镜像
    build     Build an image from a Dockerfile              # 通过 Dockerfile 定制镜像
    commit    Create a new image from a container changes   # 提交当前容器为新的镜像
    cp        Copy files/folders from the containers filesystem to the host path   #从容器中拷贝指定文件或者目录到宿主机中
    create    Create a new container                        # 创建一个新的容器,同 run,但不启动容器
    diff      Inspect changes on a container's filesystem   # 查看 docker 容器变化
    events    Get real time events from the server          # 从 docker 服务获取容器实时事件
    exec      Run a command in an existing container        # 在已存在的容器上运行命令
    export    Stream the contents of a container as a tar archive   # 导出容器的内容流作为一个 tar 归档文件[对应 import ]
    history   Show the history of an image                  # 展示一个镜像形成历史
    images    List images                                   # 列出系统当前镜像
    import    Create a new filesystem image from the contents of a tarball # 从tar包中的内容创建一个新的文件系统映像[对应export]
    info      Display system-wide information               # 显示系统相关信息
    inspect   Return low-level information on a container   # 查看容器详细信息
    kill      Kill a running container                      # kill 指定 docker 容器
    load      Load an image from a tar archive              # 从一个 tar 包中加载一个镜像[对应 save]
    login     Register or Login to the docker registry server    # 注册或者登陆一个 docker 源服务器
    logout    Log out from a Docker registry server          # 从当前 Docker registry 退出
    logs      Fetch the logs of a container                 # 输出当前容器日志信息
    port      Lookup the public-facing port which is NAT-ed to PRIVATE_PORT    # 查看映射端口对应的容器内部源端口
    pause     Pause all processes within a container        # 暂停容器
    ps        List containers                               # 列出容器列表
    pull      Pull an image or a repository from the docker registry server   # 从docker镜像源服务器拉取指定镜像或者库镜像
    push      Push an image or a repository to the docker registry server    # 推送指定镜像或者库镜像至docker源服务器
    restart   Restart a running container                   # 重启运行的容器
    rm        Remove one or more containers                 # 移除一个或者多个容器
    rmi       Remove one or more images             # 移除一个或多个镜像[无容器使用该镜像才可删除,否则需删除相关容器才可继续或 -f 强制删除]
    run       Run a command in a new container              # 创建一个新的容器并运行一个命令
    save      Save an image to a tar archive                # 保存一个镜像为一个 tar 包[对应 load]
    search    Search for an image on the Docker Hub         # 在 docker hub 中搜索镜像
    start     Start a stopped containers                    # 启动容器
    stop      Stop a running containers                     # 停止容器
    tag       Tag an image into a repository                # 给源中镜像打标签
    top       Lookup the running processes of a container   # 查看容器中运行的进程信息
    unpause   Unpause a paused container                    # 取消暂停容器
    version   Show the docker version information           # 查看 docker 版本号
    wait      Block until a container stops, then print its exit code   # 截取容器停止时的退出状态值

     

     

3 docker镜像

3.1 docker镜像是什么

UnionFS(联合文件系统):Union文件系统(UnionFS)是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下(unite several directories into a single virtual filesystem)。Union 文件系统是 Docker 镜像的基础。镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像。

特性:一次同时加载多个文件系统,但从外面看起来,只能看到一个文件系统,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录

docker镜像加载原理

docker的镜像实际上由一层一层的文件系统组成,这种层级的文件系统UnionFS。 bootfs(boot file system)主要包含bootloader和kernel, bootloader主要是引导加载kernel, Linux刚启动时会加载bootfs文件系统,在Docker镜像的最底层是bootfs。这一层与我们典型的Linux/Unix系统是一样的,包含boot加载器和内核。当boot加载完成之后整个内核就都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs。

rootfs (root file system) ,在bootfs之上。包含的就是典型 Linux 系统中的 /dev, /proc, /bin, /etc 等标准目录和文件。rootfs就是各种不同的操作系统发行版,比如Ubuntu,Centos等等。

平时我们安装进虚拟机的CentOS都是好几个G,为什么docker这里才200M??

对于一个精简的OS,rootfs可以很小,只需要包括最基本的命令、工具和程序库就可以了,因为底层直接用Host的kernel,自己只需要提供 rootfs 就行了。由此可见对于不同的linux发行版, bootfs基本是一致的, rootfs会有差别, 因此不同的发行版可以公用bootfs。

docker分层镜像

以我们的pull为例,在下载的过程中我们可以看到docker的镜像好像是在一层一层的在下载

最大的一个好处就是 - 共享资源

比如:有多个镜像都从相同的 base 镜像构建而来,那么宿主机只需在磁盘上保存一份base镜像, 同时内存中也只需加载一份 base 镜像,就可以为所有容器服务了。而且镜像的每一层都可以被共享。

特点

Docker镜像都是只读的 当容器启动时,一个新的可写层被加载到镜像的顶部。 这一层通常被称作“容器层”,“容器层”之下的都叫“镜像层”。

3.2 镜像的commit

docker commit -m=“提交的描述信息” -a=“作者” 容器ID 要创建的目标镜像名:[标签名]

  • 先拉取官方tomcat,运行

    [[email protected] tmp]# docker run -it -p 8888:8080 tomcat
    Using CATALINA_BASE:   /usr/local/tomcat
    Using CATALINA_HOME:   /usr/local/tomcat
    Using CATALINA_TMPDIR: /usr/local/tomcat/temp
    Using JRE_HOME:        /usr/local/openjdk-8
    Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
    22-Sep-2019 13:28:56.568 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.46
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Sep 16 2019 18:16:19 UTC
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.46.0
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            3.10.0-957.el7.x86_64
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
    22-Sep-2019 13:28:56.572 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/o
    -p 主机端口:docker容器端口
    -P 随机分配端口
    i:交互
    t:终端

     

  • 删除文件

    [[email protected] tmp]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
    5910b3a257ff        tomcat              "catalina.sh run"        3 minutes ago       Up 3 minutes        0.0.0.0:8888->8080/tcp   brave_knuth
    6c4bb3ce4c35        centos              "/bin/sh -c 'while..."   3 hours ago         Up 3 hours                                   eloquent_shannon
    [[email protected] tmp]# docker exec -it 5910b3a257ff /bin/bash
    [email protected]:/usr/local/tomcat# ll
    bash: ll: command not found
    [email protected]:/usr/local/tomcat# ls -l
    total 124
    -rw-r--r--. 1 root root  19318 Sep 16 18:19 BUILDING.txt
    -rw-r--r--. 1 root root   5407 Sep 16 18:19 CONTRIBUTING.md
    -rw-r--r--. 1 root root  57011 Sep 16 18:19 LICENSE
    -rw-r--r--. 1 root root   1726 Sep 16 18:19 NOTICE
    -rw-r--r--. 1 root root   3255 Sep 16 18:19 README.md
    -rw-r--r--. 1 root root   7139 Sep 16 18:19 RELEASE-NOTES
    -rw-r--r--. 1 root root  16262 Sep 16 18:19 RUNNING.txt
    drwxr-xr-x. 2 root root   4096 Sep 20 01:40 bin
    drwxr-sr-x. 1 root root     22 Sep 22 13:28 conf
    drwxr-sr-x. 2 root staff    78 Sep 20 01:40 include
    drwxr-xr-x. 2 root root   4096 Sep 20 01:40 lib
    drwxrwxrwx. 1 root root    177 Sep 22 13:28 logs
    drwxr-sr-x. 3 root staff   151 Sep 20 01:40 native-jni-lib
    drwxrwxrwx. 2 root root     30 Sep 20 01:40 temp
    drwxr-xr-x. 7 root root     81 Sep 16 18:17 webapps
    drwxrwxrwx. 1 root root     22 Sep 22 13:28 work
    [email protected]:/usr/local/tomcat#
    [email protected]:/usr/local/tomcat/webapps# ls -l
    total 8
    drwxr-xr-x.  3 root root 4096 Sep 20 01:40 ROOT
    drwxr-xr-x. 15 root root 4096 Sep 20 01:40 docs
    drwxr-xr-x.  6 root root   83 Sep 20 01:40 examples
    drwxr-xr-x.  5 root root   87 Sep 20 01:40 host-manager
    drwxr-xr-x.  5 root root  103 Sep 20 01:40 manager
    [email protected]:/usr/local/tomcat/webapps# rm -rf docs/
    [email protected]:/usr/local/tomcat/webapps#

