`docker run`詳解 === (last update 2021/11/11) ## 一次性容器及automated容器說明 ### 一次性執行的容器 `docker run`是啟動一個容器，是docker中最常用的指令，整個docker的靈魂也是在這個指令中。`docker run`啟動一個容器會有兩種狀態，第一種狀態會在執行一次後就離開容器，也無法常駐執行，這種容器稱之為**普通容器**。通常一次性執行的容器用在一次性執行某個指令，如安裝軟體，複製軟體等。 雖然這一類容器執行一次就結束，但它還是會殘存在記憶體中，可以用`docker ps -a`看得到。除非手動刪除，要不然他就會一直留在記憶體中，成為「孤兒容器」。可以用`docker container prune`或`docker rm -f $(docker ps -aq)`刪除。時是在執行時，放上`--rm`參數讓這個容器執行後就立即把自己刪除。 ### 常註執行的容器 當映像檔在建立時，有一個常駐執行的程式不離開，這個程式在背景中一直執行，就會使得容器被建立後就開始執行這個程式一直不離開，此時容器會成為常註容器，這種容器稱之為automated容器。通常提供服務的容器如`mysql`、`nginx`、`httpd`或`redis`等都屬於這種容器。 Automated的容器可以在執行時放上`-d`的參數讓他進入背景常駐程式中，並且回到使用者主控台，也可以接上虛擬螢幕鍵盤的`-it`參數進入控制。如果什麼參數都不加，就會在主螢幕上輸出log檔案。通常的作法是將這個常駐容器放入背景，然後需要時再使用`docker exec -it <容器名稱> bash`進入處理。 ## `docker run`指令詳解 ### 常用指令整理 `-a`：就是`--attach`，執行時接上輸出 `-c or --cpu-shares`：分配cpu，多容器時使用 `-d`：背景執行，必須是automated才有用 `-e`：設定環境變數 `-it`：進入容器的shell中 `-p`：指定主機對應的通訊埠到容器的通訊埠中 `-v`：指定volume或對應目錄 `-w`：指定容器內工作目錄 `--name <string>` `--privileged` `--rm`：執行完後直接刪除。 ### 次常用指令整理 `--add-host <list>`：增加一筆dns記錄到容器中 `--blkio-weight <uint16>`：I/O速度，相對值 `--cidfile <string>`：指容器id寫入檔案 `--dns <list>` `--entrypoint <string>` `--env-file <list>` `--expose <list>` `--gpus <0,1,2, AL>` `-h, --hostname <string>` `--ip, --ip6 <string>` `--link <list>` `--mac-address <string>`：92:d0:c6:0a:29:33 `--network <network>` `--platform <string` `-P, --publish-all` `--read-only` `-u, --user string`：指定使用的user ## 使用範例 ### 常用指令範例 **範例1：`docker run -d <映像檔> <指令>`** 將automated的容器丟到背景執行，必須要是automated，要不然本指令無效。 無automated映像檔執行出來的container ```shell= (joshhuAI)joshhu:temp/ $ docker run -d ubuntu [20:59:50] 8869c86545879a44d486914ca52c0b60ca9e9d4cd7e1fa7ce568033a0b53e1d0 (joshhuAI)joshhu:temp/ $ docker ps [21:00:00] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES (joshhuAI)joshhu:temp/ $ docker ps -a [21:00:02] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8869c8654587 ubuntu "bash" 5 seconds ago Exited (0) 3 seconds ago reverent_black (joshhuAI)joshhu:temp/ $ ``` automated的映像檔執行出來的container ```shell= (joshhuAI)joshhu:temp/ $ docker run -d tutum/apache-php [21:01:09] dc5bbe33c2f9c4c6cf33c6da11a18384bcab80777fed33b79b3063e0ad072135 (joshhuAI)joshhu:temp/ $ docker ps [21:01:17] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dc5bbe33c2f9 tutum/apache-php "/run.sh" 2 seconds ago Up 1 second 80/tcp awesome_faraday (joshhuAI)joshhu:temp/ $ ``` **範例2：`docker run --attach <STDOUT> <image>`** 執行時接上標準輸出輸入 ```shell= (joshhuAI)joshhu:~/ $ docker run --attach STDOUT -p 80:80 tutum/apache-php [20:24:44] ==> /var/log/apache2/access.log <== ==> /var/log/apache2/error.log <== ==> /var/log/apache2/other_vhosts_access.log <== ==> /var/log/apache2/error.log <== ==> /var/log/apache2/access.log <== ==> /var/log/apache2/error.log <== ==> /var/log/apache2/access.log <== ==> /var/log/apache2/error.log <== ==> /var/log/apache2/access.log <== ==> /var/log/apache2/error.log <== ``` **範例3：`docker run -c`** 指定cpu的使用比例，多個容器時才能感覺到差異 ```shell= docker run --rm -it -c 1024 progrium/stress --cpu 12 --io 1 --vm 2 --vm-bytes 128M --timeout 10s ``` 在另一個shell視窗中輸入`htop`來查看cpu使用率，在改變`-c 1024`這數字時的差別。 **範例4：`docker run -e <環境變數> <映像檔>`** 將環境變數傳入容器中。 ```shell= (joshhuAI)joshhu:~/ $ docker run --name mydb -e MYSQL_ROOT_PASSWORD=passwd -d mysql [20:49:06] Unable to find image 'mysql:latest' locally latest: Pulling from library/mysql b380bbd43752: Already exists f23cbf2ecc5d: Pull complete 30cfc6c29c0a: Pull complete b38609286cbe: Pull complete 8211d9e66cd6: Pull complete 2313f9eeca4a: Pull complete 7eb487d00da0: Pull complete 4d7421c8152e: Pull complete 77f3d8811a28: Pull complete cce755338cba: Pull complete 69b753046b9f: Pull complete b2e64b0ab53c: Pull complete Digest: sha256:6d7d4524463fe6e2b893ffc2b89543c81dec7ef82fb2020a1b27606666464d87 Status: Downloaded newer image for mysql:latest 8fc80ab9a728383fdf7fd51197cfd5da370a2acde33377ed4c65b4915b215392 (joshhuAI)joshhu:~/ $ docker ps [20:49:27] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8fc80ab9a728 mysql "docker-entrypoint.s…" 3 seconds ago Up 2 seconds 3306/tcp, 33060/tcp mydb (joshhuAI)joshhu:~/ $ ``` 進入mysql容器中(**錯誤示範**) ```shell= (joshhuAI)joshhu:~/ $ docker ps [21:41:42] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4d5e6f139d80 mysql "docker-entrypoint.s…" 42 minutes ago Up 42 minutes 3306/tcp, 33060/tcp mydb (joshhuAI)joshhu:~/ $ docker exec -it 4 bash [21:41:43] root@4d5e6f139d80:/# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 11 Server version: 8.0.27 MySQL Community Server - GPL Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) ``` **範例5：`docker run -it <image> <指令>`** 執行時直接進入容器，連接上螢幕鍵盤 ```shell= (joshhuAI)joshhu:~/ $ docker run -it tutum/apache-php bash [22:08:26] root@cde541b97209:/app# ls / app bin boot dev etc home lib lib64 media mnt opt proc root run run.sh sbin srv sys tmp usr var root@cde541b97209:/app# cd app bash: cd: app: No such file or directory root@cde541b97209:/app# ls index.php logo.png root@cde541b97209:/app# ll total 28 drwxr-xr-x 1 root root 4096 Jul 8 2015 ./ drwxr-xr-x 1 root root 4096 Nov 10 14:08 ../ -rw-r--r-- 1 root root 1202 Jul 8 2015 index.php -rw-r--r-- 1 root root 12586 Jul 8 2015 logo.png root@cde541b97209:/app# ^C root@cde541b97209:/app# exit exit (joshhuAI)joshhu:~/ $ docker ps [22:08:48] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4d5e6f139d80 mysql "docker-entrypoint.s…" About an hour ago Up About an hour 3306/tcp, 33060/tcp mydb (joshhuAI)joshhu:~/ $ docker ps -a [22:08:59] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cde541b97209 tutum/apache-php "bash" 34 seconds ago Exited (130) 16 seconds ago beautiful_shannon 4d5e6f139d80 mysql "docker-entrypoint.s…" About an hour ago Up About an hour 3306/tcp, 33060/tcp mydb (joshhuAI)joshhu:~/ $ ``` **範例6：`docker run -p HOSTPORT:CONTAINERPORT <image>`** 把主機的通訊埠對應到容器中 ```shell= (joshhuAI)joshhu:~/ $ docker run -d -p 8888:80 tutum/apache-php [22:12:00] f766f56d211953c94b77c1ee2dcc9b2b5c32fd8ebb1955fdc8082857e8d99819 (joshhuAI)joshhu:~/ $ curl localhost:8888 [22:12:15] <html> <head> <title>Hello world!</title> <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'> <style> body { background-color: white; text-align: center; padding: 50px; font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif; } #logo { margin-bottom: 40px; } </style> </head> <body> <img id="logo" src="logo.png" /> <h1>Hello world!