GAGA LIFE.

インフラエンジニアブログ

スポンサーリンク

Dockerの調査

概要

dockerの確認・調査用のコマンドで個人的に使用頻度の高いものを記載します。 dockerコマンドラインツールを使用して実行中のdockerdサーバーと通信して確認します。

dockerバージョン表示

$ docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:24:51 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:23:15 2018
  OS/Arch:          linux/amd64
  Experimental:     false

サーバー情報

$ docker info
Containers: 8
 Running: 1
 Paused: 0
 Stopped: 7
Images: 14
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-36-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.79GiB
Name: LesPaul
ID: MM6F:PY7P:GJFI:EB2I:W6GC:KXYL:BA26:VPIK:5RL6:DFNL:2TR4:HBAL
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

デフォルトルートディレクトリの変更

$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --data-root="/data/docker"

ダウンロードイメージのアップデート

$ docker pull ubuntu:latest
latest: Pulling from library/ubuntu
Digest: sha256:29934af957c53004d7fb6340139880d23fb1952505a15d69a03af0d1418878cb
Status: Image is up to date for ubuntu:latest

コンテナ検査(inspect)

$ docker run -d -t ubuntu /bin/bash
730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76

確認:

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
730820315a54        ubuntu              "/bin/bash"         45 hours ago        Up 45 hours                             stupefied_shockley
97708850dc56        ubuntu              "/bin/bash"         46 hours ago        Up 46 hours                             nostalgic_kirch
$ docker inspect 730820315a54
[
    {
        "Id": "730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76",
        "Created": "2018-11-15T12:04:37.698492154Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 29586,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-11-15T12:04:38.344451823Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39",

~中略~

        "Config": {
            "Hostname": "730820315a54",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": true,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/bash"
            ],
            "Image": "ubuntu",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },

~中略~
                }
            }
        }
    }
]

シェル探索

$ docker run -it ubuntu:18.04 /bin/bash
# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 11:47 pts/0    00:00:00 /bin/bash
root        13     1  0 11:48 pts/0    00:00:00 ps -ef

結果の返却

$ docker run ubuntu:18.04 /bin/false
$ echo $?
1
$ docker run ubuntu:18.04 /bin/true
$ echo $?
0
$ docker run ubuntu:18.04 /bin/cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
$ docker run ubuntu:18.04 /bin/cat /etc/passwd | wc -l
19

実行中のコンテナの内部への移動

docker exec

$ docker exec -it 730820315a54 /bin/bash
root@730820315a54:/# 
root@730820315a54:/# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 09:44 pts/0    00:00:00 /bin/bash
root        11     0  0 09:44 pts/1    00:00:00 /bin/bash
root        22    11  0 09:45 pts/1    00:00:00 ps -ef

docker volume

$ docker volume ls
DRIVER              VOLUME NAME
$ docker run -d -v /tmp:/tmp ubuntu:latest sleep 120
cfbeed6191af203f1bad901fda27bd7c093c774bff7282b521bfa0acbcbeaea0
$ docker volume ls
DRIVER              VOLUME NAME
$ docker volume create my-data
my-data
$ docker volume ls
DRIVER              VOLUME NAME
local               my-data
$ docker volume inspect my-data
[
    {
        "CreatedAt": "2018-11-19T17:00:49+09:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-data/_data",
        "Name": "my-data",
        "Options": {},
        "Scope": "local"
    }
]

実行例:データボリュームが接続されたコンテナを起動

$ docker run --rm --mount source=my-data,target=/app ubuntu:latest touch /app/my-persistent-data
$ docker run --rm --mount source=my-data,target=/app fedora:latest ls -lFa /app/my-persistent-data
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
d0483bd5a554: Pull complete 
Digest: sha256:4a861283a7f0a8ce3d19b42f4c0a10d7012a4d12f785149d82a0800cdb4498b0
Status: Downloaded newer image for fedora:latest
-rw-r--r-- 1 root root 0 Nov 19 08:06 /app/my-persistent-data
$ docker volume rm my-data
my-data

ロギング

docker logs

$ docker logs d5f634b16bcb
2018/11/19 08:35:46 start server
2018/11/19 08:37:15 received request

※実際のファイル:/var/lib/docker/containers/<container_id>/<container_id>

$ docker logs -f d5f634b16bcb
2018/11/19 08:35:46 start server
2018/11/19 08:37:15 received request

監視

Container Stats

$ docker stats d5f634b16bcb
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT    MEM %               NET I/O             BLOCK I/O           PIDS
d5f634b16bcb        thirsty_kare        0.00%               12.12MiB / 7.79GiB   0.15%               4.28kB / 487B       132MB / 16.4kB      14

1.コンテナID 2.現在消費しているCPUの量 3.使用されているメモリーの量/使用が許可されている最大量 4.ネットワークとブロックI/O量 5.コンテナ内のアクティブプロセス数

$ docker run -d ubuntu:latest sleep 1000
284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats
{"read":"2018-11-19T08:57:05.812544097Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359099900000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}}
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3587    0  3587    0     0   1311      0 --:--:--  0:00:02 --:--:--  1310{"read":"2018-11-19T08:57:28.840273747Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359191960000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}}
100  7299    0  7299    0     0   1539      0 --:--:--  0:00:04 --:--:--  1389
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1 | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4818    0  4818    0     0    852      0 --:--:--  0:00:05 --:--:--   802{
    "blkio_stats": {
        "io_merged_recursive": null,
        "io_queue_recursive": null,
        "io_service_bytes_recursive": null,
        "io_service_time_recursive": null,
        "io_serviced_recursive": null,
        "io_time_recursive": null,
        "io_wait_time_recursive": null,
        "sectors_recursive": null
    },
    "cpu_stats": {
        "cpu_usage": {
            "total_usage": 0,
            "usage_in_kernelmode": 0,
            "usage_in_usermode": 0
        },
        "throttling_data": {
            "periods": 0,
            "throttled_periods": 0,
            "throttled_time": 0
        }
    },
    "id": "284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783",
    "memory_stats": {},
    "name": "/brave_meninsky",
    "num_procs": 0,
    "pids_stats": {},
    "precpu_stats": {
        "cpu_usage": {
            "total_usage": 0,
            "usage_in_kernelmode": 0,
            "usage_in_usermode": 0
        },
        "throttling_data": {
            "periods": 0,
            "throttled_periods": 0,
            "throttled_time": 0
        }
    },
    "preread": "0001-01-01T00:00:00Z",
    "read": "0001-01-01T00:00:00Z",
    "storage_stats": {}
}
100  8030    0  8030    0     0    753      0 --:--:--  0:00:10 --:--:--   641

Container Health Checks

$ git clone https://github.com/spkane/rocketchat-hubot-demo.git --config core.autocrlf=input
Cloning into 'rocketchat-hubot-demo'...
remote: Enumerating objects: 55, done.
remote: Total 55 (delta 0), reused 0 (delta 0), pack-reused 55
Unpacking objects: 100% (55/55), done.
$ cd rocketchat-hubot-demo/mongodb/docker/
$ cat Dockerfile
$ cat Dockerfile 
FROM mongo:3.2

