Docker¶
Show Docker logs on Ubuntu 16.04+:
journalctl -u docker.service
Security benchmark: https://github.com/docker/docker-bench-security
docker run --name docker-bench --rm -it --net host --pid host --userns host --cap-add audit_control -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker_bench_security docker/docker-bench-security
Move volume data to another volume (rename volume):
# Will create new volume and copy data to it from old volume
# FROM - old volume
# TO - new volume
export FROM=<v_1> TO=<v_2> && docker volume create --name $TO && docker run --rm -it -v $FROM:/from -v $TO:/to alpine ash -c "cd /from; cp -arv . /to"
Clear container logs:
> $(docker inspect --format='{{.LogPath}}' <CONTAINER>)
To use node_modules locally, but ignore it in the docker container using the following syntax in the docker-compose.yml
. So everything in ./angularApp
is mapped to /opt/app
and then I create another mount volume /opt/app/node_modules/
which is now empty directory - even if in my local machine ./angularApp/node_modules
is not empty:
volumes:
- './angularApp:/opt/app'
- /opt/app/node_modules/
File .dockerignore
:
Dockerfile
docker-compose.yml
Exit without stopped:
Ctrl+p, Ctrl+q
The TERM environment variable is unset!:
export TERM=xterm
docker ps # show running containers
-a # show all containers
-l # show last started container
docker search <image> # search images
docker pull <image>:<tag> # pull to local copy
docker run -t -i <image>:<tag> [comand]
<image>
-ti <image> # run end get TTY
-ti <image> [command] # run command
-d <image> [command] # run on background
-P ... # open all required ports
-p 80:5000 -p 85:5005 ... # 80 -> 5000
--name <some_name> # add name for container
--env MYVAR2=foo # add env variable
--env-file ./env.list # add env file
-v /etc/localtime:/etc/localtime:ro # mount volume or file
--log-driver=syslog
--log-opt syslog-address=udp://<address>:514
tag="some_tag"
max-file=2
max-size=2k
syslog-facility=daemon
docker images # show local images
-q # show only IDs
-f dangling=true # show trash images
docker rmi $(docker images -f dangling=true -q) # remove trash images
docker port <name> # show opens ports
[port] # show port
docker logs <name> # Shows us the standard output of a container.
-f <name> # tail -f
docker stop <name> # stop running container. return name of stopped
docker start <name> # start stopping container. return name of started
-i <name> # and in
docker atach <name> # atach to running container
docker rm <name> <name> ... # remove container if stopped
-f <name> <name> ... # remove container!
docker rmi training/sinatra # remove images
docker cp <container>:<src_path_in_container> <dest_local_path> # cp files and directories. Example: backup data
docker top <name> # top for container
docker inspect <name> # return json information
-f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <name>
docker commit -m "message" -a "John Smith" 0b2616b0e5a8 ouruser/sinatra:v2 # save current state of image
docker tag 5db5f8471261 ouruser/sinatra:devel # add new tag
Images that use the v2 or later format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the –digests flag:
docker images --digests | head
docker pull ouruser/sinatra@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
docker push ouruser/sinatra
Docker installation¶
Docker monitoring¶
ctop¶
https://github.com/bcicen/ctop/blob/master/README.md
Installation:
wget https://github.com/bcicen/ctop/releases/download/v0.5/ctop-0.5-linux-amd64 -O ctop
sudo mv ctop /usr/local/bin/
sudo chmod +x /usr/local/bin/ctop
Run via docker:
docker run -ti --name ctop --rm -v /var/run/docker.sock:/var/run/docker.sock quay.io/vektorlab/ctop:latest