  • 提交镜像

    [[email protected] tmp]# docker ps -l
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
    5910b3a257ff        tomcat              "catalina.sh run"   6 minutes ago       Up 6 minutes        0.0.0.0:8888->8080/tcp   brave_knuth
    [[email protected] tmp]# docker commit -a="wgr" -m "test del docs" 5910b3a257ff topcher/tomcat:1.0.1
    sha256:3d8737216a1e91c4b2f66a054eeb7e48031f5bff7a05a4a5ce4e5c519cc40084
    [[email protected] tmp]#
    [[email protected] tmp]# docker commit -a="wgr" -m "test del docs" 5910b3a257ff topcher/tomcat:1.0.1
    sha256:3d8737216a1e91c4b2f66a054eeb7e48031f5bff7a05a4a5ce4e5c519cc40084
    [[email protected] tmp]# docker images
    REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
    topcher/tomcat          1.0.1               3d8737216a1e        22 seconds ago      508 MB
    docker.io/tomcat        latest              8973f493aa0a        2 days ago          508 MB
    docker.io/centos        latest              67fa590cfc1c        4 weeks ago         202 MB
    docker.io/hello-world   latest              fce289e99eb9        8 months ago        1.84 kB
    [[email protected] tmp]#
    ​

     

  • 运行镜像

    [[email protected] tmp]# docker run -it -p 8080:8080 topcher/tomcat:1.0.1
    Using CATALINA_BASE:   /usr/local/tomcat
    Using CATALINA_HOME:   /usr/local/tomcat
    Using CATALINA_TMPDIR: /usr/local/tomcat/temp
    Using JRE_HOME:        /usr/local/openjdk-8
    Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
    22-Sep-2019 13:38:55.628 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.46
    22-Sep-2019 13:38:55.631 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Sep 16 2019 18:16:19 UTC
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.46.0
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            3.10.0-957.el7.x86_64
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/openjdk-8/jre
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_222-b10
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
    22-Sep-2019 13:38:55.632 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat

     

确实为刚刚commit的镜像

 

4 docker数据卷

4.1 理念

先来看看Docker的理念:

  • 将运用与运行的环境打包形成容器运行 ,运行可以伴随着容器,但是我们对数据的要求希望是持久化的

  • 容器之间希望有可能共享数据

Docker容器产生的数据,如果不通过docker commit生成新的镜像,使得数据做为镜像的一部分保存下来, 那么当容器删除后,数据自然也就没有了。

为了能保存数据在docker中我们使用卷。

4.2 作用

卷就是目录或文件,存在于一个或多个容器中,由docker挂载到容器,但不属于联合文件系统,因此能够绕过Union File System提供一些用于持续存储或共享数据的特性:

卷的设计目的就是数据的持久化,完全独立于容器的生存周期,因此Docker不会在容器删除时删除其挂载的数据卷

特点: 1:数据卷可在容器之间共享或重用数据 2:卷中的更改可以直接生效 3:数据卷中的更改不会包含在镜像的更新中 4:数据卷的生命周期一直持续到没有容器使用它为止

容器的持久化 有点类似我们Redis里面的rdb和aof文件

容器间继承+共享数据 类似Maven的父工程

4.3 通过命令添加数据卷

docker run -it -v /宿主机绝对路径目录:/容器内目录 镜像名

[[email protected] tmp]# docker run -it -v /wgrData:/containerData 67fa590cfc1c /bin/bash
[[email protected] /]# ls -l
total 12
-rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
drwxr-xr-x.   2 root root     6 Sep 22 13:50 containerData
drwxr-xr-x.   5 root root   360 Sep 22 13:50 dev
drwxr-xr-x.   1 root root    66 Sep 22 13:50 etc
drwxr-xr-x.   2 root root     6 Apr 11  2018 home
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
drwxr-xr-x.   2 root root     6 Apr 11  2018 media
drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
dr-xr-xr-x. 265 root root     0 Sep 22 13:50 proc
dr-xr-x---.   2 root root   114 Aug  1 01:10 root
drwxr-xr-x.   1 root root    21 Sep 22 13:50 run
lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
dr-xr-xr-x.  13 root root     0 Sep  2 01:15 sys
drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
[[email protected] /]# cd containerData/
[[email protected] containerData]# touch wgr.txt
touch: cannot touch 'wgr.txt': Permission denied
##后面说加参数,这边权限不够
[[email protected] /]# cd wgrData
[[email protected] wgrData]# ll
总用量 0
[[email protected] wgrData]# touch wgr.txt
[[email protected] wgrData]#
​
[[email protected] containerData]# ls -l
total 0
-rw-r--r--. 1 root root 0 Sep 22 13:50 wgr.txt
[[email protected] containerData]#

 

[[email protected] wgrData]# docker inspect a518695bb7bc
[
    {
        "Id": "a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d",
        "Created": "2019-09-22T13:50:02.271544718Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 126235,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-09-22T13:50:02.8043339Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:67fa590cfc1c207c30b837528373f819f6262c884b7e69118d060a0c04d70ab8",
        "ResolvConfPath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/hostname",
        "HostsPath": "/var/lib/docker/containers/a518695bb7bc4c72983d69351ac7d55f8ede9b104639646a8f19a7d22a6e965d/hosts",
        "LogPath": "",
        "Name": "/priceless_mccarthy",
        "RestartCount": 0,
        "Driver": "overlay2",
        "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c554,c859",
        "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c554,c859",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/wgrData:/containerData"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "docker-runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Name": "overlay2",
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff",
                "MergedDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/merged",
                "UpperDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/diff",
                "WorkDir": "/var/lib/docker/overlay2/5ec60cedcc924e4e1308efa93cff63dcdf046209923df890790fffe89906f52a/work"
            }
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/wgrData",
                "Destination": "/containerData",
                "Mode": "",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "a518695bb7bc",
            "Domainname": "",
            "User": "",
            "AttachStdin": true,
            "AttachStdout": true,
            "AttachStderr": true,
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": true,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/bash"
            ],
            "Image": "67fa590cfc1c",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "org.label-schema.build-date": "20190801",
                "org.label-schema.license": "GPLv2",
                "org.label-schema.name": "CentOS Base Image",
                "org.label-schema.schema-version": "1.0",
                "org.label-schema.vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "99fff9167aad470c7e05b16c4f0a7995a8b65ec62bbd8b547e526618f6ad426b",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/99fff9167aad",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "51a7cabaa6a8ec85f43faca98bb1f12ad8cdc7e7bc9c323aa689ec209b557405",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.5",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:05",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "fe000671b1b7f9a2e634f409bd33ada7bed50e818a28c1d9c8245aba67b1b625",
                    "EndpointID": "51a7cabaa6a8ec85f43faca98bb1f12ad8cdc7e7bc9c323aa689ec209b557405",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.5",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:05"
                }
            }
        }
    }
]
[[email protected] wgrData]#

 

4.4 测试

  • 容器停止退出后,主机修改后数据是否同步

    [[email protected] wgrData]# docker stop a518695bb7bc
    a518695bb7bc
    [[email protected] wgrData]# ll
    总用量 0
    -rw-r--r--. 1 root root 0 9月  22 21:50 wgr.txt
    [[email protected] wgrData]# vim wgr.txt
    [[email protected] wgrData]# docker ps -a
    CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                            PORTS                    NAMES
    a518695bb7bc        67fa590cfc1c           "/bin/bash"              13 minutes ago      Exited (137) About a minute ago                            priceless_mccarthy
    936835c7272b        topcher/tomcat:1.0.1   "catalina.sh run"        24 minutes ago      Up 24 minutes                     0.0.0.0:8080->8080/tcp   angry_northcutt
    5910b3a257ff        tomcat                 "catalina.sh run"        34 minutes ago      Up 34 minutes                     0.0.0.0:8888->8080/tcp   brave_knuth
    6c4bb3ce4c35        centos                 "/bin/sh -c 'while..."   3 hours ago         Up 3 hours                                                 eloquent_shannon
    [[email protected] wgrData]# docker start a518695bb7bc
    a518695bb7bc
    [[email protected] wgrData]# docker exec -it a518695bb7bc /bin/bash
    [[email protected] /]# ll
    total 12
    -rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
    drwxr-xr-x.   2 root root    21 Sep 22 14:02 containerData
    drwxr-xr-x.   5 root root   360 Sep 22 14:03 dev
    drwxr-xr-x.   1 root root    66 Sep 22 13:50 etc
    drwxr-xr-x.   2 root root     6 Apr 11  2018 home
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
    lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
    drwxr-xr-x.   2 root root     6 Apr 11  2018 media
    drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
    drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
    dr-xr-xr-x. 267 root root     0 Sep 22 14:03 proc
    dr-xr-x---.   2 root root   114 Aug  1 01:10 root
    drwxr-xr-x.   1 root root    21 Sep 22 13:50 run
    lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
    drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
    dr-xr-xr-x.  13 root root     0 Sep  2 01:15 sys
    drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
    drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
    drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
    [[email protected] /]# cd containerData/
    [[email protected] containerData]# ll
    total 4
    -rw-r--r--. 1 root root 8 Sep 22 14:02 wgr.txt
    [[email protected] containerData]# cat wgr.txt
    eqweqeq
    [[email protected] containerData]#