COPY docker-healthcheck /usr/local/bin/

HEALTHCHECK CMD ["docker-healthcheck"]
$ docker build -t mongo-with-check:3.2 .
Sending build context to Docker daemon  3.072kB
Step 1/3 : FROM mongo:3.2
3.2: Pulling from library/mongo
a92a4af0fb9c: Pull complete 
74a2c7f3849e: Pull complete 
927b52ab29bb: Pull complete 
e941def14025: Pull complete 
be6fce289e32: Pull complete 
f6d82baac946: Pull complete 
7c1a640b9ded: Pull complete 
e8b2fc34c941: Pull complete 
1fd822faa46a: Pull complete 
61ba5f01559c: Pull complete 
db344da27f9a: Pull complete 
Digest: sha256:9e09fe9e747fb0ee1e64b572818e7397eb9a73e36a2b08bcc7846e9acf0a587f
Status: Downloaded newer image for mongo:3.2
 ---> fb885d89ea5c
Step 2/3 : COPY docker-healthcheck /usr/local/bin/
 ---> 40c436c49eec
Step 3/3 : HEALTHCHECK CMD ["docker-healthcheck"]
 ---> Running in acb06d91d9e1
Removing intermediate container acb06d91d9e1
 ---> b161409d6d18
Successfully built b161409d6d18
Successfully tagged mongo-with-check:3.2
$ docker run -d --name mongo-hc mongo-with-check:3.2
24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0
$ docker ps
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                            PORTS                    NAMES
24ca8fb920d1        mongo-with-check:3.2   "docker-entrypoint.s…"   5 seconds ago       Up 4 seconds (health: starting)   27017/tcp                mongo-hc
$ docker inspect --format='{{.State.Health.Status}}' mongo-hc
healthy
$ docker inspect --format='{{json .State.Health}}' mongo-hc | jq
{
  "Status": "healthy",
  "FailingStreak": 0,
  "Log": [
    {
      "Start": "2018-11-19T18:38:10.568268914+09:00",
      "End": "2018-11-19T18:38:10.672093343+09:00",
      "ExitCode": 0,
      "Output": ""
    },
    {
      "Start": "2018-11-19T18:38:40.681042069+09:00",
      "End": "2018-11-19T18:38:40.782822109+09:00",
      "ExitCode": 0,
      "Output": ""
    },
    {
      "Start": "2018-11-19T18:39:10.794405801+09:00",
      "End": "2018-11-19T18:39:10.905436868+09:00",
      "ExitCode": 0,
      "Output": ""
    },
    {
      "Start": "2018-11-19T18:39:40.910895434+09:00",
      "End": "2018-11-19T18:39:41.05814446+09:00",
      "ExitCode": 0,
      "Output": ""
    },
    {
      "Start": "2018-11-19T18:40:11.065240784+09:00",
      "End": "2018-11-19T18:40:11.21599411+09:00",
      "ExitCode": 0,
      "Output": ""
    }
  ]
}

Docker Events

$ docker events
2018-11-19T18:42:11.609036458+09:00 container exec_create: docker-healthcheck  24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc)
2018-11-19T18:42:11.609062958+09:00 container exec_start: docker-healthcheck  24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc)
2018-11-19T18:42:11.720761098+09:00 container exec_die 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, exitCode=0, image=mongo-with-check:3.2, name=mongo-hc)

cAdvisor

$ docker run \
>     --volume=/:/rootfs:ro \
>     --volume=/var/run:/var/run:rw \
>     --volume=/sys:/sys:ro \
>     --volume=/var/lib/docker/:/var/lib/docker:ro \
>     --publish=8080:8080 \
>     --detach=true \
>     --name=cadvisor \
>     google/cadvisor:latest
Unable to find image 'google/cadvisor:latest' locally
latest: Pulling from google/cadvisor
ab7e51e37a18: Pull complete 
a2dc2f1bce51: Pull complete 
3b017de60d4f: Pull complete 
Digest: sha256:9e347affc725efd3bfe95aa69362cf833aa810f84e6cb9eed1cb65c35216632a
Status: Downloaded newer image for google/cadvisor:latest
e2328bcfaab99d5cfdfab1bb8390383caa2567083836e0e1a32b0a5659d4dbb1

※RHELおよびCentOSベースのシステムでは、 -volume=/cgroup:/cgroup を追加する

$ curl http://localhost:8080/api/v1.3/containers
{
    "name": "/",
    "subcontainers": [
        {
            "name": "/docker"
        },
        {
            "name": "/system.slice"
        },
        {
            "name": "/user.slice"
        }
    ],
    "spec": {
        "creation_time": "2018-11-19T09:45:55.679934352Z",
        "has_cpu": true,
        "cpu": {
            "limit": 1024,
            "max_limit": 0,
            "mask": "0-3",
            "period": 100000
        },
        "has_memory": true,
        "memory": {
            "limit": 8363970560,
            "reservation": 9223372036854772000,
            "swap_limit": 2147479552
        },
        "has_network": true,
        "has_filesystem": true,
        "has_diskio": true,
        "has_custom_metrics": false
    },
    "stats": [
        {
            "timestamp": "2018-11-19T09:55:08.743405373Z",
            "cpu": {
                "usage": {
                    "total": 2008975589679,
                    "per_cpu_usage": [
                        471245263829,
                        537839462302,
                        495495643785,
                        504395219763
                    ],
                    "user": 943780000000,
                    "system": 451650000000
                },
                "cfs": {
                    "periods": 0,
                    "throttled_periods": 0,
                    "throttled_time": 0
                },
                "load_average": 0
            },
            "diskio": {
                "io_service_bytes": [
                    {
                        "device": "/dev/sda",
                        "major": 8,
                        "minor": 0,
                        "stats": {
                            "Async": 5165035520,
                            "Read": 1631372288,
                            "Sync": 2492670976,
                            "Total": 7657706496,
                            "Write": 6026334208
                        }
                    },

~中略~

            "memory": {
                "usage": 4857798656,
                "max_usage": 5272961024,
                "cache": 69480448,
                "rss": 1495089152,
                "swap": 0,
                "working_set": 2873171968,
                "failcnt": 0,
                "container_data": {
                    "pgfault": 247767,
                    "pgmajfault": 131
                },
                "hierarchical_data": {
                    "pgfault": 247767,
                    "pgmajfault": 131
                }
            },
            "network": {
                "name": "enp0s3",
                "rx_bytes": 503207018,
                "rx_packets": 361607,
                "rx_errors": 0,
                "rx_dropped": 0,
                "tx_bytes": 7569563,
                "tx_packets": 107966,
                "tx_errors": 0,
                "tx_dropped": 0,
                "interfaces": [
                    {
                        "name": "enp0s3",
                        "rx_bytes": 503207018,
                        "rx_packets": 361607,
                        "rx_errors": 0,
                        "rx_dropped": 0,
                        "tx_bytes": 7569563,
                        "tx_packets": 107966,
                        "tx_errors": 0,
                        "tx_dropped": 0
                    },
                    {
                        "name": "br-0e7abd3f4d7b",
                        "rx_bytes": 0,
                        "rx_packets": 0,
                        "rx_errors": 0,
                        "rx_dropped": 0,
                        "tx_bytes": 0,
                        "tx_packets": 0,
                        "tx_errors": 0,
                        "tx_dropped": 0
                    }
                ],
                "tcp": {
                    "Established": 0,
                    "SynSent": 0,
                    "SynRecv": 0,
                    "FinWait1": 0,
                    "FinWait2": 0,
                    "TimeWait": 0,
                    "Close": 0,
                    "CloseWait": 0,
                    "LastAck": 0,
                    "Listen": 0,
                    "Closing": 0
                },

