2. docker 進階

最後更新: 2019-03-31


  • Upgrade docker image
  • Managing Logging
  • Runtime Metrics
  • Limit a container's resources
  • oom-kill
  • Restart policies
  • Live Restore
  • ENV Variable


Upgrade docker image


1. docker pull repo/image:latest

2. docker inspect container-id (to gather information about the container, ports, mapped volumes, etc)

3. docker stop container-id

4. docker rm container-id

5. docker run (use documented run params) repo/image:latest


docker pull onlyoffice/documentserver

Using default tag: latest
Trying to pull repository docker.io/onlyoffice/documentserver ...
latest: Pulling from docker.io/onlyoffice/documentserver
Digest: sha256:5c78b28f9c8da2b079faefe4ddd6a6755ec5c0edb9bb661064dbd27ae3172668
Status: Image is up to date for docker.io/onlyoffice/documentserver:latest


Managing Logging


The NGINX image is configured to send the main access & error logs to the Docker log collector by default.

ls -l /var/log/nginx

total 0
lrwxrwxrwx 1 root root 11 Dec  6 08:21 access.log -> /dev/stdout
lrwxrwxrwx 1 root root 11 Dec  6 08:21 error.log -> /dev/stderr

Which causes all messages from both logs to be stored in the file /var/lib/docker/containers/<container id>/json.log

# display the long-form Id for a container

docker inspect --format '{{ .Id }}' <container name>


Runtime Metrics


# 每秒更新一次

docker stats [CONTAINER...]


docker stats mysql57

CONTAINER           CPU %               MEM USAGE / LIMIT       MEM %               NET I/O             BLOCK I/O           PIDS
mysql57             0.04%               189.8 MiB / 991.4 MiB   19.15%              8.61 kB / 18.8 kB   116 MB / 26.6 MB    29


"NET I/O" 及 "BLOCK I/O" 係由 Container "start" 到現在的 Usage

"PIDS": the number of processes and kernel threads created by that container

A large number in the PIDS column combined with a small number of processes (as reported by ps or top)

may indicate that something in the container is creating many threads.


Limit a container's resources


Default: use as much of a given resource as the host 's kernel scheduler allows.

(no resource constraints)

Check host capabilities (查看 host 有幾多 Resource)

docker info

Checking container resource setting


docker stats

# Memory

docker inspect -f "{{ .HostConfig.Memory }}"  mysql57             # 536870912

docker inspect -f "{{ .HostConfig.MemorySwap }}"  mysql57      # 1073741824


docker inspect -f "{{ .HostConfig.CpuShares }}"  mysql57


CPU Resources

CPU 's weight

# 在多個 Container 用時運行時, 它們可獲得的 CPU 使用比例

# Default 1024

# -c / --cpu-shares

-c 410       # 40%

-c 614       # 60%


# Default: 0 => no limit

# guaranteed to be able to access

# Available in Docker 1.13 and higher (舊版要用 --cpu-quota)

# 1.5 equivalent of setting --cpu-period="100000" and --cpu-quota="150000"


影響: cpu.cfs_period_us, cpu.cfs_quota_us

 # Limit CPU CFS period (# Defaults to 100 micro-seconds)


 # -1:  a container can use all available CPU resources

 --cpu-quota    # Limit CPU CFS quota

 CFS = Completely Fair Scheduler

 * small period => ensuring a consistent latency response at the expense of burst capacity

--cpuset-cpus "?"

# Limit the specific CPUs or cores a container can use.


--cpuset-cpus "1,3"

--cpuset-cpus "0-3"

Memory Resources

-m N | --memory= N


#  0 => unset (memory  is not limited)

-m 4m


# Default: --memory X 2
#  0 => unset
# -1 => allowed to use unlimited swap (host limit)


# Default: inherited from the host machine
# 0 => turns off
# 100 =>  all anonymous pages as swappable

Change allocated resources on the fly

# Remark: update memory must udate memoryswap at the same time

docker update -m 512m --memory-swap=1g myubuntu






# Grants the container the CAP_SYS_NICE capability

# which allows the container to raise process nice values,

# set real-time scheduling policies, set CPU affinity, and other operations.


--ulimit rtprio=<value>    

The maximum realtime priority allowed for the container.





Only disable the OOM killer on containers where you have also set the -m/--memory option.

If the -m flag is not set, the host can run out of memory and the kernel may need to kill the host system’s processes to free memory.


Restart Policy (to apply when a container exits)(--restart)



在開機時自動啟動 contrainer 或當 contrainer 意外死亡時自動重啟它

如果唔想用 restart policy 去啟動 contrainer,

那亦可以用 process manager(systemd, or supervisor ...) 去啟動它們

設定: --restart="?"              

no,  on-failure[:max-retry], always, unless-stopped


docker run --restart=always <container>



Do not automatically restart the container when it exits. This is the default.


# Restart only if the container exits with a non-zero exit status.

# The number of (attempted) restarts for a container (on-failure)

docker inspect -f "{{ .RestartCount }}" mysql57


# Always restart the container if it stops.

# If it is manually stopped, it is restarted only when Docker daemon restarts or the container itself is manually restarted.


# Similar to always, except that when the container is stopped (manually or otherwise),

# it is not restarted even after Docker daemon restarts.


# 當前 container 的 policy

docker inspect -f "{{ .HostConfig.RestartPolicy.Name }}"  my-container

# to get the number of restarts for container “my-container”

docker inspect -f "{{ .RestartCount }}" my-container

# to get the last time the container was (re)started

docker inspect -f "{{ .State.StartedAt }}" my-container

restart policy 有效的情況

A restart policy only takes effect after a container starts successfully.

In this case, starting successfully means that the container is up for at least 10 seconds and Docker has started monitoring it.

(This prevents a container which does not start at all from going into a restart loop.)

If you manually stop a container, its restart policy is ignored until the Docker daemon restarts or the container is manually restarted.

Add a restart policy to a container that was already created

docker update --restart=unless-stopped <container>

docker restart <container>


Live Restore


Docker Engine Version > 1.12

By default, when the Docker daemon terminates, it shuts down running containers.

Keep containers alive during daemon downtime setting


  "live-restore": true

systemctl reload docker


Environment Variables


一共有兩個設定  Env 的方法

  • -v
  • --env-file

-v                         # args

docker run ... \
 -e MYSQL_ROOT_USER=root \
 -e MYSQL_ROOT_PASSWD=my-secret-pw \

--env-file file.cf       # specify all required environment variables in a single file