     

    添加权限

    [[email protected] wgrData]# docker run -it --privileged=true  -v /wgrData1:/containerData1 67fa590cfc1c /bin/bash
    [[email protected] /]# ll
    total 12
    -rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
    drwxr-xr-x.   2 root root     6 Sep 22 14:19 containerData1
    drwxr-xr-x.  15 root root  3120 Sep 22 14:19 dev
    drwxr-xr-x.   1 root root    66 Sep 22 14:19 etc
    drwxr-xr-x.   2 root root     6 Apr 11  2018 home
    lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
    lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
    drwxr-xr-x.   2 root root     6 Apr 11  2018 media
    drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
    drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
    dr-xr-xr-x. 272 root root     0 Sep 22 14:19 proc
    dr-xr-x---.   2 root root   114 Aug  1 01:10 root
    drwxr-xr-x.   1 root root    21 Sep 22 14:19 run
    lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
    drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
    dr-xr-xr-x.  13 root root     0 Sep  2 01:15 sys
    drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
    drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
    drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
    [[email protected] /]# cd containerData1/
    [[email protected] containerData1]# touch wgr.txt
    [[email protected] containerData1]#

     

     

    限制权限

    [[email protected] wgrData]# docker stop 936835c7272b
    936835c7272b
    [[email protected] wgrData]# docker run -it -v /wgrData2:/containerData2:ro 67fa590cfc1c /bin/bash
    [[email protected] /]#
    ​
    ​
     "Mounts": [
                {
                    "Type": "bind",
                    "Source": "/wgrData2",
                    "Destination": "/containerData2",
                    "Mode": "ro",
                    "RW": false,
                    "Propagation": "rprivate"
                }
            ],

     

4.5 Dockerfile添加

可在Dockerfile中使用VOLUME指令来给镜像添加一个或多个数据卷

[[email protected] mydocker]# vim Dockerfile
[[email protected] mydocker]# docker build -f Dockerfile -t wgr/centos .
Sending build context to Docker daemon 2.048 kB
Step 1/4 : FROM centos
 ---> 67fa590cfc1c
Step 2/4 : VOLUME /dataVolumeContainer1 /dataVolumeContainer2
 ---> Running in 1fece8932e92
 ---> 5c15da2cfe9a
Removing intermediate container 1fece8932e92
Step 3/4 : CMD echo "finished,--------success1"
 ---> Running in 708260afecce
 ---> 8039778cf467
Removing intermediate container 708260afecce
Step 4/4 : CMD /bin/bash
 ---> Running in 54e07ae3feb5
 ---> fb7e3d506043
Removing intermediate container 54e07ae3feb5
Successfully built fb7e3d506043
[[email protected] mydocker]# cat Dockerfile
# volume test
FROM centos
VOLUME ["/dataVolumeContainer1","/dataVolumeContainer2"]
CMD echo "finished,--------success1"
CMD /bin/bash
[[email protected] mydocker]#

 

[[email protected] mydocker]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED              SIZE
wgr/centos              latest              fb7e3d506043        About a minute ago   202 MB
mytomcat9               latest              6c243064a028        20 hours ago         749 MB
myip                    1.2                 00a0a1f80e36        20 hours ago         271 MB
myip                    latest              420c99c3b707        20 hours ago         271 MB
mycentosfile            1.1                 f022cd7b9017        20 hours ago         395 MB
topcher/tomcat          1.0.1               3d8737216a1e        23 hours ago         508 MB
docker.io/tomcat        latest              8973f493aa0a        3 days ago           508 MB
docker.io/centos        latest              67fa590cfc1c        4 weeks ago          202 MB
docker.io/hello-world   latest              fce289e99eb9        8 months ago         1.84 kB
[[email protected] mydocker]# docker run -it wgr/centos /bin/bash
[[email protected] /]# ll
total 12
-rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
drwxr-xr-x.   2 root root     6 Sep 23 12:52 dataVolumeContainer1
drwxr-xr-x.   2 root root     6 Sep 23 12:52 dataVolumeContainer2
drwxr-xr-x.   5 root root   360 Sep 23 12:52 dev
drwxr-xr-x.   1 root root    66 Sep 23 12:52 etc
drwxr-xr-x.   2 root root     6 Apr 11  2018 home
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
drwxr-xr-x.   2 root root     6 Apr 11  2018 media
drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
dr-xr-xr-x. 208 root root     0 Sep 23 12:52 proc
dr-xr-x---.   2 root root   114 Aug  1 01:10 root
drwxr-xr-x.   1 root root    21 Sep 23 12:52 run
lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
dr-xr-xr-x.  13 root root     0 Sep 23 12:25 sys
drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
[[email protected] /]# ll
total 12
-rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
drwxr-xr-x.   2 root root     6 Sep 23 12:52 dataVolumeContainer1
drwxr-xr-x.   2 root root     6 Sep 23 12:52 dataVolumeContainer2
drwxr-xr-x.   5 root root   360 Sep 23 12:52 dev
drwxr-xr-x.   1 root root    66 Sep 23 12:52 etc
drwxr-xr-x.   2 root root     6 Apr 11  2018 home
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
drwxr-xr-x.   2 root root     6 Apr 11  2018 media
drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
dr-xr-xr-x. 208 root root     0 Sep 23 12:52 proc
dr-xr-x---.   2 root root   114 Aug  1 01:10 root
drwxr-xr-x.   1 root root    21 Sep 23 12:52 run
lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
dr-xr-xr-x.  13 root root     0 Sep 23 12:25 sys
drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
[[email protected] /]# cd dataVolumeContainer
bash: cd: dataVolumeContainer: No such file or directory
[[email protected] /]# cd dataVolumeContainer1
[[email protected] dataVolumeContainer1]# ll
total 0
[[email protected] dataVolumeContainer1]# touch 1.txt
[[email protected] dataVolumeContainer1]#
[[email protected] dataVolumeContainer1]#
[[email protected] dataVolumeContainer1]# [[email protected] mydocker]#
[[email protected] mydocker]# docker inspect a63d98e5a625
[
    {
        "Id": "a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b",
        "Created": "2019-09-23T12:52:45.588897445Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 18139,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-09-23T12:52:49.795395625Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:fb7e3d506043d6ee7ca70b2dd2c18eb053d2a9fcc11b812c536f852a53d8c6cf",
        "ResolvConfPath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/hostname",
        "HostsPath": "/var/lib/docker/containers/a63d98e5a6256f77f457ae99346d6e6e2dc538c747a0ac5ed8632337694dd72b/hosts",
        "LogPath": "",
        "Name": "/stoic_lamport",
        "RestartCount": 0,
        "Driver": "overlay2",
        "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c816,c976",
        "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c816,c976",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "docker-runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Name": "overlay2",
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7-init/diff:/var/lib/docker/overlay2/7bc85336eb8ca768f43d8eb3d5f27bdf35fa99068be45c84622d18c0f87c90bd/diff",
                "MergedDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/merged",
                "UpperDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/diff",
                "WorkDir": "/var/lib/docker/overlay2/fc0dec9c7dd31f34f9d63168c5555aa9bdc85eaef29c562b65895bf26b068aa7/work"
            }
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "3cef2f791e18ba2f31798ef27ab1f066f012d5b4e2447e0d4cf2d15bb76af352",
                "Source": "/var/lib/docker/volumes/3cef2f791e18ba2f31798ef27ab1f066f012d5b4e2447e0d4cf2d15bb76af352/_data",
                "Destination": "/dataVolumeContainer2",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d",
                "Source": "/var/lib/docker/volumes/fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d/_data",
                "Destination": "/dataVolumeContainer1",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "a63d98e5a625",
            "Domainname": "",
            "User": "",
            "AttachStdin": true,
            "AttachStdout": true,
            "AttachStderr": true,
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": true,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/bash"
            ],
            "Image": "wgr/centos",
            "Volumes": {
                "/dataVolumeContainer1": {},
                "/dataVolumeContainer2": {}
            },
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "org.label-schema.build-date": "20190801",
                "org.label-schema.license": "GPLv2",
                "org.label-schema.name": "CentOS Base Image",
                "org.label-schema.schema-version": "1.0",
                "org.label-schema.vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "4bd5f69d0dffd043bb7948d327839f0ab92780a9e4aa74cc62e4555a47c35902",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/4bd5f69d0dff",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "69971af973442c794869f43d21a152b8530d648da8b1967e419fde7db0efac13",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "c7d7aaeb71644a84fdda020955a64ae3a2905c8369a08536c24c956bdba11b58",
                    "EndpointID": "69971af973442c794869f43d21a152b8530d648da8b1967e419fde7db0efac13",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03"
                }
            }
        }
    }
]
[[email protected] mydocker]# cd /var/lib/docker/volumes/fa71d12b3a7f55457b3f2f57ca72b0620ea234fd03fba760534480758183944d/_data
[[email protected] _data]# ll
总用量 0
-rw-r--r--. 1 root root 0 9月  23 20:53 1.txt
[[email protected] _data]#
​