~中略~

            ],
            "task_stats": {
                "nr_sleeping": 0,
                "nr_running": 0,
                "nr_stopped": 0,
                "nr_uninterruptible": 0,
                "nr_io_wait": 0
            }
        },
        {
            "timestamp": "2018-11-19T09:55:10.682078016Z",
            "cpu": {

                "nr_uninterruptible": 0,
                "nr_io_wait": 0
            }
        }
    ]
}

f:id:undercovergeek:20181119193017j:plain f:id:undercovergeek:20181119193028j:plain

Docker Compose複数コンテナ実行

複数コンテナ実行(Compose)

Jenkinsコンテナ実行

記述例:docker-compose.yml

version:"3"
services:
  master:
    container_name: master
    image: jenkins:latest
    ports:
     - 8080:8080
    volumes:
     - ./jenkins_home:/var/jenkins_home

※volumes=ホスト側:カレントディレクトリ直下のjenkins_home/コンテナ側:/var/jenkins_home

$ pwd
/home/docker/sample
$ ls -la
合計 12
drwxrwxr-x. 2 docker docker 4096 116 20:18 .
drwx------. 6 docker docker 4096 116 20:18 ..
-rw-rw-r--. 1 docker docker  166 116 20:18 docker-compose.yml
$ pwd
/home/docker/sample
$ ls
docker-compose.yml
$ docker-compose up
Creating network "sample_default" with the default driver
Pulling master (jenkins:latest)...
latest: Pulling from library/jenkins
55cbf04beb70: Pull complete
1607093a898c: Pull complete
9a8ea045c926: Pull complete
d4eee24d4dac: Pull complete
c58988e753d7: Pull complete
794a04897db9: Pull complete
70fcfa476f73: Pull complete
0539c80a02be: Pull complete
54fefc6dcf80: Pull complete
911bc90e47a8: Pull complete
38430d93efed: Pull complete
7e46ccda148a: Pull complete
c0cbcb5ac747: Pull complete
35ade7a86a8e: Pull complete
aa433a6a56b1: Pull complete
841c1dd38d62: Pull complete
b865dcb08714: Pull complete
5a3779030005: Pull complete
12b47c68955c: Pull complete
1322ea3e7bfd: Pull complete
Creating master ... done
Attaching to master
master    | Running from: /usr/share/jenkins/jenkins.war
master    | webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")

~中略~

master    | INFO: 
master    | 
master    | *************************************************************
master    | *************************************************************
master    | *************************************************************
master    | 
master    | Jenkins initial setup is required. An admin user has been created and a password generated.
master    | Please use the following password to proceed to installation:
master    | 
master    | 911abe0f181f4b0c9cd3752c803fd615
master    | 
master    | This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
master    | 
master    | *************************************************************
master    | *************************************************************
master    | *************************************************************
master    | 
master    | --> setting agent port for jnlp
master    | --> setting agent port for jnlp... done
master    | Nov 06, 2018 11:41:05 AM hudson.model.UpdateSite updateData
master    | INFO: Obtained the latest update center data file for UpdateSource default
master    | Nov 06, 2018 11:41:05 AM hudson.model.UpdateSite updateData
master    | INFO: Obtained the latest update center data file for UpdateSource default
master    | Nov 06, 2018 11:41:05 AM hudson.WebAppMain$3 run
master    | INFO: Jenkins is fully up and running
master    | Nov 06, 2018 11:41:06 AM hudson.model.DownloadService$Downloadable load
master    | INFO: Obtained the updated data file for hudson.tasks.Maven.MavenInstaller
master    | Nov 06, 2018 11:41:08 AM hudson.model.DownloadService$Downloadable load
master    | INFO: Obtained the updated data file for hudson.tools.JDKInstaller
master    | Nov 06, 2018 11:41:08 AM hudson.model.AsyncPeriodicWork$1 run
master    | INFO: Finished Download metadata. 29,802 ms

ブラウザアクセス(http://localhost:8080)

ログイン

f:id:undercovergeek:20181106230244j:plain 初期パスワード入力
※初期パスワードは、以下で確認可能 コンテナ側:/var/jenkins_home/secrets/initialAdminPassword ホスト側:./jenkins_home/secrets/initialAdminPassword

Install suggested plugin押下

f:id:undercovergeek:20181106230303j:plain f:id:undercovergeek:20181106230332j:plain

ユーザー作成

f:id:undercovergeek:20181106230346j:plain

ホーム画面表示

f:id:undercovergeek:20181106230722j:plain

Master JenkinsのSSHキー作成

$ docker container exec -it master ssh-keygen -t rsa -C ""
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa): 
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rSeBWHqwemaHOWtbzncuBDmEq5U3TPVU5B6EOl49Gd0 
The key's randomart image is:
+---[RSA 2048]----+
|     . .. .++. . |
|    . o  o.o. . E|
|    .*.. ...oo   |
|    +*B.o...+.   |
|   o+.o=So. ..   |
|  .. +  oo       |
|  . B o.o .      |
|   +.B  oo.      |
|   .o.o. +.      |
+----[SHA256]-----+

Jenkins Slaveコンテナ作成

記述例:docker-compose.yml

version: "3"
services:
  master:
    container_name: master
    image: jenkins:latest
    ports:
     - 8080:8080
    volumes:
     - ./jenkins_home:/var/jenkins_home
    links:
     - slave01

  slave01:
   container_name: slave01
   image: jenkinsci/ssh-slave
   environment:
    - JENKINS_SLAVE_SSH_PUBKEY=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVnrSDJ0q0BoyMNiCLr8B9DrAd7qj6A2NYxRPkvWiCXUHY+ux/yJDXQogFQnycs+sXHjDQsJNWMkLtl7suH9EE9f04Jg80uhLbbBTpH7fNp90wqunmYmag6DmtrlKoBEYL2cgTPF2oXDECqrQHDz05TnAAf+gqAZ1EXD9vAYEzIeirsYwtMmwB76NrYHVDBWAQ4zRalOR2kMAhGETeDkdgVJcJPLlU74NEFVSSXqcZXGYFMiyzNzXKuUkpapQ2Rn5n7stjm6pDk+bgMkfF63ap8r/riiC5tcy7+BAHETvhSB2Z+CkXR7+/LbZibcEfRqn7R/zv+iyZqOdHoGE1Qa9D

JENKINS_SLAVE_SSH_PUBKEY環境変数には、./jenkins_home/.ssh/id_rsa.pubの内容をコピペ

master/slave01実行
$ docker-compose up -d
$ docker-compose ps
 Name                Command               State                 Ports              
------------------------------------------------------------------------------------
master    /bin/tini -- /usr/local/bi ...   Up      50000/tcp, 0.0.0.0:8080->8080/tcp
slave01   setup-sshd                       Up      22/tcp 

