Docker¶
安装与配置¶
安装与启动¶
#####################################
# 官方安装,速度慢
#####################################
curl -sSL https://get.docker.com/ | sh
#####################################
# 基于国内源,速度快
#####################################
# fedora/centos
curl -sSL https://gitee.com/my_shell/linux_install_shell/raw/master/docker/docker_centos7.sh | bash
# debian/ubuntu
curl -sSL https://gitee.com/my_shell/linux_install_shell/raw/master/docker/docker_ubuntu14.04.sh | bash
wget -qO - https://gitee.com/my_shell/linux_install_shell/raw/master/docker/docker_ubuntu14.04.sh | bash
# centos 6 安装老版本,docker
sudo yum install -y docker.io
# 启动docker server
# ubuntu
sudo service docker start
# centos
sudo systemctl enable docker
sudo systemctl start docker
配置¶
sudo mkdir -p /etc/docker
# 1. 指定 镜像加速地址
# https://docker.mirrors.ustc.edu.cn # 中科大
# https://hub-mirror.c.163.com # 163
# https://4lmb1y64.mirror.aliyuncs.com
# 2. 指定 Docker root dir
# 3. 指定 DNS
sudo tee -a /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"graph": "/home/docker/docker_image",
"dns": ["114.114.114.114","8.8.8.8"],
"insecure-registries": ["192.168.2.100:8086"]
}
EOF
# 重启
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo service docker restart # ubuntu
# 查看
docker info
去掉sudo权限¶
#可以添加docker组
sudo groupadd docker
#添加用户到docker组
sudo gpasswd -a $USER docker
# docker服务重启 (CentOS7的場合)
sudo systemctl restart docker
Nvidia Docker¶
distribution=$(. /etc/os-release;echo $ID$VERSION_ID) \
&& curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add - \
&& curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
sudo apt-get update
sudo apt-get install -y nvidia-docker2
sudo systemctl restart docker
代理¶
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf <<-'EOF'
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
EOF
sudo tee /etc/systemd/system/docker.service.d/https-proxy.conf <<-'EOF'
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/"
EOF
# Flush changes:
systemctl daemon-reload
# Restart Docker:
systemctl restart docker
# Verify that the configuration has been loaded:
systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/
# Or, if you are behind an HTTPS proxy server:
systemctl show --property=Environment docker
Environment=HTTPS_PROXY=https://proxy.example.com:443/
# test
docker pull k8s.gcr.io/kube-apiserver-amd64:v1.11.0
常用命令¶
镜像¶
docker images --help
docker images # 列出本地镜像
docker commit -m "do something" -a "do something ..." {CONTAINER ID} {REPOSITORY:TAG} # 镜像commit
docker commit -m "add start.sh" -a "add start.sh ..." e0dfc0f706ce jxm/my_space:v3 # 镜像commit
docker rmi {REPOSITORY:TAG} # 删除本地镜像
# 本地镜像重命名
docker tag {ORIGIN_REPOSITORY:TAG} {NEW_NAME:TAG}
docker tag {IMAGE_ID} {NEW_NAME:TAG}
docker rmi {ORIGIN_REPOSITORY:TAG}
docker image prune # 清理none镜像
docker rmi $(docker images | grep none | awk '{print $3}' | xargs)
# 从docker hub 搜索镜像
docker search centos
容器¶
容器-create/run/rm¶
docker create --help
docker create -i -t --name=my_test ubuntu:14.04 /bin/bash # 创建容器
docker run --help
# 守护态运行``
docker run -d -p 3080:80 --name={CONTAINER_NAME} {REPOSITORY:TAG} /bin/bash -c " while true; do echo hello world; sleep 1; done"
docker run -d --restart=always -p 3080:80 --name={CONTAINER_NAME} {REPOSITORY:TAG} /root/start.sh #开机自启动
docker run -it --net host \
--ipc=host \
-e LANG=C.UTF-8 \
-e DISPLAY=${DISPLAY} \
--env="QT_X11_NO_MITSHM=1" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /home/promote/Pictures:/home/Pictures -v /home/promote/Videos:/home/Videos \
--name lidar \
--gpus all \
--runtime nvidia \
--device /dev/snd \
--privileged \
sensor:v1.6 /bin/bash
# 启动一个容器
docker start --help
sdocker start/stop {CONTAINER_NAME} # 启动/停止容器
docker --help
docker attach {CONTAINER_NAME} # 进入容器
docker rm --help
docker rm {CONTAINER_NAME}/{CONTAINER_ID} # 删除一个容器
docker rm `sudo docker ps -a -q` # 删除全部容器
容器-exec¶
docker exec --help
docker exec -it {CONTAINER_NAME} /bin/bash
容器-root权限¶
docker run -d --privileged {REPOSITORY:TAG}
# 参数privileged ,container内的root拥有真正的root权限。
# 否则,container内的root只是外部的一个普通用户权限。
# privileged启动的容器,可以看到很多host上的设备,并且可以执行mount。
# 甚至允许你在docker容器中启动docker容器。
docker run -d --cap-add SYS_NET_ADMIN {REPOSITORY:TAG}
# 让容器拥有除了MKNOD之外的所有内核权限
docker run --cap-add=ALL --cap-drop=MKNOD ...