 


Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied 解决办法:在挂载目录后多加一个--privileged=true参数即可

4.6 数据卷容器

4.6.1 概念

命名的容器挂载数据卷,其它容器通过挂载这个(父容器)实现数据共享,挂载数据卷的容器,称之为数据卷容器

4.6.2 实验

[[email protected] _data]# docker run -it --name dc02 --volumes-from  stoic_lamport  wgr/centos
[[email protected] /]# ll
total 12
-rw-r--r--.   1 root root 12090 Aug  1 01:10 anaconda-post.log
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 bin -> usr/bin
drwxr-xr-x.   2 root root    19 Sep 23 12:53 dataVolumeContainer1
drwxr-xr-x.   2 root root     6 Sep 23 12:52 dataVolumeContainer2
drwxr-xr-x.   5 root root   360 Sep 23 13:05 dev
drwxr-xr-x.   1 root root    66 Sep 23 13:05 etc
drwxr-xr-x.   2 root root     6 Apr 11  2018 home
lrwxrwxrwx.   1 root root     7 Aug  1 01:09 lib -> usr/lib
lrwxrwxrwx.   1 root root     9 Aug  1 01:09 lib64 -> usr/lib64
drwxr-xr-x.   2 root root     6 Apr 11  2018 media
drwxr-xr-x.   2 root root     6 Apr 11  2018 mnt
drwxr-xr-x.   2 root root     6 Apr 11  2018 opt
dr-xr-xr-x. 220 root root     0 Sep 23 13:05 proc
dr-xr-x---.   2 root root   114 Aug  1 01:10 root
drwxr-xr-x.   1 root root    21 Sep 23 13:05 run
lrwxrwxrwx.   1 root root     8 Aug  1 01:09 sbin -> usr/sbin
drwxr-xr-x.   2 root root     6 Apr 11  2018 srv
dr-xr-xr-x.  13 root root     0 Sep 23 12:25 sys
drwxrwxrwt.   7 root root   132 Aug  1 01:10 tmp
drwxr-xr-x.  13 root root   155 Aug  1 01:09 usr
drwxr-xr-x.  18 root root   238 Aug  1 01:09 var
[[email protected] /]# cd dataVolumeContainer1
[[email protected] dataVolumeContainer1]# ll
total 0
-rw-r--r--. 1 root root 0 Sep 23 12:53 1.txt
[[email protected] dataVolumeContainer1]#
[[email protected] /]# cd dataVolumeContainer2
[[email protected] dataVolumeContainer2]# ll
total 0
-rw-r--r--. 1 root root 0 Sep 23 13:06 2.txt
[[email protected] dataVolumeContainer2]#
[[email protected] ~]# docker run -it --name dc03 --volumes-from  stoic_lamport  wgr/centos
[[email protected] /]# cd /dataVolumeContainer2
[[email protected] dataVolumeContainer2]# ll
total 0
-rw-r--r--. 1 root root 0 Sep 23 13:06 2.txt
[[email protected] dataVolumeContainer2]#

 

结论:容器之间配置信息的传递,数据卷的生命周期一直持续到没有容器使用它为止

 

5 Dockerfile详解

 

Dockerfile是用来构建Docker镜像的构建文件,是由一系列命令和参数构成的脚本。

编写Dockerfile文件 --- docker build --- docker run

如图,centos为例

5.1 DockerFile构建过程解析

  • Dockerfile内容基础知识

    1:每条保留字指令都必须为大写字母且后面要跟随至少一个参数

    2:指令按照从上到下,顺序执行

    3:#表示注释

    4:每条指令都会创建一个新的镜像层,并对镜像进行提交

  • Docker执行Dockerfile的大致流程

    (1)docker从基础镜像运行一个容器

    (2)执行一条指令并对容器作出修改

    (3)执行类似docker commit的操作提交一个新的镜像层

    (4)docker再基于刚提交的镜像运行一个新容器

    (5)执行dockerfile中的下一条指令直到所有指令都执行完成

  • 总结

    从应用软件的角度来看,Dockerfile、Docker镜像与Docker容器分别代表软件的三个不同阶段,

    • Dockerfile是软件的原材料

    • Docker镜像是软件的交付品

    • Docker容器则可以认为是软件的运行态。 Dockerfile面向开发,Docker镜像成为交付标准,Docker容器则涉及部署与运维,三者缺一不可,合力充当Docker体系的基石。

1 Dockerfile,需要定义一个Dockerfile,Dockerfile定义了进程需要的一切东西。Dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道,这时需要考虑如何设计namespace的权限控制)等等;

2 Docker镜像,在用Dockerfile定义一个文件之后,docker build时会产生一个Docker镜像,当运行 Docker镜像时,会真正开始提供服务;

3 Docker容器,容器是直接提供服务的。

5.2 Dockerfile指令

                                 

FROM基础镜像,当前新镜像是基于哪个镜像的
MAINTAINER 镜像维护者的姓名和邮箱地址
RUN 容器构建时需要运行的命令
EXPOSE 当前容器对外暴露出的端口
WORKDIR 指定在创建容器后,终端默认登陆的进来工作目录,一个落脚点
ENV 用来在构建镜像过程中设置环境变量
ADD 将宿主机目录下的文件拷贝进镜像且ADD命令会自动处理URL和解压tar压缩包
COPY 类似ADD,拷贝文件和目录到镜像中。 将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置
VOLUME 容器数据卷,用于数据保存和持久化工作
CMD Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后的参数替换
ENTRYPOINT ENTRYPOINT 的目的和 CMD 一样,都是在指定容器启动程序及参数
ONBUILD 当构建一个被继承的Dockerfile时运行命令,父镜像在被子继承后父镜像的onbuild被触发

注:Docker Hub 中 99% 的镜像都是通过在 base 镜像中安装和配置需要的软件构建出来的

5.3 制作案例--自定义镜像mycentos

自定义mycentos目的使我们自己的镜像具备如下: 登陆后的默认路径 vim编辑器 查看网络配置ifconfig支持

  • 编写Dockerfile

    FROM centos
    MAINTAINER wgr<[email protected]>
     
    ENV MYPATH /usr/local
    WORKDIR $MYPATH
     
    RUN yum -y install vim
    RUN yum -y install net-tools
     
    EXPOSE 80
     
    CMD echo $MYPATH
    CMD echo "success--------------ok"
    CMD /bin/bash

     