ノード追加

ホーム画面から、「Jenkinsの管理」→「ノード管理」→「新規ノード作成」 f:id:undercovergeek:20181106230506j:plain f:id:undercovergeek:20181106230521j:plain
リモートFSルート:任意のディレクトリ(例:/home/jenkins)
起動方法:SSH経由でUnixマシンのスレーブエージェントを起動
ホスト:slave01
認証方法:(追加プルダウン)Jenkins
Host Key Verification Strategy:Non Verifying Verification Strategy
f:id:undercovergeek:20181106230549j:plain f:id:undercovergeek:20181106230610j:plain

Docker Composeインストール&実行

概要

Ubuntuにdocker-composeをインストールして、簡単な動作確認をします。

インストール

UbuntuにDocker Composeをインストールします。 ※Docker for Windows/Macをローカル環境にインストールされていればdocker-composeですぐに使用できます。
2018/11/5時点ではDocker Composeの最新版は1.23.0が最新版です。
最新版のバージョンは下記URLから確認してください。
https://github.com/docker/compose/blob/master/CHANGELOG.md

docker-composeインストール

sudo curl -L https://github.com/docker/compose/releases/download/1.23.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

インストール実行

$ sudo curl -L https://github.com/docker/compose/releases/download/1.23.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   617    0   617    0     0    896      0 --:--:-- --:--:-- --:--:--   896
100 11.1M  100 11.1M    0     0  2010k      0  0:00:05  0:00:05 --:--:-- 2466k
$ sudo chmod +x /usr/local/bin/docker-compose
$ sudo docker-compose version
docker-compose version 1.23.0, build c8524dc1
docker-py version: 3.5.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f  25 May 2017

コンテナ実行

任意のディレクトリに以下のようなyaml形式の「docker-compose.yml」を作成する。

version: "3"
services: 
 echo:
  image: example/echo:latest
  ports:
   - 9000: 8080

上記ファイルは、以下コマンドと同義です。

$ docker container run -d -p 9000:8080 example/echo:latest

実行例:実行→停止

$ ls -la | grep docker-compose.yml 
-rwxrwxrwx 1 docker docker   83 115 21:37 docker-compose.yml
$ docker-compose up -d
Creating network "sample_default" with the default driver
Creating sample_echo_1_dc17877bb0fe ... done
$ docker container ls
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                    NAMES
a6615e937c86        example/echo:latest   "go run /echo/main.go"   2 minutes ago       Up 2 minutes        0.0.0.0:9000->8080/tcp   sample_echo_1_4d8b8b95352f
$ docker-compose down
Stopping sample_echo_1_4d8b8b95352f ... done
Removing sample_echo_1_4d8b8b95352f ... done
Removing network sample_default

Dockerfileでの構成管理

Dockerfileによる構成管理

Dockerfile(基本構文)

Dockerfile基本書式

命令 引数
Commands Description
FROM ベースイメージ指定
RUN コマンド実行
CMD コンテナの実行コマンド
LABEL ラベルを設定
EXPOSE ポートのエクスポート
ENV 環境変数
ADD ファイル/ディレクトリ追加
COPY ファイルコピー
ENTRYPOINT コンテナの実行コマンド
VOKUME ボリュームマウンド
USER ユーザー指定
WORKDIR 作業ディレクトリ
ARG Dockerfile内の変数
ONBUILD ビルド完了後に実行される命令
STOPSIGNAL システムコールシグナルの設定
HEALTHCHECK コンテナヘルスチェック
SHELL デフォルトシェル設定

記述例:コメント書式

# コメント部分
命令 引数 #コメント部分②

Dockerfile作成

FROM命令(※必須項目)

FROM [イメージ名]
FROM [イメージ名]:[タグ名]
FROM [イメージ名]@[ダイジェスト]

設定例:CentOS7をベースイメージにしたDockerfile

# ベースイメージの設定
FROM centos:centos7

実行例:ダイジェスト確認
※ダイジェスト=イメージを一意に特定する際に利用。Docker Hubにアップすると自動付与される識別子。

docker@LesPaul:~$ docker image ls --digests undercoverism/webserver
REPOSITORY                TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
undercoverism/webserver   1.0                 sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad   be1f31be9a87        3 weeks ago         109MB

設定例:ダイジェストを指定したDockerfile

# ベースイメージ設定
FROM undercoverism/webserver@sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad

Dockerfileビルド&イメージレイヤー

DockerfileからのDockerイメージ作成

$ docker build -t [生成するイメージ名]:[タグ名] [Dockerfileの場所]

実行例:Dockerfileの作成

$ mkdir sample && cd $_
$ touch Dockerfile
$ ls
Dockerfile

設定例:Dockerfileの内容

# ベースイメージの設定
FROM centos:centos7

実行例:docker buildコマンド

$ docker build -t sample:1.0 /home/docker/sample/
Sending build context to Docker daemon  2.048kB
Step 1/1 : FROM centos:centos7
centos7: Pulling from library/centos
Digest: sha256:67dad89757a55bfdfabec8abd0e22f8c7c12a1856514726470228063ed86593b
Status: Downloaded newer image for centos:centos7
 ---> 75835a67d134
Successfully built 75835a67d134
Successfully tagged sample:1.0
$ docker image ls
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
sample                    1.0                 75835a67d134        2 weeks ago         200MB
centos                    centos7             75835a67d134        2 weeks ago         200MB

実行例:新規イメージ作成(タグ名=2.0)

$ docker build -t sample:2.0 /home/docker/sample
Sending build context to Docker daemon  2.048kB
Step 1/1 : FROM centos:centos7
 ---> 75835a67d134
Successfully built 75835a67d134
Successfully tagged sample:2.0
$ docker image ls
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos                    centos7             75835a67d134        2 weeks ago         200MB
sample                    1.0                 75835a67d134        2 weeks ago         200MB
sample                    2.0                 75835a67d134        2 weeks ago         200MB

例:ファイル名指定のdocker buildコマンド実行

$ docker build -t sample -f Dockerfile.base

例:標準入力からのビルド

$ docker build - < Dockerfile

実行例:圧縮アーカイブによる標準入力からのビルド

$ tar tvfz docker.tar.gz 
-rw-rw-r-- docker/docker    20 2018-10-28 19:16 Dockerfile
-rw-rw-r-- docker/docker    20 2018-10-29 17:50 dummyfile
$ docker build - < docker.tar.gz
Sending build context to Docker daemon     170B
Step 1/1 : FROM centos:centos7
 ---> 75835a67d134
Successfully built 75835a67d134

Dockerイメージのレイヤー構造

# STEP:1 Ubuntu(ベースイメージ)
FROM ubuntu:latest

# STEP:2 Nginxインストール
RUN apt-get update && apt-get install -y -q nginx

# STEP:3 ファイルコピー
COPY index.html /usr/share/nginx/html

# STEP:4 Nginx起動
CMD ["nginx","-g","daemon off;"]

実行例:イメージレイヤー構造

$ ls -la | grep index
-rwxrwxrwx 1 docker docker  208 1029 18:01 index.html
$ cat index.html 
<!doctype html>
<html lang="ja">
<head>
<meta charset="UTF-8">
<title>Webサイトをつくってみよう</title>
</head>
<body>
Hello world!
<img src="./images/html5.png" alt="html5ロゴ">
</body>
</html>
$ docker build -t webap .
Sending build context to Docker daemon   5.12kB
Step 1/4 : FROM ubuntu:latest
latest: Pulling from library/ubuntu
473ede7ed136: Pull complete 
c46b5fa4d940: Pull complete 
93ae3df89c92: Pull complete 
6b1eed27cade: Pull complete 
Digest: sha256:29934af957c53004d7fb6340139880d23fb1952505a15d69a03af0d1418878cb
Status: Downloaded newer image for ubuntu:latest
 ---> ea4c82dcd15a
Step 2/4 : RUN apt-get update && apt-get install -y -q nginx
 ---> Running in 8b729d7c3971
Get:1 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Get:3 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [1364 B]