容器-logs¶
# 查看日志
docker logs --help
docker logs -f {CONTAINER ID} # 日志
docker logs --follow {CONTAINER ID}
# 在/var/lib/docker/containers/目录下
# 找到对应的container id,然后进去,
# 执行 echo "" > ${container id}.log 即可
容器-ps¶
#``查询``
docker ps --help
docker ps # 显示UP状态的容器
docker ps -a # 显示所有容器
docker ps -as # 显示所有容器,显示容器大小
容器-导入导出¶
# 导出导入
docker export --help
docker export {CONTAINER ID} > ubuntu.tar # 导出容器
cat ubuntu.tar | sudo docker import - test/ubuntu:v1.0 # 导入容器快照
docker import --help
# 通过指定 URL 或者某个目录来导入容器
docker import http://example.com/exampleimage.tgz example/imagerepo
docker save --help
docker save -o nextcloud.tar nextcloud # 导出镜像
docker load -i nextcloud.tar # 导入镜像
容器-reame¶
# 容器重命名
docker rename --help
docker rename {ORIGIN_NAME} {NEW_NAME}
docker rename {CONTAINER ID} {NEW_NAME}
容器-port¶
# 查看端口
docker port --help
docker port {CONTAINER ID}
docker port {CONTAINER ID} 80
docker-compose¶
pip install docker-compose==1.24.0
# docker-compose.yml
version: "3.0"
services:
autoware:
privileged: true
image: autoware/autoware:latest-melodic-cuda
container_name: ros-test
runtime: nvidia
user: 'root'
working_dir: /mnt
#restart: always
network_mode: "host"
#ports:
# - "8080:80"
volumes:
- /tmp/.X11-unix:/tmp/.X11-unix:rw
- /home/promote/work/proj:/mnt
environment:
- DISPLAY=:1
#- USER_ID=1000
#- QT_X11_NO_MITSHM=1
- QT_LOGGING_RULES="*=false"
hostname: 'HP-Laptop'
extra_hosts:
- "HP-Laptop:127.0.0.1"
entrypoint: ["/bin/bash", "-c", "while true; do echo hello world; sleep 1; done"]
Dockerfile¶
# This is a comment
FROM ubuntu:14.04
MAINTAINER Jiangxumin <cjaingxumin@gmail.com>
USER root
WORKDIR /root
# ENV TEST 123
COPY install.sh ./
COPY run.sh ./
RUN ./install.sh
VOLUME ["/data1","/data2"]
EXPOSE 22
EXPOSE 80
EXPOSE 443
CMD ["/bin/bash","/root/run.sh"]
# apt-get安装,可以加上 --no-install-recommends 这个参数,不安装非必须的依赖包
# pip安装,加上pip --no-cache-dir
# yum clean all && rm -rf /var/cache/yum/* ; for cenotos
$ docker build . -t ${image name}
$ docker run -d --restart=always -p 8901:8080 -v $HOEM/Video:/mediadrop/data/media --name=mediadrop acaranta/mediadrop
EXPOSE
格式为 EXPOSE <port> [<port>...] 。 告诉Docker服务端容器暴露的端口
buildx¶
sudo apt-get install -y qemu qemu-user-static binfmt-support debootstrap
mkdir -p ~/.docker/cli-plugins/
cd ~/.docker/cli-plugins/ || exit
wget https://github.com/docker/buildx/releases/download/v0.8.2/buildx-v0.8.2.linux-amd64
mv buildx-v0.8.2.linux-amd64 docker-buildx
chmod a+x ~/.docker/cli-plugins/docker-buildx
- Edit file /etc/docker/daemon.json, add "experimental":true
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"runtimes": {
"nvidia": {
"path": "nvidia-container-runtime",
"runtimeArgs": []
}
},
"experimental":true,
"insecure-registries": ["192.168.2.100:8086" ]
}
sudo systemctl restart docker
docker buildx version
## http
sudo tee $HOME/.config/buildkit/buildkitd.toml <<-'EOF'
[registry."192.168.2.100:8086"]
http = true
EOF
## create builder
docker buildx create --use --platform=linux/amd64,linux/arm64 \
--name localbuilder \
--config $HOME/.config/buildkit/buildkitd.toml
docker buildx use localbuilder
docker exec -t buildx_buildkit_localbuilder0 cat /etc/buildkit/buildkitd.toml
docker buildx ls # list builder
docker buildx rm localbuilder # delect
- https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
- https://github.com/docker/buildx/blob/master/docs/guides/custom-registry-config.md
docker buildx build --platform=linux/amd64,linux/arm64 -t 192.168.2.100:8086/v2x/test:v1 . --push
jetson Nano 运行 ros rviz¶
# step 1
docker run --rm -it --net host \
--ipc=host \
-e LANG=C.UTF-8 \
-e DISPLAY=${DISPLAY} \
--env="QT_X11_NO_MITSHM=1" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
--name ros-noetic \
--gpus all \
--runtime nvidia \
--privileged \
dustynv/ros:noetic-desktop-l4t-r35.2.1 \
/bin/bash
# step 2
xhost +
# step 3
roscore & sleep 5 ; rviz
#NVIDIA_Nona 下查看 CPU/GPU/内存使用率
sudo pip3 install jetson-stats
jtop
jetson_release
Docker私有仓库¶
http: server gave HTTP response to HTTPS client , 解决,添加如下:
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"insecure-registries": ["192.168.8.204:5000"]
}