</h1> <h3>My hostname is f766f56d2119</h3> </body> </html> (joshhuAI)joshhu:~/ $ ``` **範例7：`docker run -v <參數> <image>`** 將容器啟動並連入資料卷或主機目錄 *資料卷示範* 建立資料卷 ```shell= (joshhuAI)joshhu:~/ $ docker volume create testvolume [22:15:42] testvolume (joshhuAI)joshhu:~/ $ docker volume ls [22:15:55] DRIVER VOLUME NAME local 4c76db8c669ab6e44083a04d6851ef0d5f8f90039e7e39d8e18a7795546e9665 local 5bff34ee3d41f2173d7b9ccdbe2115f4dd1f32c2818a57fb5c617235b249d657 local a456af0703995c7918db868fed1154c124a09a7afb0d2f7841325c961fdc2573 local b886d801f8184a53b645caf8844cd5f6cafbf2d2f598602020d2ce231e00e999 local c76d9097f647f7596b35969b064b5ef04acdf32010e7c29ca1d002d2588391b5 local database local testvolume (joshhuAI)joshhu:~/ ``` 連接容器至資料卷 ```shell= docker run -d \ --name devtest \ --mount source=testvolume,target=/testapp \ tutum/apache-php ``` 進入容器查看資料卷 ```shell= (joshhuAI)joshhu:~/ $ docker ps [22:19:28] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 66e363b3ef87 tutum/apache-php "/run.sh" 8 seconds ago Up 7 seconds 80/tcp devtest (joshhuAI)joshhu:~/ $ docker exec -it 6 bash [22:19:36] root@66e363b3ef87:/app# cd /testapp root@66e363b3ef87:/testapp# ls -al total 8 drwxr-xr-x 2 root root 4096 Nov 10 14:15 . drwxr-xr-x 1 root root 4096 Nov 10 14:19 .. root@66e363b3ef87:/testapp# ``` 新增一個檔案 ```shell= root@66e363b3ef87:/testapp# echo "I am in volume 'testvolume'" > abc root@66e363b3ef87:/testapp# cat abc I am in volume 'testvolume' root@66e363b3ef87:/testapp# exit ``` 刪除容器 ```shell= (joshhuAI)joshhu:~/ $ docker rm -f $(docker ps -aq) [22:23:52] 66e363b3ef87 (joshhuAI)joshhu:~/ $ docker ps -a [22:25:24] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES (joshhuAI)joshhu:~/ $ docker volume ls [22:25:27] DRIVER VOLUME NAME local 4c76db8c669ab6e44083a04d6851ef0d5f8f90039e7e39d8e18a7795546e9665 local 5bff34ee3d41f2173d7b9ccdbe2115f4dd1f32c2818a57fb5c617235b249d657 local a456af0703995c7918db868fed1154c124a09a7afb0d2f7841325c961fdc2573 local b886d801f8184a53b645caf8844cd5f6cafbf2d2f598602020d2ce231e00e999 local c76d9097f647f7596b35969b064b5ef04acdf32010e7c29ca1d002d2588391b5 local database local testvolume ``` 再啟動一個容器連上同個資料卷，並且進入新容器查看檔案還在不在 ```shell= (joshhuAI)joshhu:~/ $ docker run -d \ [22:25:50] --name newdevtest \ --mount source=testvolume,target=/testapp \ tutum/apache-php 90528fa085c099b6b12c2d8bba60edd7e074e25668b988cc0c71b18d7e5b738d (joshhuAI)joshhu:~/ $ docker exec -it 9 bash [22:26:41] root@90528fa085c0:/app# cd /testapp root@90528fa085c0:/testapp# cat abc I am in volume 'testvolume' root@90528fa085c0:/testapp# ``` *bind mount示範* 沒有綁目錄的容器 ```shell= (joshhuAI)joshhu:~/ $ docker run -it --rm tutum/apache-php ls /app [22:29:20] index.php logo.png (joshhuAI)joshhu:~/ $ ``` 綁上目錄的容器 ```shell= (joshhuAI)joshhu:~/ $ ls temp [22:33:07] 92f81b210d6c ae9b57cf9feb bash Dockerfile e8023450446d hello hello.cc Running Vagrantfile (joshhuAI)joshhu:~/ $ (joshhuAI)joshhu:~/ $ docker run -it --rm -v $PWD/temp:/app tutum/apache-php ls /app [22:29:43] 92f81b210d6c Running ae9b57cf9feb e8023450446d hello.cc Dockerfile Vagrantfile bash hello ``` **範例8：`docker run -w <目錄> <image>`** 進入容器時的工作目錄 ```shell= (joshhuAI)joshhu:~/ $ docker run -it --rm tutum/apache-php bash [22:40:18] root@6d57f83ab117:/app# exit exit (joshhuAI)joshhu:~/ $ docker run -it --rm -w /etc tutum/apache-php bash [22:40:25] root@c3e56aa273ef:/etc# ``` **範例9：`docker run --name <name> <image>`** 指定容器的名字 ```shell= (joshhuAI)joshhu:~/ $ docker run -d --name myweb tutum/apache-php [22:44:17] 