~中略~

Setting up libgd3:amd64 (2.2.5-4ubuntu0.2) ...
Setting up libnginx-mod-http-image-filter (1.14.0-0ubuntu1.1) ...
Setting up nginx-core (1.14.0-0ubuntu1.1) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Setting up nginx (1.14.0-0ubuntu1.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Removing intermediate container 8b729d7c3971
 ---> 490efe2721a4
Step 3/4 : COPY index.html /usr/share/nginx/html
 ---> 561c6ff715cd
Step 4/4 : CMD ["nginx","-g","daemon off;"]
 ---> Running in 60ea9dc4e0cd
Removing intermediate container 60ea9dc4e0cd
 ---> 0d4eb204077d
Successfully built 0d4eb204077d
Successfully tagged webap:latest

コマンド/デーモン実行

RUN命令(コマンド実行)

$ RUN [実行したいコマンド]

1.Shell形式
設定例:Shell形式のRUN命令

# Nginxインストール
RUN apt-get install -y nginx

2.Exec形式
設定例:Exec形式のRUN命令

# Nginxインストール
RUN ["/bin/bash","-c","apt-get install -y nginx"]

実行例:RUN命令実行例(複数行記述)

$ cat Dockerfile 
# ベースイメージ設定
FROM ubuntu:latest
# RUN命令実行
RUN echo Shell形式です
RUN ["echo","Exec形式です"]
RUN ["/bin/bash","-c","echo 'Exec形式でbash使用'"]
$ docker build -t run-sample .
Sending build context to Docker daemon   5.12kB
Step 1/4 : FROM ubuntu:latest
 ---> ea4c82dcd15a
Step 2/4 : RUN echo Shell形式です
 ---> Running in 2fd1afc5b638
Shell形式です
Removing intermediate container 2fd1afc5b638
 ---> bfaba146ab30
Step 3/4 : RUN ["echo","Exec形式です"]
 ---> Running in 36653da561de
Exec形式です
Removing intermediate container 36653da561de
 ---> cbfa1d81ea31
Step 4/4 : RUN ["/bin/bash","-c","echo 'Exec形式でbash使用'"]
 ---> Running in 5846307183eb
Exec形式でbash使用
Removing intermediate container 5846307183eb
 ---> 858a4939aa16
Successfully built 858a4939aa16
Successfully tagged run-sample:latest
docker@LesPaul:~/sample$ docker history run-sample
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
858a4939aa16        About a minute ago   /bin/bash -c echo 'Exec形式でbash使用'               0B                  
cbfa1d81ea31        About a minute ago   echo Exec形式です                                   0B                  
bfaba146ab30        About a minute ago   /bin/sh -c echo Shell形式です                       0B                  
~中略~

CMD命令(デーモン実行)

$ CMD [実行したいコマンド]

1.Exec形式

CMD ["nginx","-g","daemon off;"]

2.Shell形式

CMD nginx -g 'daemon off;'

3.ENTRYPOINT命令のパラメータとしての記述

$ cat Dockerfile 
# ベースイメージ設定
FROM ubuntu:18.04
# Nginxインストール
RUN apt-get -y update && apt-get -y update
RUN apt-get -y install nginx
# ポート指定
EXPOSE 80
# サーバ実行
CMD ["nginx","-g","daemon off;"]
$ docker build -t cmd-sample
"docker build" requires exactly 1 argument.
See 'docker build --help'.

Usage:  docker build [OPTIONS] PATH | URL | -

Build an image from a Dockerfile
docker@LesPaul:~/sample$ docker build -t cmd-sample .
Sending build context to Docker daemon   5.12kB
Step 1/5 : FROM ubuntu:18.04
18.04: Pulling from library/ubuntu
Digest: sha256:29934af957c53004d7fb6340139880d23fb1952505a15d69a03af0d1418878cb
Status: Downloaded newer image for ubuntu:18.04
 ---> ea4c82dcd15a
Step 2/5 : RUN apt-get -y update && apt-get -y update
 ---> Running in a89b0fb9e38a
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:3 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [112 kB]

~中略~

Reading package lists...
Removing intermediate container a89b0fb9e38a
 ---> b97ea6ff333b
Step 3/5 : RUN apt-get -y install nginx
 ---> Running in e69b5967182d
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core geoip-database iproute2 libatm1 libbsd0
  libelf1 libexpat1 libfontconfig1 libfreetype6 libgd3 libgeoip1 libicu60
  libjbig0 libjpeg-turbo8 libjpeg8 libmnl0 libnginx-mod-http-geoip
  libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter
  libnginx-mod-mail libnginx-mod-stream libpng16-16 libssl1.1 libtiff5
  libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxml2 libxpm4
  libxslt1.1 libxtables12 multiarch-support nginx-common nginx-core ucf
Suggested packages:
  iproute2-doc libgd-tools geoip-bin fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core geoip-database iproute2 libatm1 libbsd0
  libelf1 libexpat1 libfontconfig1 libfreetype6 libgd3 libgeoip1 libicu60
  libjbig0 libjpeg-turbo8 libjpeg8 libmnl0 libnginx-mod-http-geoip
  libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter
  libnginx-mod-mail libnginx-mod-stream libpng16-16 libssl1.1 libtiff5
  libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxml2 libxpm4
  libxslt1.1 libxtables12 multiarch-support nginx nginx-common nginx-core ucf
0 upgraded, 40 newly installed, 0 to remove and 2 not upgraded.
Need to get 16.9 MB of archives.
After this operation, 61.4 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 multiarch-support amd64 2.27-3ubuntu1 [6916 B]
Get:2 http://archive.ubuntu.com/ubuntu bionic/main amd64 libxau6 amd64 1:1.0.8-1 [8376 B]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libjpeg-turbo8 amd64 1.5.2-0ubuntu5.18.04.1 [110 kB]

~中略~

Setting up libgd3:amd64 (2.2.5-4ubuntu0.2) ...
Setting up libnginx-mod-http-image-filter (1.14.0-0ubuntu1.1) ...
Setting up nginx-core (1.14.0-0ubuntu1.1) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Setting up nginx (1.14.0-0ubuntu1.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Removing intermediate container e69b5967182d
 ---> c30a2e6cc1d3
Step 4/5 : EXPOSE 80
 ---> Running in 75ccb40286e2
Removing intermediate container 75ccb40286e2
 ---> 818e8362a0f1
Step 5/5 : CMD ["nginx","-g","daemon off;"]
 ---> Running in 4408aba6ba38
Removing intermediate container 4408aba6ba38
 ---> 119eeb20ad82
Successfully built 119eeb20ad82
Successfully tagged cmd-sample:latest
$ docker container run -p 80:80 -d cmd-sample
31434c36d45efbd80a94807d75cd7d7cdd30200f96aa1ddad60ba81e6667e4fc