  • 开始构建

    [[email protected] myfile]# docker build -t mycentosfile:1.1 .
    Sending build context to Docker daemon 2.048 kB
    Step 1/10 : FROM centos
     ---> 67fa590cfc1c
    Step 2/10 : MAINTAINER wgr<[email protected]>
     ---> Running in 1f88baf9b360
     ---> 871c31a91729
    Removing intermediate container 1f88baf9b360
    Step 3/10 : ENV MYPATH /usr/local
     ---> Running in b069dd98cebf
     ---> 084266f310f4
    Removing intermediate container b069dd98cebf
    Step 4/10 : WORKDIR $MYPATH
     ---> 4d957d2ce926
    Removing intermediate container fe5768a9a5b5
    Step 5/10 : RUN yum -y install vim
     ---> Running in fd8a0b061957
    ​
    Loaded plugins: fastestmirror, ovl
    Determining fastest mirrors
     * base: mirror.jdcloud.com
     * extras: centos.ustc.edu.cn
     * updates: centos.ustc.edu.cn
    Resolving Dependencies
    --> Running transaction check
    ---> Package vim-enhanced.x86_64 2:7.4.629-6.el7 will be installed
    --> Processing Dependency: vim-common = 2:7.4.629-6.el7 for package: 2:vim-enhanced-7.4.629-6.el7.x86_64
    --> Processing Dependency: which for package: 2:vim-enhanced-7.4.629-6.el7.x86_64
    --> Processing Dependency: perl(:MODULE_COMPAT_5.16.3) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64
    --> Processing Dependency: libperl.so()(64bit) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64
    --> Processing Dependency: libgpm.so.2()(64bit) for package: 2:vim-enhanced-7.4.629-6.el7.x86_64
    --> Running transaction check
    ---> Package gpm-libs.x86_64 0:1.20.7-6.el7 will be installed
    .....................
    ​
    Complete!
     ---> 67a4329fa503
    Removing intermediate container e92c8b523c7c
    Step 7/10 : EXPOSE 80
     ---> Running in bf6935680423
     ---> e47d782ab0f5
    Removing intermediate container bf6935680423
    Step 8/10 : CMD echo $MYPATH
     ---> Running in e0c51d8c13ba
     ---> 850284459ab5
    Removing intermediate container e0c51d8c13ba
    Step 9/10 : CMD echo "success--------------ok"
     ---> Running in 339022b46c36
     ---> 7117b7f8d635
    Removing intermediate container 339022b46c36
    Step 10/10 : CMD /bin/bash
     ---> Running in ad662d3129a4
     ---> f022cd7b9017
    Removing intermediate container ad662d3129a4
    Successfully built f022cd7b9017
    [[email protected] myfile]#

     

  • 运行

    [[email protected] myfile]# docker images
    REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
    mycentosfile            1.1                 f022cd7b9017        27 seconds ago      395 MB
    topcher/tomcat          1.0.1               3d8737216a1e        2 hours ago         508 MB
    docker.io/tomcat        latest              8973f493aa0a        2 days ago          508 MB
    docker.io/centos        latest              67fa590cfc1c        4 weeks ago         202 MB
    docker.io/hello-world   latest              fce289e99eb9        8 months ago        1.84 kB
    [[email protected] myfile]# docker run -it mycentosfile:1.1
    [[email protected] local]# ll
    total 0
    drwxr-xr-x. 2 root root  6 Apr 11  2018 bin
    drwxr-xr-x. 2 root root  6 Apr 11  2018 etc
    drwxr-xr-x. 2 root root  6 Apr 11  2018 games
    drwxr-xr-x. 2 root root  6 Apr 11  2018 include
    drwxr-xr-x. 2 root root  6 Apr 11  2018 lib
    drwxr-xr-x. 2 root root  6 Apr 11  2018 lib64
    drwxr-xr-x. 2 root root  6 Apr 11  2018 libexec
    drwxr-xr-x. 2 root root  6 Apr 11  2018 sbin
    drwxr-xr-x. 5 root root 49 Aug  1 01:09 share
    drwxr-xr-x. 2 root root  6 Apr 11  2018 src
    [[email protected] local]# pwd
    /usr/local
    [[email protected] local]# vim 1.txt
    [[email protected] local]# ifconfig
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.17.0.6  netmask 255.255.0.0  broadcast 0.0.0.0
            inet6 fe80::42:acff:fe11:6  prefixlen 64  scopeid 0x20<link>
            ether 02:42:ac:11:00:06  txqueuelen 0  (Ethernet)
            RX packets 8  bytes 656 (656.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 8  bytes 656 (656.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    ​
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    ​
    [[email protected] local]# [[email protected] myfile]#
    [[email protected] myfile]#
    [[email protected] myfile]#
    [[email protected] myfile]# docker history f022cd7b9017
    IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
    f022cd7b9017        2 minutes ago       /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "/b...   0 B
    7117b7f8d635        2 minutes ago       /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "ec...   0 B
    850284459ab5        2 minutes ago       /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "ec...   0 B
    e47d782ab0f5        2 minutes ago       /bin/sh -c #(nop)  EXPOSE 80/tcp                0 B
    67a4329fa503        2 minutes ago       /bin/sh -c yum -y install net-tools             69 MB
    4b7b749294d0        2 minutes ago       /bin/sh -c yum -y install vim                   124 MB
    4d957d2ce926        3 minutes ago       /bin/sh -c #(nop) WORKDIR /usr/local            0 B
    084266f310f4        3 minutes ago       /bin/sh -c #(nop)  ENV MYPATH=/usr/local        0 B
    871c31a91729        3 minutes ago       /bin/sh -c #(nop)  MAINTAINER wgr<[email protected]   0 B
    67fa590cfc1c        4 weeks ago         /bin/sh -c #(nop)  CMD ["/bin/bash"]            0 B
    <missing>           4 weeks ago         /bin/sh -c #(nop)  LABEL org.label-schema....   0 B
    <missing>           4 weeks ago         /bin/sh -c #(nop) ADD file:4e7247c06de9ad1...   202 MB
    [[email protected] myfile]#
    ​

     

5.4 CMD/ENTRYPOINT 详解

都是指定一个容器启动时要运行的命令

  • CMD

    Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后的参数替换

    [[email protected] myfile]# docker run -it 3d8737216a1e ls -l
    total 124
    -rw-r--r--. 1 root root  19318 Sep 16 18:19 BUILDING.txt
    -rw-r--r--. 1 root root   5407 Sep 16 18:19 CONTRIBUTING.md
    -rw-r--r--. 1 root root  57011 Sep 16 18:19 LICENSE
    -rw-r--r--. 1 root root   1726 Sep 16 18:19 NOTICE
    -rw-r--r--. 1 root root   3255 Sep 16 18:19 README.md
    -rw-r--r--. 1 root root   7139 Sep 16 18:19 RELEASE-NOTES
    -rw-r--r--. 1 root root  16262 Sep 16 18:19 RUNNING.txt
    drwxr-xr-x. 2 root root   4096 Sep 20 01:40 bin
    drwxr-sr-x. 1 root root     22 Sep 22 13:28 conf
    drwxr-sr-x. 2 root staff    78 Sep 20 01:40 include
    drwxr-xr-x. 2 root root   4096 Sep 20 01:40 lib
    drwxrwxrwx. 1 root root    177 Sep 22 13:28 logs
    drwxr-sr-x. 3 root staff   151 Sep 20 01:40 native-jni-lib
    drwxrwxrwx. 2 root root     30 Sep 20 01:40 temp
    drwxr-xr-x. 1 root root     18 Sep 22 13:33 webapps
    drwxrwxrwx. 1 root root     22 Sep 22 13:28 work
    [[email protected] myfile]#

     