1f9e73a3ede3c3c8718f1f4a2c990ad5e172eb726a9d5035eaf2d8447323c3b4 (joshhuAI)joshhu:~/ $ docker exec -it myweb bash [22:44:28] root@1f9e73a3ede3:/app# exit (joshhuAI)joshhu:~/ $ docker rm -f myweb [22:44:37] myweb (joshhuAI)joshhu:~/ $ ``` **範例10：`docker run --privilieged <image>`** 獲得主機的`root`權限 - **非常小心使用** ```shell= (joshhuAI)joshhu:~/ $ docker run -it --rm ubuntu bash [23:09:49] root@636b13d22d97:/# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 99.4M 1 loop loop1 7:1 0 55.4M 1 loop loop2 7:2 0 99.5M 1 loop loop3 7:3 0 81.6M 1 loop loop4 7:4 0 82.1M 1 loop loop5 7:5 0 55.5M 1 loop sda 8:0 0 238.5G 0 disk |-sda1 8:1 0 16M 0 part `-sda2 8:2 0 238.5G 0 part sdb 8:16 0 1.8T 0 disk nvme0n1 259:0 0 953.9G 0 disk |-nvme0n1p1 259:1 0 512M 0 part |-nvme0n1p2 259:2 0 952.4G 0 part /etc/hosts `-nvme0n1p3 259:3 0 977M 0 part [SWAP] root@636b13d22d97:/# mount /dev/sda1 mnt mount: /mnt: permission denied. root@636b13d22d97:/# ``` 加了`--privileged` ```shell= (joshhuAI)joshhu:~/ $ docker run -it --rm --privileged ubuntu bash [23:10:53] root@a94ea4cea7f5:/# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 99.4M 1 loop loop1 7:1 0 55.4M 1 loop loop2 7:2 0 99.5M 1 loop loop3 7:3 0 81.6M 1 loop loop4 7:4 0 82.1M 1 loop loop5 7:5 0 55.5M 1 loop sda 8:0 0 238.5G 0 disk |-sda1 8:1 0 16M 0 part `-sda2 8:2 0 238.5G 0 part sdb 8:16 0 1.8T 0 disk nvme0n1 259:0 0 953.9G 0 disk |-nvme0n1p1 259:1 0 512M 0 part |-nvme0n1p2 259:2 0 952.4G 0 part /etc/hosts `-nvme0n1p3 259:3 0 977M 0 part [SWAP] root@a94ea4cea7f5:/# mount /dev/sda1 mnt mount: /mnt: wrong fs type, bad option, bad superblock on /dev/sda1, missing codepage or helper program, or other error. root@a94ea4cea7f5:/# ``` **範例11：`docker run --rm <image>`** 執行完立即刪除容器 ```shell= (joshhuAI)joshhu:~/ $ docker ps -a [23:13:51] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES (joshhuAI)joshhu:~/ $ docker run busybox [23:13:57] (joshhuAI)joshhu:~/ $ docker ps -a [23:14:04] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e5a79080912c busybox "sh" 3 seconds ago Exited (0) 2 seconds ago stupefied_morse (joshhuAI)joshhu:~/ $ ``` ```shell= (joshhuAI)joshhu:~/ $ docker ps -a [23:14:39] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES (joshhuAI)joshhu:~/ $ docker run --rm busybox ls / [23:14:46] bin dev etc home proc root sys tmp usr var (joshhuAI)joshhu:~/ $ docker ps -a [23:14:57] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES (joshhuAI)joshhu:~/ $ ``` ### 次常用指範例 **範例1：`docker run --add-host <name>:<IP> <image>`** 替容器增加一筆dns記錄 ```shell= (joshhuAI)joshhu:~/ $ rm yolov4.conv.137 [23:55:41] (joshhuAI)joshhu:~/ $ docker run --rm centos ping test.joshhu [23:55:47] ping: test.joshhu: Name or service not known (joshhuAI)joshhu:~/ $ docker run --rm --add-host test.joshhu:192.168.1.1 centos ping test.joshhu [23:55:58] PING test.joshhu (192.168.1.1) 56(84) bytes of data. 64 bytes from test.joshhu (192.168.1.1): icmp_seq=1 ttl=63 time=0.340 ms 64 bytes from test.joshhu (192.168.1.1): icmp_seq=2 ttl=63 time=0.260 ms 64 bytes from test.joshhu (192.168.1.1): icmp_seq=3 ttl=63 time=0.198 ms 64 bytes from test.joshhu (192.168.1.1): icmp_seq=4 ttl=63 time=0.232 ms --- test.joshhu ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3062ms rtt min/avg/max/mdev = 0.198/0.257/0.340/0.054 