ENTRYPOINT命令(デーモン実行)

ENTRYPOINT [実行したいコマンド]

1.Exec形式

EXTRYPOINT ["nginx","-g","daemon off;"]

2.Shell形式(ENTRYPOINT命令)

ENTRYPOINT nginx -g 'daemon off;'

実行例:ENTRYPOINT命令とCMD命令の組み合わせ例

$ cat Dockerfile 
# Dockerイメージ取得
FROM ubuntu:18.04
# top実行
ENTRYPOINT ["top"]
CMD ["-d","10"]

例:docker container runコマンド例

# CMD命令で指定した10秒毎に更新する場合
$ docker container run -it sample
# 2秒毎に更新する場合
$ docker container run -it sample -d 2

ONBUILD命令(ビルド完了後に実行される命令)

ONBUILD [実行したいコマンド]

STOPSIGNAL命令(システムコールシグナル設定)

STOPSIGNAL [シグナル]

HEALTHCHECK命令(コンテナのヘルスチェック命令)

HEALTHCHECK [オプション] CMD 実行するコマンド
Options Description Default
--interval=n ヘルスチェック間隔 30s
--timeout=n ヘルスチェックのタイムアウト 30s
--retries=N タイムアウト回数 3

設定例:HEALTHCHECK命令

HEALTHCHECK --interval=5m --timeout=3s CMD curl -f http://localhost/ || exit 1

環境/ネットワーク設定

ENV命令(環境変数設定)

ENV [key] [value]
ENV [key]=[value]

1.key value指定

key value
myName "Undercover"
myOrder Water
myNickName UC

設定例:key value指定

ENV myName "Undercover"
ENV myOrder Water
ENV myNickName UC

2.key=value指定

ENV myName="Undercover" \
    myOrder=Water \
    myNickName=UC

WORKDIR命令(作業ディレクトリ指定)

WORKDIR [作業ディレクトリのパス]

設定例:絶対パス/相対パスによるWORKDIR命令

WORKDIR /first
WORKDIR second
WORKDIR third
RUN ["pwd"]

設定例:WORKDIR命令で環境変数を使用する例

ENV DIRPATH /first
ENV DIRNAME second
WORKDIR $DIRPATH/$DIRNAME
RUN ["pwd"]

USER命令(ユーザー指定)

USER [ユーザー名/UID]

設定例:USER命令の例

RUN ["adduser","undercover"]
RUN ["whoami"]
USER undercover
RUN ["whoami"]

LABEL命令(ラベル指定)

LABEL <キー値>=<値>

設定例:LABEL命令の例

LABEL maintainer "Undercover<undercover@mail.xxx.xxx>"
LABEL title="WebAP"
LABEL version="1.0"
LABEL description="This image is WebApplicationServer"

EXPOSE命令(ポート設定)

EXPOSE <ポート番号>

設定例:EXPOSE命令の例

EXPOSE 8080

ARG命令(Dockerfile内変数設定)

ARG <名前>[=デフォルト値]

設定例:ARG命令の例

ARG YOURNAME="undercover"
RUN echo $YOURNAME

SHELL命令(デフォルトシェル設定)

SHELL ["シェルのパス","パラメータ"]

設定例:RUN命令実行

# デフォルトシェル指定
SHELL ["/bin/bash","-c"]
# RUN命令実行
RUN echo hello

ファイル設定

ADD命令(ファイル/ディレクトリ追加)

ADD <ホストのファイルパス> <Dockerイメージのファイルパス>
ADD ["<ホストのファイルパス>""<Dockerイメージのファイルパス>"]

設定例:ADD命令例

ADD host.html /docker_dir/

例:ADD命令でのパターン例

# [hos]で始まるすべてのファイル追加
ADD hos* /docker_dir/
# [hos] +任意の1文字のルールに当てはまるファイル追加
ADD hos?.txt /docker_dir/

設定例:WORKDIR命令とADD命令例

WORKDIR /docker_dir
ADD host.html web/

COPY命令(ファイルコピー)

COPY <ホストのファイルパス> <Dockerイメージのファイルパス>
COPY ["<ホストのファイルパス>" "<Dockerイメージのファイルパス>"]

VOLUME命令(ボリュームマウント)

VOLUME ["/マウントポイント"]

Dockerイメージ作成

docker container commit(コンテナからイメージ作成)

$ docker container commit [オプション] コンテナ識別子 [イメージ名{[タグ名]}]
Options Description
--author,-a 作成者を指定
--message,-m メッセージを指定する
--change,-c コミット時のDockerfile命令を指定
--pause,-p コンテナを一時停止してコミットする

実行例:コンテナからイメージ作成

docker@LesPaul:~$ docker container commit -a "Undercover" webfront undercover/webfront:1.0
sha256:8c8a00a3cdc8dc445b8569e759c7df4739867385a873dcd948a0b94d876acf22
docker@LesPaul:~$ docker image ls
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
undercover/webfront       1.0                 8c8a00a3cdc8        33 seconds ago      109MB

実行例:イメージ詳細確認

docker@LesPaul:~$ docker image inspect undercover/webfront:1.0

~中略~

        "DockerVersion": "18.06.1-ce",
        "Author": "Undercover",
]

docker container export(コンテナをtarファイル出力)

$ docker container export コンテナ識別子

実行例:ファイル出力

docker@LesPaul:~$ docker container export webserver > latest.tar
docker@LesPaul:~$ ls -la | grep latest
-rw-rw-r-- 1 docker docker 111124992 1025 21:41 latest.tar

実行例:生成されたtarファイルの詳細確認

docker@LesPaul:~$ tar -tf latest.tar
.dockerenv
bin/
bin/bash
bin/cat
bin/chgrp
bin/chmod
bin/chown
bin/cp
~中略~

docker image import(tarファイルからのイメージ作成)

$ docker image import ファイルまたはURL - [イメージ名[:タグ名]]

例:イメージ作成

$ cat latest.tar | docker image import - undercover/webfront:1.1

実行例:イメージ作成

docker@LesPaul:~$ docker image ls
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
undercover/webfront       1.1                 aeab77eba79c        41 seconds ago      107MB

docker image save(イメージ保存)

$ docker image save [オプション] 保存ファイル名 [イメージ名]

実行例:イメージ保存

docker@LesPaul:~$ docker image save -o export.tar ubuntu
docker@LesPaul:~$ ls -la | grep export
-rw------- 1 docker docker  86647808 1025 21:53 export.tar

docker image load(イメージ読み込み)

$ docker image load [オプション] 

例:イメージ読み込み

$ docker image load -i export.tar

docker system prune(不要なイメージ/コンテナ削除)

$ docker system prune [オプション]
Options Description
--all,-a 使用していないリソースを全て削除する
--force,-f 強制的に削除する

実行例:不要なリソースの削除

docker@LesPaul:~$ docker system prune -a
WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all images without at least one container associated to them
        - all build cache
Are you sure you want to continue? [y/N] y
Deleted Containers:
dd72a792e0a7c57a70b7442f827ec355d1e287e26df37299a6aca7667bdbf13c
7e287f339630b1d539c87ff0fa0b09f819233ecfc40ceda8982da56ff11d5f8b