注:tomcat的Dockerfile最后一个命令为CMD /bin/bash,手动输入参数,会进行替换

  • ENTRYPOINT

docker run 之后的参数会被当做参数传递给 ENTRYPOINT,之后形成新的命令组合

[[email protected] myfile]# docker build -f dockerfile1 -t myip .
Sending build context to Docker daemon 2.048 kB
Step 1/3 : FROM centos
 ---> 67fa590cfc1c
Step 2/3 : RUN yum install -y curl
 ---> Running in 24d685efc352
​
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.huaweicloud.com
 * updates: mirrors.huaweicloud.com
Resolving Dependencies
--> Running transaction check
---> Package curl.x86_64 0:7.29.0-51.el7_6.3 will be updated
---> Package curl.x86_64 0:7.29.0-54.el7 will be an update
--> Processing Dependency: libcurl = 7.29.0-54.el7 for package: curl-7.29.0-54.el7.x86_64
--> Running transaction check
---> Package libcurl.x86_64 0:7.29.0-51.el7_6.3 will be updated
---> Package libcurl.x86_64 0:7.29.0-54.el7 will be an update
--> Finished Dependency Resolution
​
Dependencies Resolved
​
================================================================================
 Package          Arch            Version                   Repository     Size
================================================================================
Updating:
 curl             x86_64          7.29.0-54.el7             base          270 k
Updating for dependencies:
 libcurl          x86_64          7.29.0-54.el7             base          222 k
​
Transaction Summary
================================================================================
Upgrade  1 Package (+1 Dependent package)
​
Total download size: 493 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/base/packages/libcurl-7.29.0-54.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for libcurl-7.29.0-54.el7.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                              988 kB/s | 493 kB  00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libcurl-7.29.0-54.el7.x86_64                                 1/4
  Updating   : curl-7.29.0-54.el7.x86_64                                    2/4
  Cleanup    : curl-7.29.0-51.el7_6.3.x86_64                                3/4
  Cleanup    : libcurl-7.29.0-51.el7_6.3.x86_64                             4/4
  Verifying  : libcurl-7.29.0-54.el7.x86_64                                 1/4
  Verifying  : curl-7.29.0-54.el7.x86_64                                    2/4
  Verifying  : curl-7.29.0-51.el7_6.3.x86_64                                3/4
  Verifying  : libcurl-7.29.0-51.el7_6.3.x86_64                             4/4
​
Updated:
  curl.x86_64 0:7.29.0-54.el7
​
Dependency Updated:
  libcurl.x86_64 0:7.29.0-54.el7
​
Complete!
 ---> ed86a4b09c55
Removing intermediate container 24d685efc352
Step 3/3 : CMD curl -s http://ip.cn
 ---> Running in c98ca5fa9fed
 ---> 420c99c3b707
Removing intermediate container c98ca5fa9fed
Successfully built 420c99c3b707
[[email protected] myfile]#
​
[email protected] myfile]# cat dockerfile1
FROM centos
RUN yum install -y curl
CMD [ "curl", "-s", "http://ip.cn" ]

 

加入参数 -i

[[email protected] myfile]# docker run 420c99c3b707 -i
container_linux.go:235: starting container process caused "exec: \"-i\": executable file not found in $PATH"
/usr/bin/docker-current: Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "exec: \"-i\": executable file not found in $PATH".
[[email protected] myfile]#

 

我们可以看到可执行文件找不到的报错,executable file not found。 之前我们说过,跟在镜像名后面的是 command,运行时会替换 CMD 的默认值。 因此这里的 -i 替换了原来的 CMD,而不是添加在原来的 curl -s http://ip.cn 后面。而 -i 根本不是命令,所以自然找不到。

那么如果我们希望加入 -i 这参数,我们就必须重新完整的输入这个命令:

$ docker run myip curl -s http://ip.cn -i

[[email protected] myfile]# docker build -f dockerfile2 -t myip:1.2 .
Sending build context to Docker daemon 3.072 kB
Step 1/3 : FROM centos
 ---> 67fa590cfc1c
Step 2/3 : RUN yum install -y curl
 ---> Using cache
 ---> ed86a4b09c55
Step 3/3 : ENTRYPOINT curl -s http://ip.cn
 ---> Running in 695e59ae2f9f
 ---> 00a0a1f80e36
Removing intermediate container 695e59ae2f9f
Successfully built 00a0a1f80e36
[[email protected] myfile]#
[email protected] myfile]# cat dockerfile2
FROM centos
RUN yum install -y curl
ENTRYPOINT [ "curl", "-s", "http://ip.cn" ]
[[email protected] myfile]#
​
[[email protected] myfile]# docker run 00a0a1f80e36 -i
HTTP/1.1 301 Moved Permanently
Date: Sun, 22 Sep 2019 16:21:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 22 Sep 2019 17:21:12 GMT
Location: https://ip.cn/
Server: cloudflare
CF-RAY: 51a59c51fca7d356-LAX
​
[[email protected] myfile]#
​

 

5.5 自定义镜像Tomcat9

[[email protected] myfile]# mkdir -p /zzyyuse/mydockerfile/tomcat9
[[email protected] myfile]# cd /zzyyuse/mydockerfile/tomcat9/
[[email protected] tomcat9]# mv touch touch.txt
[[email protected] tomcat9]# ll
总用量 202568
-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz
-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gz
-rw-r--r--. 1 root root         8 9月  23 00:26 touch.txt
[[email protected] tomcat9]# vim dockerfile
[[email protected] tomcat9]# docker build -f dockerfile -t mytomcat9 .
Sending build context to Docker daemon 207.4 MB
Step 1/15 : FROM centos
 ---> 67fa590cfc1c
Step 2/15 : MAINTAINER wgr<[email protected]>
 ---> Running in 1d226a95e4bd
 ---> 1757ce5df080
Removing intermediate container 1d226a95e4bd
Step 3/15 : COPY touch.txt /usr/local/cincontainer.txt
 ---> 47027886f2b6
Removing intermediate container 7f9c861f6ebf
Step 4/15 : ADD jdk-8u221-linux-x64.tar.gz /usr/local/
 ---> af6a09494e41
Removing intermediate container 1ce823526620
Step 5/15 : ADD apache-tomcat-9.0.26.tar.gz /usr/local/
 ---> 30ed83402115
Removing intermediate container 63f92f905d88
Step 6/15 : RUN yum -y install vim
 ---> Running in 52768f621694
Complete!
 ---> 1a786e61417c
Removing intermediate container 52768f621694
Step 7/15 : ENV MYPATH /usr/local
 ---> Running in a9ffa71dea83
 ---> 3e22143a0c16
Removing intermediate container a9ffa71dea83
Step 8/15 : WORKDIR $MYPATH
 ---> 6371b1f9c73c
Removing intermediate container 0f276bf3ce88
Step 9/15 : ENV JAVA_HOME /usr/local/jdk1.8.0_221
 ---> Running in 41ccc23b039d
 ---> 41a86caa4a67
Removing intermediate container 41ccc23b039d
Step 10/15 : ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 ---> Running in d8b2069614ec
 ---> b2d06aada292
Removing intermediate container d8b2069614ec
Step 11/15 : ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.26
 ---> Running in b8129aaa2c20
 ---> 6f4277b94c01
Removing intermediate container b8129aaa2c20
Step 12/15 : ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.26
 ---> Running in 310832c60e55
 ---> 965e54b0e595
Removing intermediate container 310832c60e55
Step 13/15 : ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
 ---> Running in e9c4f9fe44a2
 ---> 7102c04d53b2
Removing intermediate container e9c4f9fe44a2
Step 14/15 : EXPOSE 8080
 ---> Running in 329adfcaba35
 ---> 601bffd46d5a
Removing intermediate container 329adfcaba35
Step 15/15 : CMD /usr/local/apache-tomcat-9.0.26/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.26/bin/logs/catalina.out
 ---> Running in 1ecc7244a41f
 ---> 6c243064a028
Removing intermediate container 1ecc7244a41f
Successfully built 6c243064a028
​

 

Dockerfile

[[email protected] tomcat9]# cat dockerfile
FROM         centos
MAINTAINER    wgr<[email protected]>
#把宿主机当前上下文的c.txt拷贝到容器/usr/local/路径下
COPY touch.txt /usr/local/cincontainer.txt
#把java与tomcat添加到容器中
ADD jdk-8u221-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.26.tar.gz /usr/local/
#安装vim编辑器
RUN yum -y install vim
#设置工作访问时候的WORKDIR路径,登录落脚点
ENV MYPATH /usr/local
WORKDIR $MYPATH
#配置java与tomcat环境变量
ENV JAVA_HOME /usr/local/jdk1.8.0_221
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.26
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.26
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
#容器运行时监听的端口
EXPOSE  8080
#启动时运行tomcat
CMD /usr/local/apache-tomcat-9.0.26/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.26/bin/logs/catalina.out
[[email protected] tomcat9]#

 

运行容器

[[email protected] tomcat9]# docker run -d -p 9080:8080 --name myt9 -v /zzyyuse/mydockerfile/tomcat9/test:/usr/local/apache-tomcat-9.0.26/webapps/test -v /zzyyuse/mydockerfile/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.26/logs --privileged=true mytomcat9
caf65bdc80f404157081f45f74a3056150504a80a44d7217f31ab95bf604c053
[[email protected] tomcat9]#
[[email protected] tomcat9]# ll
总用量 202572
-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz
-rw-r--r--. 1 root root       929 9月  23 00:47 dockerfile
-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gz
drwxr-xr-x. 2 root root         6 9月  23 00:51 test
drwxr-xr-x. 2 root root       197 9月  23 00:51 tomcat9logs
-rw-r--r--. 1 root root         8 9月  23 00:26 touch.txt
[[email protected] tomcat9]#
Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied
解决办法:在挂载目录后多加一个--privileged=true参数即可
[[email protected] tomcat9]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                    NAMES
caf65bdc80f4        mytomcat9           "/bin/sh -c '/usr/..."   About a minute ago   Up About a minute   0.0.0.0:9080->8080/tcp   myt9
[[email protected] tomcat9]#