ms (joshhuAI)joshhu:~/ $ ``` **範例2：`docker run --blkio-weight <10-1024> <image>`** 指定io的速度 ```shell= docker run -d --blkio-weight 10 centos bash [0:23:59] d031ac0123a444b9300e429302a5401d73c17227c2e81dd177f839d4122c07c2 ``` **範例3：`docker run --cidfile <file> <image>`** 將容器id寫入檔案 ```shell= (joshhuAI)joshhu:~/ $ docker run --cidfile abc.txt busybox [0:26:54] (joshhuAI)joshhu:~/ $ ls [0:26:59] abc.txt Backup deepmind examples.desktop PhoenixMiner_5.6d_Linux temp VMs xiaomi anaconda3 Blender 2.blend Desktop mnt Pictures Videos wikititle.txt zshrc.general b3.zip cuda Downloads nlp.yaml snap VirtualBox VMs workspace (joshhuAI)joshhu:~/ $ cat abc.txt [0:26:59] 2745fad9a4b83ea4e6962a08be4c9c09d35fca7393233969cab8540b7bd994b5% ``` **範例4：`docker run --dns <dns> <image>`** 指定容器的dns ```shell= (joshhuAI)joshhu:~/ $ docker run --dns 8.8.8.8 centos cat /etc/resolv.conf [0:29:14] nameserver 8.8.8.8 ``` **範例5：`docker run --entrypoint <command> <image> <para>`** 之前在 Dockerfile 中指定了 ENTRYPOINT 指令，因此執行 container 時都會自動執行 ENTRYPOINT 指定的程式。可取代原來的entrypoint檔案 ```shell= docker run --entrypoint "/entrypoint2.sh" tutum/apache-php ``` **範例6：`docker run --env-file <file> <image>`** 指定環境變數的檔案，當環境變數很多時，用檔案較方便。 ``` docker run --name mydb -e MYSQL_ROOT_PASSWORD=1234 -d mysql ``` 換成檔案 ``` # mysql.env MYSQL_ROOT_PASSWORD=1234 ``` ```shell= docker run --name mydb --env-file mysql.env -d mysql (joshhuAI)joshhu:~/ $ docker run --name mydb --env-file mysql.env -d mysql [0:41:26] 314a7ca552d3f95a2b61997313b80840dc8d2e4c3d55001bbf5d6b4c1de91f67 (joshhuAI)joshhu:~/ $ docker ps [0:41:28] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 314a7ca552d3 mysql "docker-entrypoint.s…" 5 seconds ago Up 4 seconds 3306/tcp, 33060/tcp mydb (joshhuAI)joshhu:~/ $ docker exec -it 3 bash [0:41:32] root@314a7ca552d3:/# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 8.0.27 MySQL Community Server - GPL Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> ``` **範例7：`docker run --device /dev/mem:/dev/mem busbox ls /dev/mem`** 將設備掛入容器中 ``` (joshhuAI)joshhu:~/ $ docker run --rm busybox ls /dev/mem [17:51:15] ls: /dev/mem: No such file or directory (joshhuAI)joshhu:~/ $ ``` ``` (joshhuAI)joshhu:~/ $ docker run --device /dev/mem:/dev/mem busybox ls /dev/mem [17:51:05] /dev/mem (joshhuAI)joshhu:~/ $ ``` ``` docker run --device /dev/mem:/dev/mem --cap-add SYS_RAWIO busybox ls /dev/mem [17:51:51] /dev/mem (joshhuAI)joshhu:~/ $ ``` **範例8：`docker run --expose <port> <image>`** 將容器內的某個port開放，但注意沒對映到主機。 ```shell= (joshhuAI)joshhu:~/ $ docker run -d --expose 8080 tutum/apache-php [1:20:50] adedc0098756afb7c79afda096c329f7c705b2bf75ef43139b46b7d0a6742e55 d% (joshhuAI)joshhu:~/ $ docker ps [1:20:56] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES adedc0098756 tutum/apache-php "/run.sh" 1 second ago Up 1 second 80/tcp, 8080/tcp practical_williams (joshhuAI)joshhu:~/ $ ``` **範例9：`docker run --gpus=<0,1,all>`** 讓容器可以使用gpu，必須安裝nvidia docker runtime ```shell= (joshhuAI)joshhu:~/ $ docker run --gpus=all -it --ipc=host --rm -v $PWD:/workspace pytorch/pytorch:latest nvidia-smi [1:23:44] Unable to find image 'pytorch/pytorch:latest' locally latest: Pulling from pytorch/pytorch 284055322776: Pull complete 641a02cb4e21: Pull complete e293b1d03d39: Pull complete d58be659dcd9: Pull