Deleted Images:
untagged: ubuntu:latest
untagged: ubuntu@sha256:de774a3145f7ca4f0bd144c7d4ffb2931e06634f11529653b23eba85aef8e378
deleted: sha256:cd6d8154f1e16e38493c3c2798977c5e142be5e5d41403ca89883840c6d51762
deleted: sha256:2416e906f135eea2d08b4a8a8ae539328482eacb6cf39100f7c8f99e98a78d84
deleted: sha256:7f8291c73f3ecc4dc9317076ad01a567dd44510e789242368cd061c709e0e36d
deleted: sha256:4b3d88bd6e729deea28b2390d1ddfdbfa3db603160a1129f06f85f26e7bcf4a2
deleted: sha256:f51700a4e396a235cee37249ffc260cdbeb33268225eb8f7345970f5ae309312
deleted: sha256:a30b835850bfd4c7e9495edf7085cedfad918219227c7157ff71e8afe2661f63
untagged: undercover/webfront:1.0
deleted: sha256:8c8a00a3cdc8dc445b8569e759c7df4739867385a873dcd948a0b94d876acf22
deleted: sha256:9a4854d752ce57d494247e3263a4f3eaf75dd911d5dfc6e2825f0645d27473c4
untagged: undercover/webfront:1.1
deleted: sha256:aeab77eba79c324184a9ba49010e76f2b5b09937dd115e2b3844fe93b4bbaa27
deleted: sha256:45372a8a59012ec7eb0a11b8cc480523b2f437d5ef14c530097b6ce75d14466f
untagged: nginx:latest
untagged: nginx@sha256:9ad0746d8f2ea6df3a17ba89eca40b48c47066dfab55a75e08e2b70fc80d929e
untagged: undercover/webserver:1.0
untagged: jenkins:latest
untagged: jenkins@sha256:eeb4850eb65f2d92500e421b430ed1ec58a7ac909e91f518926e02473904f668
deleted: sha256:cd14cecfdb3a657ba7d05bea026e7ac8b9abafc6e5c66253ab327c7211fa6281
deleted: sha256:9047d4817dd4203ae4d456888aa5355bc526d274713d6f168359ba61b85b6c00
deleted: sha256:b6eeb6c0e550e93a8b6293a35b2a68931a2af1d21cf8fe8c53bd412359433fdc
deleted: sha256:54a9d685504efad152c1032f37f76ee95bae30607f68bd0ff48a095ebec5d820
deleted: sha256:0b5e1c633ad7fa60f5185ff00ccbff9af3608ba336dc7c01868f9cd0dd8a7137
deleted: sha256:0373335894092868f06432433f14881bd6f09d851931d6e5090601a64e0466f3
deleted: sha256:b4e8f84d7b87e7994e49a190bc35871b23f76d9cab573308fa1ae7401c50dcc6
deleted: sha256:cde912e85b12d50e9e4d056ad3c8cb35853c60291dbe4b319dcd80bcd2ef243c
deleted: sha256:8062b94ccb384de40b6777515f21b895be64218c5296bac3ee6db2ed4c5db9fe
deleted: sha256:a3411e0c109af31befac78bcbd2aba26f893717f645df8d4828bf29772417bc0
deleted: sha256:fb1cc4fe4174cb86f9614cf9ee4c6cecad4c7f0c04ca52c95fd1a7d0d79471e8
deleted: sha256:1fe73f13106502d5c58cc444a71738c518b341fd667fc26058f3e473a3cc559f
deleted: sha256:d3898f75e7b8a2a7e45bfdd351a00c4ad95b743861860635d702378fd073771d
deleted: sha256:46ddeaf1e1efd81fd6cad11c44af4e4ba71cbab32b75f60f8647f025a8874315
deleted: sha256:4e9ac8670c1ea60c504c1dc22e38a177afd782a48e17e81e06ecf60a1c8f4ef0
deleted: sha256:76dc20911db5ba40907269c70aa4ef7caf207ea4aa23818b8db2ff83ba74e1e4
deleted: sha256:b4ff564f2a75c2bc85c8eda2928ec73b13809416658f949d2b55fa24448c08b1
deleted: sha256:2d9c829ae3f7ff3e148e5c7c3a1cf378b0f90b79035e2fe9a8d78c63ccde4c89
deleted: sha256:b1ae7168c6f3e061aa3943740ec3ceaf8e582dc65feab31d2b56d464a5062d59
deleted: sha256:4a495dbc04bd205c728297a08cf203988e91caeafe4b21fcad94c893a53d96dc
deleted: sha256:3b10514a95bec77489a57d6e2fbfddb7ddfdb643907470ce5de0f1b05c603706

Total reclaimed space: 887.3MB

参考資料

https://docs.docker.com/engine/reference/commandline/container_commit/
https://docs.docker.com/engine/reference/commandline/container_export/
https://docs.docker.com/engine/reference/commandline/image_import/
https://docs.docker.com/engine/reference/commandline/image_save/
https://docs.docker.com/engine/reference/commandline/image_load/
https://docs.docker.com/engine/reference/commandline/image_prune/

稼働中のDockerコンテナ操作

docker container attach(稼働コンテナへの接続)

例:コンテナへの接続

$ docker container attach sample

docker container exec(稼働コンテナでプロセス実行)

$ docker container exec [オプション] コンテナ識別子 実行するコマンド [引数]
Options Description
--detach,-d コマンドをバックグラウンドで実行する
--interactive,-i コンテナの標準入力を開く
--tty,-t tty(端末デバイス)を使う
--user,-u ユーザー名を指定

実行例:コンテナでのbash実行

docker@LesPaul:~$ docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
ac5135fb6709        nginx               "nginx -g 'daemon of…"   2 days ago          Up 2 days           80/tcp               webap
dd72a792e0a7        nginx               "nginx -g 'daemon of…"   2 days ago          Up 2 days           0.0.0.0:80->80/tcp   webfront
docker@LesPaul:~$ docker container exec -it webfront /bin/bash
root@dd72a792e0a7:/# 

実行例:コンテナでのecho実行

docker@LesPaul:~$ docker container exec -it webfront /bin/echo "Hello world"
Hello world

docker container top(稼働コンテナのプロセス確認)

実行例:プロセス確認

docker@LesPaul:~$ docker container top webfront
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                4085                4065                0                   1021               ?                   00:00:00            nginx: master process nginx -g daemon off;
systemd+            4148                4085                0                   1021               ?                   00:00:00            nginx: worker process

docker container port(稼働コンテナのポート転送確認)

実行例:コンテナのポート転送

docker@LesPaul:~$ docker container port webfront
80/tcp -> 0.0.0.0:80

docker container rename(コンテナの名前変更)

docker@LesPaul:~$ docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
17d9b662dd39        centos              "/bin/bash"              3 minutes ago       Up 3 seconds                             old
docker@LesPaul:~$ docker container rename old new
docker@LesPaul:~$ docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
17d9b662dd39        centos              "/bin/bash"              4 minutes ago       Up About a minute                        new

docker container cp(コンテナ内のファイルをコピー)