 

验证

测试

[[email protected] test]# vim web.xml
[[email protected] test]# vim a.jsp
[[email protected] test]# ll
总用量 8
-rw-r--r--. 1 root root 511 9月  23 00:55 a.jsp
-rw-r--r--. 1 root root 337 9月  23 00:55 web.xml
[[email protected] test]# cd ..
[[email protected] tomcat9]# ll
总用量 202572
-rw-r--r--. 1 root root  12326996 9月  23 00:29 apache-tomcat-9.0.26.tar.gz
-rw-r--r--. 1 root root       929 9月  23 00:47 dockerfile
-rw-r--r--. 1 root root 195094741 9月  23 00:44 jdk-8u221-linux-x64.tar.gz
drwxr-xr-x. 2 root root        34 9月  23 00:55 test
drwxr-xr-x. 2 root root       197 9月  23 00:51 tomcat9logs
-rw-r--r--. 1 root root         8 9月  23 00:26 touch.txt
[[email protected] tomcat9]# cd tomcat9logs/
[[email protected] tomcat9logs]# ll
总用量 24
-rw-r-----. 1 root root 6574 9月  23 00:51 catalina.2019-09-22.log
-rw-r-----. 1 root root 6574 9月  23 00:51 catalina.out
-rw-r-----. 1 root root    0 9月  23 00:51 host-manager.2019-09-22.log
-rw-r-----. 1 root root  408 9月  23 00:51 localhost.2019-09-22.log
-rw-r-----. 1 root root  825 9月  23 00:54 localhost_access_log.2019-09-22.txt
-rw-r-----. 1 root root    0 9月  23 00:51 manager.2019-09-22.log
[[email protected] tomcat9logs]# tail -200f catalina.out
22-Sep-2019 16:51:48.924 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.26
22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Sep 16 2019 15:51:39 UTC
22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.26.0
22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            3.10.0-957.el7.x86_64
22-Sep-2019 16:51:49.031 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/jdk1.8.0_221/jre
22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_221-b11
22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/apache-tomcat-9.0.26
22-Sep-2019 16:51:49.032 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/apache-tomcat-9.0.26
22-Sep-2019 16:51:49.078 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/apache-tomcat-9.0.26/conf/logging.properties
22-Sep-2019 16:51:49.079 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
22-Sep-2019 16:51:49.079 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
22-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
22-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
22-Sep-2019 16:51:49.080 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/apache-tomcat-9.0.26
22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/apache-tomcat-9.0.26
22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/apache-tomcat-9.0.26/temp
22-Sep-2019 16:51:49.082 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
22-Sep-2019 16:51:50.237 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
22-Sep-2019 16:51:50.269 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
22-Sep-2019 16:51:50.272 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [1,885] milliseconds
22-Sep-2019 16:51:50.341 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
22-Sep-2019 16:51:50.341 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.26]
22-Sep-2019 16:51:50.362 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/ROOT]
22-Sep-2019 16:51:50.906 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/ROOT] has finished in [543] ms
22-Sep-2019 16:51:50.906 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/docs]
22-Sep-2019 16:51:50.924 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/docs] has finished in [17] ms
22-Sep-2019 16:51:50.924 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/examples]
22-Sep-2019 16:51:51.585 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/examples] has finished in [660] ms
22-Sep-2019 16:51:51.585 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/host-manager]
22-Sep-2019 16:51:51.625 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/host-manager] has finished in [40] ms
22-Sep-2019 16:51:51.626 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/manager]
22-Sep-2019 16:51:51.771 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/manager] has finished in [145] ms
22-Sep-2019 16:51:51.771 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-9.0.26/webapps/test]
22-Sep-2019 16:51:51.880 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-9.0.26/webapps/test] has finished in [109] ms
22-Sep-2019 16:51:51.885 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
22-Sep-2019 16:51:51.902 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
22-Sep-2019 16:51:51.906 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1,632] milliseconds

 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://java.sun.com/xml/ns/javaee"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  id="WebApp_ID" version="2.5">
  
  <display-name>test</display-name>
 
</web-app>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
  </head>
  <body>
    -----------welcome------------
    <%="i am in docker tomcat self "%>
    <br>
    <br>
    <% System.out.println("=============docker tomcat self");%>
  </body>
</html>

 

 

结果:

 

6 Docker常用安装

6.1 安装Mysql

[[email protected] ~]# docker run -p 12345:3306 --name mysql1 --privileged=true -v /zzyyuse/mysql/conf:/etc/mysql/conf.d -v /zzyyuse/mysql/logs:/logs -v /zzyyuse/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -d b8fd9553f1f0
682b15d35235e3499c6fe862734eb40c91533bbb51f5fd44af89ad3d640e8e78
[[email protected] ~]# docker ps -l
[[email protected] ~]# docker exec -it 682b15d35235 /bin/bash
[email protected]:/# ll

 

6.2 安装redis

docker run -p 6666:6666 --privileged=true -v /zzyyuse/myredis/data:/data -v /zzyyuse/myredis/conf/redis.conf:/usr/local/etc/redis/redis.conf  -d 01a52b3b5cd1 redis-server /usr/local/etc/redis/redis.conf --appendonly yes
0cd9055715bca21e460a20bdca9e705860f84b3d0320c37242dd72205a7efc79

 

# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
 
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
################################## INCLUDES ###################################
 
# Include one or more other config files here.  This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings.  Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
 
################################## NETWORK #####################################
 
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#bind 127.0.0.1
 
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
#    "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
 
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6666
 
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
 
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
 
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
 
# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
#    equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
 
################################# GENERAL #####################################
 
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
#daemonize no
 
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
supervised no
 
# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
pidfile /var/run/redis_6379.pid
 
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
 
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile ""
 
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
 
# Specify the syslog identity.
# syslog-ident redis
 
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
 
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
 
################################ SNAPSHOTTING  ################################
#
# Save the DB on disk:
#
#   save <seconds> <changes>
#
#   Will save the DB if both the given number of seconds and the given
#   number of write operations against the DB occurred.
#
#   In the example below the behaviour will be to save:
#   after 900 sec (15 min) if at least 1 key changed
#   after 300 sec (5 min) if at least 10 keys changed
#   after 60 sec if at least 10000 keys changed
#
#   Note: you can disable saving completely by commenting out all "save" lines.
#
#   It is also possible to remove all the previously configured save
#   points by adding a save directive with a single empty string argument
#   like in the following example:
#
#   save ""
 
save 120 1
save 300 10
save 60 10000
 
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
 
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
 
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
 
# The filename where to dump the DB
dbfilename dump.rdb
 
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir ./
 
################################# REPLICATION #################################
 
# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# 1) Redis replication is asynchronous, but you can configure a master to
#    stop accepting writes if it appears to be not connected with at least
#    a given number of slaves.
# 2) Redis slaves are able to perform a partial resynchronization with the
#    master if the replication link is lost for a relatively small amount of
#    time. You may want to configure the replication backlog size (see the next
#    sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
#    network partition slaves automatically try to reconnect to masters
#    and resynchronize with them.
#
# slaveof <masterip> <masterport>

# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>

# When a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
#    still reply to client requests, possibly with out of date data, or the
#    data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
#    an error "SYNC with master in progress" to all the kind of commands
#    but to INFO and SLAVEOF.
#
slave-serve-stale-data yes

# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes

# Replication SYNC strategy: disk or socket.
#
# -------------------------------------------------------
# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
# -------------------------------------------------------
#
# New slaves and reconnecting slaves that are not able to continue the replication
# process just receiving differences, need to do what is called a "full
# synchronization". An RDB file is transmitted from the master to the slaves.
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
#                 file on disk. Later the file is transferred by the parent
#                 process to the slaves incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
#              RDB file to slave sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more slaves
# can be queued and served with the RDB file as soon as the current child producing
# the RDB file finishes its work. With diskless replication instead once
# the transfer starts, new slaves arriving will be queued and a new transfer
# will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple slaves
# will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no

# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the slaves.
#
# This is important since once the transfer starts, it is not possible to serve
# new slaves arriving, that will be queued for the next RDB transfer, so the server
# waits a delay in order to let more slaves arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5

# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
# repl-ping-slave-period 10

# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
# 2) Master timeout from the point of view of slaves (data, pings).
# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60

# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to slaves. But this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no

# Set the replication backlog size. The backlog is a buffer that accumulates
# slave data when slaves are disconnected for some time, so that when a slave
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the slave missed while
# disconnected.
#
# The bigger the replication backlog, the longer the time the slave can be
# disconnected and later be able to perform a partial resynchronization.
#
# The backlog is only allocated once there is at least a slave connected.
#
# repl-backlog-size 1mb

# After a master has no longer connected slaves for some time, the backlog
# will be freed. The following option configures the amount of seconds that
# need to elapse, starting from the time the last slave disconnected, for
# the backlog buffer to be freed.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600

# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority 100

# It is possible for a master to stop accepting writes if there are less than
# N slaves connected, having a lag less or equal than M seconds.
#
# The N slaves need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the slave, that is usually sent every second.
#
# This option does not GUARANTEE that N replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough slaves
# are available, to the specified number of seconds.
#
# For example to require at least 3 slaves with a lag <= 10 seconds use:
#
# min-slaves-to-write 3
# min-slaves-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
# By default min-slaves-to-write is set to 0 (feature disabled) and
# min-slaves-max-lag is set to 10.

