2. docker 進階

最後更新: 2019-03-31


  • Managing Logging
  • Runtime Metrics
  • Limit a container's resources
  • oom-kill
  • Restart policies
  • Live Restore


Managing Logging


The NGINX image is configured to send the main access & error logs to the Docker log collector by default.

ls -l /var/log/nginx

total 0
lrwxrwxrwx 1 root root 11 Dec  6 08:21 access.log -> /dev/stdout
lrwxrwxrwx 1 root root 11 Dec  6 08:21 error.log -> /dev/stderr

Which causes all messages from both logs to be stored in the file /var/lib/docker/containers/<container id>/json.log

# display the long-form Id for a container

docker inspect --format '{{ .Id }}' <container name>


Runtime Metrics


# 每秒更新一次

docker stats [CONTAINER...]


docker stats mysql57

CONTAINER           CPU %               MEM USAGE / LIMIT       MEM %               NET I/O             BLOCK I/O           PIDS
mysql57             0.04%               189.8 MiB / 991.4 MiB   19.15%              8.61 kB / 18.8 kB   116 MB / 26.6 MB    29


"NET I/O" 及 "BLOCK I/O" 係由 Container "start" 到現在的 Usage

"PIDS": the number of processes and kernel threads created by that container

A large number in the PIDS column combined with a small number of processes (as reported by ps or top)

may indicate that something in the container is creating many threads.


Limit a container's resources


Default: use as much of a given resource as the host 's kernel scheduler allows.

(no resource constraints)

Check host capabilities (查看 host 有幾多 Resource)

docker info

Checking container resource setting


docker stats

# Memory

docker inspect -f "{{ .HostConfig.Memory }}"  mysql57             # 536870912

docker inspect -f "{{ .HostConfig.MemorySwap }}"  mysql57      # 1073741824


docker inspect -f "{{ .HostConfig.CpuShares }}"  mysql57


CPU Resources

CPU 's weight

# 在多個 Container 用時運行時, 它們可獲得的 CPU 使用比例

# Default 1024

# -c / --cpu-shares

-c 410       # 40%

-c 614       # 60%

--cpus="1.5"             # Available in Docker 1.13 and higher (舊版要用 --cpu-quota)

# guaranteed to be able to access

# equivalent of setting --cpu-period="100000" and --cpu-quota="150000"


# Limit CPU CFS period (# Defaults to 100 micro-seconds)


# -1:  a container can use all available CPU resources

--cpu-quota    # Limit CPU CFS quota

CFS = Completely Fair Scheduler

--cpuset-cpus "?"

Limit the specific CPUs or cores a container can use.


--cpuset-cpus "1,3"

--cpuset-cpus "0-3"

Memory Resources

-m N | --memory= N


#  0 => unset (memory  is not limited)

-m 4m


# Default: --memory X 2
#  0 => unset
# -1 => allowed to use unlimited swap (host limit)


# Default: inherited from the host machine
# 0 => turns off
# 100 =>  all anonymous pages as swappable

Change allocated resources on the fly

# Remark: update memory must udate memoryswap at the same time

docker update -m 512m --memory-swap=1g myubuntu





Only disable the OOM killer on containers where you have also set the -m/--memory option.

If the -m flag is not set, the host can run out of memory and the kernel may need to kill the host system’s processes to free memory.


Restart Policy (to apply when a container exits)(--restart)



在開機時自動啟動 contrainer 或當 contrainer 意外死亡時自動重啟它

如果唔想用 restart policy 去啟動 contrainer,

那亦可以用 process manager(systemd, or supervisor ...) 去啟動它們

設定: --restart="?"              

no,  on-failure[:max-retry], always, unless-stopped


docker run --restart=always <container>



Do not automatically restart the container when it exits. This is the default.


# Restart only if the container exits with a non-zero exit status.

# The number of (attempted) restarts for a container (on-failure)

docker inspect -f "{{ .RestartCount }}" mysql57


# Always restart the container if it stops.

# If it is manually stopped, it is restarted only when Docker daemon restarts or the container itself is manually restarted.


# Similar to always, except that when the container is stopped (manually or otherwise),

# it is not restarted even after Docker daemon restarts.


# 當前 container 的 policy

docker inspect -f "{{ .HostConfig.RestartPolicy.Name }}"  my-container

# to get the number of restarts for container “my-container”

docker inspect -f "{{ .RestartCount }}" my-container

# to get the last time the container was (re)started

docker inspect -f "{{ .State.StartedAt }}" my-container

restart policy 有效的情況

A restart policy only takes effect after a container starts successfully.

In this case, starting successfully means that the container is up for at least 10 seconds and Docker has started monitoring it.

(This prevents a container which does not start at all from going into a restart loop.)

If you manually stop a container, its restart policy is ignored until the Docker daemon restarts or the container is manually restarted.

Add a restart policy to a container that was already created

docker update --restart=unless-stopped <container>

docker restart <container>


Live Restore


Docker Engine Version > 1.12

By default, when the Docker daemon terminates, it shuts down running containers.

Keep containers alive during daemon downtime setting


  "live-restore": true

systemctl reload docker