$ docker container cp コンテナ識別子:コンテナ内のファイルパス ホストのディレクトリパス
$ docker container cp ホストのファイル コンテナ識別子:コンテナ内のファイルパス

実行例:コンテナからホストへのファイルコピー

docker@LesPaul:~$ docker container cp webserver:/etc/nginx/nginx.conf /tmp/nginx.conf
docker@LesPaul:~$ ls -la /tmp/nginx.conf 
-rw-r--r-- 1 docker docker 643 102 23:49 /tmp/nginx.conf

例:ホストからコンテナへのファイルコピー

$ docker container cp ./test.txt webserver:/tmp/test.txt

docker container diff(コンテナ操作の差分確認)

$ docker container diff コンテナ識別子
Classification Description
A ファイル追加
D ファイル削除
C ファイル更新

実行例:コンテナで新規ユーザー作成->変更箇所確認

docker@LesPaul:~$ docker container exec -it new /bin/bash
[root@17d9b662dd39 /]# useradd newuser
[root@17d9b662dd39 /]# exit
exit
docker@LesPaul:~$ docker container diff new
C /home
A /home/newuser
A /home/newuser/.bashrc
A /home/newuser/.bash_logout
A /home/newuser/.bash_profile
C /root
A /root/.bash_history
C /var
C /var/spool
C /var/spool/mail
A /var/spool/mail/newuser
C /var/log
C /var/log/lastlog
C /etc
C /etc/shadow-
C /etc/group
C /etc/shadow
C /etc/gshadow-
C /etc/passwd-
C /etc/group-
C /etc/passwd
C /etc/gshadow

参考資料

https://docs.docker.com/engine/reference/commandline/attach/
https://docs.docker.com/engine/reference/commandline/exec/#options
https://docs.docker.com/engine/reference/commandline/top/
https://docs.docker.com/engine/reference/commandline/port/
https://docs.docker.com/engine/reference/commandline/rename/
https://docs.docker.com/engine/reference/commandline/cp/
https://docs.docker.com/engine/reference/commandline/diff/

Dockerコンテナのネットワーク操作

docker network ls(ネットワークの一覧表示)

$ docker network ls [オプション]
Options Description
-f,--filter=[] 出力をフィルタ
--no-trunc 詳細を出力する
-q,--quiet ネットワークIDのみを表示する

実行例:ネットワーク一覧表示

docker@LesPaul:~$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
83e75d03959e        bridge              bridge              local
eedc84aef3cb        host                host                local
0b90af3d24df        none                null                local
Value Description
driver ドライバーの指定
id ネットワークID
label ネットワークに設定されたラベル(label=またはlabel==で指定)
name ネットワーク名
scope ネットワークのスコープ(swarm/global/local)
type ネットワークのタイプ(ユーザー定義ネットワークcustom/定義済みネットワークbuiltin)

実行例:ネットワーク一覧表示のフィルタリング

docker@LesPaul:~$ docker network ls -q --filter driver=bridge
83e75d03959e

例:コンテナ起動

$ docker container run -itd --name=sample ubuntu:latest

実行例:コンテナのネットワーク確認

docker@LesPaul:~$ docker container inspect sample
[
    {
        "Id": "7e287f339630b1d539c87ff0fa0b09f819233ecfc40ceda8982da56ff11d5f8b",
        "Created": "2018-10-21T10:25:55.647551283Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 3771,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-10-21T10:25:56.470254119Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },

~中略~

        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "1afccd40c844c30cce3fc1a547192e887b5afb972ff0adcf46dc37c53172e72d",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/1afccd40c844",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "18c0a11929a10800b7333051229f51ea967f11b78a1ddbf22ac712838f890f53",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "83e75d03959e196ca29727191206adc4feadc167935b8cf61bb8729571cad229",
                    "EndpointID": "18c0a11929a10800b7333051229f51ea967f11b78a1ddbf22ac712838f890f53",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

docker network create(ネットワークの作成)

$ docker network create [オプション] ネットワーク
Options Description
--driver,-d ネットワークブリッジまたはオーバレイ(デフォルトはbridge)
--ip-range コンテナに割り当てるIPアドレスのレンジを指定
--subnet サブネットをCIDR形式で指定
--ipv6 IPv6ネットワークを有効にするかどうか(true/false)
-label ネットワークに設定するラベル

実行例:ブリッジネットワークの作成と確認

docker@LesPaul:~$ docker network create --driver=bridge web-network
0e7abd3f4d7baaa4e433e56f0d6e953daf3f1af24f570231ad720cbfbc95bf6d
docker@LesPaul:~$ docker network ls --filter driver=bridge
NETWORK ID          NAME                DRIVER              SCOPE
83e75d03959e        bridge              bridge              local
0e7abd3f4d7b        web-network         bridge              local

docker network connect/docker network disconnect(ネットワークへの接続)

$ docker network connect [オプション] ネットワーク コンテナ
Options Description
--ip IPv4アドレス
--ip6 IPv6アドレス
--alias エイリアス名
--link 他のコンテナへのリンク

例:ネットワークへの接続

$ docker network connect web-network webfront

実行例:コンテナのネットワーク確認

docker@LesPaul:~$ docker network connect web-network webfront
docker@LesPaul:~$ docker container inspect webfront
[

~中略~

                "web-network": {
                    "IPAMConfig": {},
                    "Links": null,
                    "Aliases": [
                        "dd72a792e0a7"
                    ],
                    "NetworkID": "0e7abd3f4d7baaa4e433e56f0d6e953daf3f1af24f570231ad720cbfbc95bf6d",
                    "EndpointID": "428989f5047ff7422ac6fb567bf464653f6ca8cdc36778de711a28ac37bce529",
                    "Gateway": "172.18.0.1",
                    "IPAddress": "172.18.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:12:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

例:ネットワークを指定したコンテナの起動

$ docker container run -itd --name=webap --net=web-network nginx

例:ネットワークからの切断

$ docker network disconnect web-network webfront

docker network inspect(ネットワークからの切断)

$ docker network inspect [オプション] ネットワーク

実行例:ネットワークの詳細表示

docker@LesPaul:~$ docker network inspect web-network
[
    {
        "Name": "web-network",
        "Id": "0e7abd3f4d7baaa4e433e56f0d6e953daf3f1af24f570231ad720cbfbc95bf6d",
        "Created": "2018-10-21T19:40:09.658609258+09:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "ac5135fb6709f00b32cf040eb2148d0a084d26c8587fcd5092e0fc0cd595e8d2": {
                "Name": "webap",
                "EndpointID": "3bd1604e500b14d0b0b9685e9e411e5afda921bf3289eaf6260f2e3a935ad1dd",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

docker network rm(ネットワークの削除)

$ docker network rm [オプション] ネットワーク

実行例:ネットワークの削除(※事前に接続中の全コンテナとの接続をdisconnectしておく必要有り)

$ docker network rm web-network

参考資料

https://docs.docker.com/engine/reference/commandline/network_ls/
https://docs.docker.com/engine/reference/commandline/network_create/
https://docs.docker.com/engine/reference/commandline/network_connect/
https://docs.docker.com/engine/reference/commandline/network_disconnect/
https://docs.docker.com/engine/reference/commandline/network_inspect/
https://docs.docker.com/engine/reference/commandline/network_rm/

スポンサーリンク