# A Redis master is able to list the address and port of the attached
# slaves in different ways. For example the "INFO replication" section
# offers this information, which is used, among other tools, by
# Redis Sentinel in order to discover slave instances.
# Another place where this info is available is in the output of the
# "ROLE" command of a masteer.
#
# The listed IP and address normally reported by a slave is obtained
# in the following way:
#
#   IP: The address is auto detected by checking the peer address
#   of the socket used by the slave to connect with the master.
#
#   Port: The port is communicated by the slave during the replication
#   handshake, and is normally the port that the slave is using to
#   list for connections.
#
# However when port forwarding or Network Address Translation (NAT) is
# used, the slave may be actually reachable via different IP and port
# pairs. The following two options can be used by a slave in order to
# report to its master a specific set of IP and port, so that both INFO
# and ROLE will report those values.
#
# There is no need to use both the options if you need to override just
# the port or the IP address.
#
# slave-announce-ip 5.5.5.5
# slave-announce-port 1234

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared

# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

################################### LIMITS ####################################

# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000

# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# a hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>

# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key according to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with any of the above policies, Redis will return an error on write
#       operations, when there are no suitable keys for eviction.
#
#       At the date of writing these commands are: set setnx setex append
#       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
#       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
#       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
#       getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy noeviction

# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. For default Redis will check five keys and pick the one that was
# used less recently, you can change the sample size using the following
# configuration directive.
#
# The default of 5 produces good enough results. 10 Approximates very closely
# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
#
# maxmemory-samples 5

############################## APPEND ONLY MODE ###############################

# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.

appendonly no

# The name of the append only file (default: "appendonly.aof")

appendfilename "appendonly.aof"

# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log. Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".

# appendfsync always
appendfsync everysec
# appendfsync no

# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.

no-appendfsync-on-rewrite no

# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.

auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

# An AOF file may be found to be truncated at the end during the Redis
# startup process, when the AOF data gets loaded back into memory.
# This may happen when the system where Redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when Redis itself
# crashes or aborts but the operating system still works correctly).
#
# Redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the AOF file is found
# to be truncated at the end. The following option controls this behavior.
#
# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
# the Redis server starts emitting a log to inform the user of the event.
# Otherwise if the option is set to no, the server aborts with an error
# and refuses to start. When the option is set to no, the user requires
# to fix the AOF file using the "redis-check-aof" utility before to restart
# the server.
#
# Note that if the AOF file will be found to be corrupted in the middle
# the server will still exit with an error. This option only applies when
# Redis will try to read more data from the AOF file but not enough bytes
# will be found.
aof-load-truncated yes

################################ LUA SCRIPTING  ###############################

# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000

################################ REDIS CLUSTER  ###############################
#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
# in order to mark it as "mature" we need to wait for a non trivial percentage
# of users to deploy it in production.
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In order to start a Redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes

# Every cluster node has a cluster configuration file. This file is not
# intended to be edited by hand. It is created and updated by Redis nodes.
# Every Redis Cluster node requires a different cluster configuration file.
# Make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf

# Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# Most other internal time limits are multiple of the node timeout.
#
# cluster-node-timeout 15000

# A slave of a failing master will avoid to start a failover if its data
# looks too old.
#
# There is no simple way for a slave to actually have a exact measure of
# its "data age", so the following two checks are performed:
#
# 1) If there are multiple slaves able to failover, they exchange messages
#    in order to try to give an advantage to the slave with the best
#    replication offset (more data from the master processed).
#    Slaves will try to get their rank by offset, and apply to the start
#    of the failover a delay proportional to their rank.
#
# 2) Every single slave computes the time of the last interaction with
#    its master. This can be the last ping or command received (if the master
#    is still in the "connected" state), or the time that elapsed since the
#    disconnection with the master (if the replication link is currently down).
#    If the last interaction is too old, the slave will not try to failover
#    at all.
#
# The point "2" can be tuned by user. Specifically a slave will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
#   (node-timeout * slave-validity-factor) + repl-ping-slave-period
#
# So for example if node-timeout is 30 seconds, and the slave-validity-factor
# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
# slave will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# A large slave-validity-factor may allow slaves with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a slave at all.
#
# For maximum availability, it is possible to set the slave-validity-factor
# to a value of 0, which means, that slaves will always try to failover the
# master regardless of the last time they interacted with the master.
# (However they'll always try to apply a delay proportional to their
# offset rank).
#
# Zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-slave-validity-factor 10

# Cluster slaves are able to migrate to orphaned masters, that are masters
# that are left without working slaves. This improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working slaves.
#
# Slaves migrate to orphaned masters only if there are still at least a
# given number of other working slaves for their old master. This number
# is the "migration barrier". A migration barrier of 1 means that a slave
# will migrate only if there is at least 1 other working slave for its master
# and so forth. It usually reflects the number of slaves you want for every
# master in your cluster.
#
# Default is 1 (slaves migrate only if their masters remain with at least
# one slave). To disable migration just set it to a very large value.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1

# By default Redis Cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# It automatically returns available as soon as all the slots are covered again.
#
# However sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. In order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes

# In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.

################################## SLOW LOG ###################################

# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.

# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000

# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128

################################ LATENCY MONITOR ##############################

# The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a Redis instance.
#
# Via the LATENCY command this information is available to the user that can
# print graphs and obtain reports.
#
# The system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. When its value is set
# to zero, the latency monitor is turned off.
#
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0

############################# EVENT NOTIFICATION ##############################

# Redis can notify Pub/Sub clients about events happening in the key space.
# This feature is documented at http://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
# messages will be published via Pub/Sub:
#
# PUBLISH [email protected]__:foo del
# PUBLISH [email protected]__:del foo
#
# It is possible to select the events that Redis will notify among a set
# of classes. Every class is identified by a single character:
#
#  K     Keyspace events, published with [email protected]<db>__ prefix.
#  E     Keyevent events, published with [email protected]<db>__ prefix.
#  g     Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
#  $     String commands
#  l     List commands
#  s     Set commands
#  h     Hash commands
#  z     Sorted set commands
#  x     Expired events (events generated every time a key expires)
#  e     Evicted events (events generated when a key is evicted for maxmemory)
#  A     Alias for g$lshzxe, so that the "AKE" string means all the events.
#
#  The "notify-keyspace-events" takes as argument a string that is composed
#  of zero or multiple characters. The empty string means that notifications
#  are disabled.
#
#  Example: to enable list and generic events, from the point of view of the
#           event name, use:
#
#  notify-keyspace-events Elg
#
#  Example 2: to get the stream of the expired keys subscribing to channel
#             name [email protected]__:expired use:
#
#  notify-keyspace-events Ex
#
#  By default all notifications are disabled because most users don't need
#  this feature and the feature has some overhead. Note that if you don't
#  specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""

############################### ADVANCED CONFIG ###############################

# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64

# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb  <-- not recommended for normal workloads
# -4: max size: 32 Kb  <-- not recommended
# -3: max size: 16 Kb  <-- probably not recommended
# -2: max size: 8 Kb   <-- good
# -1: max size: 4 Kb   <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2

# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression.  The head and tail of the list
# are always uncompressed for fast push/pop operations.  Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
#    going from either the head or tail"
#    So: [head]->node->node->...->node->[tail]
#    [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
#    2 here means: don't compress head or head->next or tail->prev or tail,
#    but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0

# Sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512

# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64

# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000

# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes

# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
# slave  -> slave clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60

# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10

# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
View Code

 

配置文件​