complete Digest: sha256:cf9197f9321ac3f49276633b4e78c79aa55f22578de3b650b3158ce6e3481f61 Status: Downloaded newer image for pytorch/pytorch:latest Wed Nov 10 17:28:58 2021 +-----------------------------------------------------------------------------+ | NVIDIA-SMI 450.51.06 Driver Version: 450.51.06 CUDA Version: 11.0 | |-------------------------------+----------------------+----------------------+ | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | | | | MIG M. | |===============================+======================+======================| | 0 GeForce RTX 208... Off | 00000000:41:00.0 Off | N/A | | 0% 36C P8 14W / 260W | 1667MiB / 11016MiB | 0% Default | | | | N/A | +-------------------------------+----------------------+----------------------+ +-----------------------------------------------------------------------------+ | Processes: | | GPU GI CI PID Type Process name GPU Memory | | ID ID Usage | |=============================================================================| +-----------------------------------------------------------------------------+ (joshhuAI)joshhu:~/ $ ``` **範例10：`docker run --hostname <name> <image>`** 幫容器指定其主機名稱，要不然會是容器id ```shell= (joshhuAI)joshhu:~/ $ docker run --rm ubuntu cat /etc/hostname [1:32:03] 731f55aaec8e (joshhuAI)joshhu:~/ $ docker run --rm --hostname myweb ubuntu cat /etc/hostname [1:32:08] myweb (joshhuAI)joshhu:~/ $ ``` **範例11：`docker run --ip <ip> <image>`** 指定容器的ip，必須是用`docker network`創建的網路ip才行 ```shell= (joshhuAI)joshhu:~/ $ docker network create --subnet=172.18.0.0/16 mynet123 (joshhuAI)joshhu:~/ $ docker run --network mynet123 --ip 172.18.0.22 -it centos ip addr [1:37:26] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 296: eth0@if297: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:12:00:16 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.0.22/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever ``` **範例12：`docker run --link <container> <image>`** 可以連接到另一個容器，要有名字 ```shell= (joshhuAI)joshhu:~/ $ docker run --name web -d tutum/apache-php [1:40:29] ecf42bc791a8a5a66ce6300d070a67505547ba4607febf3bed9f5d07d956955c (joshhuAI)joshhu:~/ $ docker run --link web --rm centos ping web [1:40:59] PING web (172.17.0.2) 56(84) bytes of data. 64 bytes from web (172.17.0.2): icmp_seq=1 ttl=64 time=0.109 ms 64 bytes from web (172.17.0.2): icmp_seq=2 ttl=64 time=0.049 ms 64 bytes from web (172.17.0.2): icmp_seq=3 ttl=64 time=0.036 ms 64 bytes from web (172.17.0.2): icmp_seq=4 ttl=64 time=0.074 ms ^C --- web ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3064ms rtt min/avg/max/mdev = 0.036/0.067/0.109/0.027 ms ``` **範例13：`docker run --mac-address <mac> <image>`** 指定mac位置 ```shell= (joshhuAI)joshhu:~/ $ docker run --rm --mac-address 92:d0:c6:0a:29:33 centos ip add [1:45:21] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 302: eth0@if303: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 92:d0:c6:0a:29:33 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever (joshhuAI)joshhu:~/ $ ``` **範例14 ：`docker run --network <network> <image>`** 連接至之前建立的docker虛擬網路 ```shell= (joshhuAI)joshhu:~/ $ ifconfig [1:58:11] docker0 Link encap:Ethernet HWaddr 02:42:32:85:1c:e9 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:32ff:fe85:1ce9/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:7448 errors:0 dropped:0 overruns:0 frame:0 TX packets:33309 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:825360 (825.3 KB) TX bytes:15671894 (15.6 MB) enp5s0 Link encap:Ethernet HWaddr 10:7b:44:93:a9:4f inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4308:ef87:2429:6fe6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5096332 errors:0 dropped:3 overruns:0 frame:0 TX packets:4051801 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4418317714 (4.4 GB) TX bytes:1488869280 (1.4 GB) Memory:ba200000-ba21ffff enp6s0 Link encap:Ethernet HWaddr c4:6e:1f:03:5b:78 inet6 addr: fe80::c66e:1fff:fe03:5b78/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6843702 errors:0 dropped:410387 overruns:0 frame:0 TX packets:6084039 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6059219609 (6.0 GB) TX bytes:4185176090 (4.1 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:197082 errors:0 dropped:0 overruns:0 frame:0 TX packets:197082 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:878116301 (878.1 MB) TX bytes:878116301 (878.1 MB) vboxnet1 Link encap:Ethernet HWaddr 0a:00:27:00:00:01 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::800:27ff:fe00:1/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:166 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:23019 (23.0 KB) vboxnet2 Link encap:Ethernet HWaddr 0a:00:27:00:00:02 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::800:27ff:fe00:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:32111 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:6557327 (6.5 MB) vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01 inet addr:172.16.202.1 Bcast:172.16.202.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:31139 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08 inet addr:172.16.123.1 Bcast:172.16.123.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:31140 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) (joshhuAI)joshhu:~/ $ ``` ```shell= (joshhuAI)joshhu:~/ $ docker network create --subnet=172.18.0.0/16 mynet123 [2:00:11] 337282876a96600f3ee2abcc5177ea6e785a4055f252b8250a49b9ab14323dc2 (joshhuAI)joshhu:~/ $ docker network ls [2:00:17] NETWORK ID NAME DRIVER SCOPE 4647eec39713 bridge bridge local 6d5c484c7754 host host local 337282876a96 mynet123 bridge local c66c444f6768 none null local (joshhuAI)joshhu:~/ $ ifconfig [2:00:29] br-337282876a96 Link encap:Ethernet HWaddr 02:42:19:3b:d6:fc inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ``` ```shell= (joshhuAI)joshhu:~/ $ docker run --rm --network mynet123 centos ip addr [2:02:13] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 324: eth0@if325: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever (joshhuAI)joshhu:~/ $ ``` **範例15：`docker run --readonly <image>`** 建立唯讀容器 ```shell= (joshhuAI)joshhu:~/ $ docker run --rm --read-only centos touch abc [2:02:53] touch: cannot touch 'abc': Read-only file system (joshhuAI)joshhu:~/ $ ``` **範例16：`docker run --user <image>`** 使用不同的uid/gid進入容器。 ```shell= (joshhuAI)joshhu:~/ $ docker run --rm centos id [2:04:38] uid=0(root) gid=0(root) groups=0(root) (joshhuAI)joshhu:~/ $ docker run --rm --user 1000:1000 centos id [2:04:49] uid=1000 gid=1000 groups=1000 ``` ###### tags: `docker`