最後更新: 2019-03-31
目錄
- Upgrade docker image
- Managing Logging
- Runtime Metrics
- Limit a container's resources
- oom-kill
- Restart Policy
- Live Restore
- ENV Variable
- 修改 Docker 中 container 的 Port mapping
Upgrade docker image
1. docker pull repo/image:latest
2. docker inspect container-id (to gather information about the container, ports, mapped volumes, etc)
3. docker stop container-id
4. docker rm container-id
5. docker run (use documented run params) repo/image:latest
i.e.
docker pull onlyoffice/documentserver
Using default tag: latest Trying to pull repository docker.io/onlyoffice/documentserver ... latest: Pulling from docker.io/onlyoffice/documentserver Digest: sha256:5c78b28f9c8da2b079faefe4ddd6a6755ec5c0edb9bb661064dbd27ae3172668 Status: Image is up to date for docker.io/onlyoffice/documentserver:latest
Managing Logging
The NGINX image is configured to send the main access & error logs to the Docker log collector by default.
ls -l /var/log/nginx
total 0 lrwxrwxrwx 1 root root 11 Dec 6 08:21 access.log -> /dev/stdout lrwxrwxrwx 1 root root 11 Dec 6 08:21 error.log -> /dev/stderr
Which causes all messages from both logs to be stored in the file /var/lib/docker/containers/<container id>/json.log
# display the long-form Id for a container
docker inspect --format '{{ .Id }}' <container name>
Runtime Metrics
# 每秒更新一次
docker stats [CONTAINER...]
i.e.
docker stats mysql57
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS mysql57 0.04% 189.8 MiB / 991.4 MiB 19.15% 8.61 kB / 18.8 kB 116 MB / 26.6 MB 29
說明:
"NET I/O" 及 "BLOCK I/O" 係由 Container "start" 到現在的 Usage
"PIDS": the number of processes and kernel threads created by that container
A large number in the PIDS column combined with a small number of processes (as reported by ps or top)
may indicate that something in the container is creating many threads.
Limit a container's resources
Default: use as much of a given resource as the host 's kernel scheduler allows.
(no resource constraints)
Check host capabilities (查看 host 有幾多 Resource)
docker info
Checking container resource setting
Realtime Resource Usage
docker stats
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS b953a66787f3 0.04% 192.6 MiB / 256 MiB 75.25% 9.85 kB / 36.5 kB 121 MB / 26.7 MB 29
Memory
docker inspect -f "{{ .HostConfig.Memory }}" mysql57 # 536870912
docker inspect -f "{{ .HostConfig.MemorySwap }}" mysql57 # 1073741824
CPU
docker inspect -f "{{ .HostConfig.CpuShares }}" mysql57
CPU Resources
CPU 's weight
# 在多個 Container 用時運行時, 它們可獲得的 CPU 使用比例
# Default 1024
# -c / --cpu-shares
-c 410 # 40%
-c 614 # 60%
--cpus="1.5"
# Default: 0 => no limit
# guaranteed to be able to access
# Available in Docker 1.13 and higher (舊版要用 --cpu-quota)
# 1.5 equivalent of setting --cpu-period="100000" and --cpu-quota="150000"
Remark
影響: cpu.cfs_period_us, cpu.cfs_quota_us
# Limit CPU CFS period (# Defaults to 100 micro-seconds)
--cpu-period
# -1: a container can use all available CPU resources
--cpu-quota # Limit CPU CFS quota
CFS = Completely Fair Scheduler
* small period => ensuring a consistent latency response at the expense of burst capacity
--cpuset-cpus "?"
# Limit the specific CPUs or cores a container can use.
ie.
--cpuset-cpus "1,3"
--cpuset-cpus "0-3"
Memory Resources
-m N | --memory= N
i.e.
# 0 => unset (memory is not limited)
-m 4m
--memory-swap=
# Default: --memory X 2
# 0 => unset
# -1 => allowed to use unlimited swap (host limit)
--memory-swappiness
# Default: inherited from the host machine
# 0 => turns off
# 100 => all anonymous pages as swappable
Change allocated resources on the fly
# Remark: update memory must udate memoryswap at the same time
docker update --memory 256m --memory-swap 1g mysql57
Capability
--cap-add=?
i.e.
# Grants the container the CAP_SYS_NICE capability
# which allows the container to raise process nice values,
# set real-time scheduling policies, set CPU affinity, and other operations.
--cap-add=sys_nice
--ulimit rtprio=<value>
The maximum realtime priority allowed for the container.
oom-kill
--oom-kill-disable
* Only disable the OOM killer on containers where you have also set the -m/--memory option.
=> If the -m flag is not set, the host can run out of memory and the kernel may need to kill the host system’s processes to free memory.
ie.
docker update --memory=256m --memory-swap=1g mysql57
Restart Policy (to apply when a container exits)(--restart)
用圖
在開機時自動啟動 contrainer 或當 contrainer 意外死亡時自動重啟它
如果唔想用 restart policy 去啟動 contrainer,
那亦可以用 process manager(systemd, or supervisor ...) 去啟動它們
設定: --restart="?"
Policy: no, on-failure[:max-retry], always, unless-stopped
i.e.
docker run --restart=always my_container
docker update --restart unless-stopped $(docker ps -q) # all running containers
Policy
no (default)
Do not automatically restart the container when it exits.
on-failure[:max-retry]
# Restart only if the container exits with a non-zero exit status.
# The number of (attempted) restarts for a container (on-failure)
docker inspect -f "{{ .RestartCount }}" mysql57
always
# Always restart the container if it stops.
# If it is manually stopped, it is restarted only when Docker daemon restarts or
# the container itself is manually restarted.
unless-stopped
# Similar to always, except that when the container is stopped (manually or otherwise)
# It is not restarted even after Docker daemon restarts.
應用
* To configures Redis to always restart, unless the container is explicitly stopped
Status
# 當前 container 的 policy
docker inspect -f "{{ .HostConfig.RestartPolicy.Name }}" my-container
# to get the number of restarts for container “my-container”
docker inspect -f "{{ .RestartCount }}" my-container
# to get the last time the container was (re)started
docker inspect -f "{{ .State.StartedAt }}" my-container
Restart policy 有效的情況
A restart policy only takes effect after a container starts successfully.
In this case, starting successfully means that the container is up for at least 10 seconds and
Docker has started monitoring it.
(This prevents a container which does not start at all from going into a restart loop)
Add a restart policy to a container that was already created
# Restart policy to apply when a container exits
docker update --restart=unless-stopped <container>
docker restart <container>
Live Restore
Docker Engine Version > 1.12
By default, when the Docker daemon terminates, it shuts down running containers.
Keep containers alive during daemon downtime setting
/etc/docker/daemon.json
{ "live-restore": true }
systemctl reload docker
Environment Variables
一共有兩個設定 Env 的方法
- -v
- --env-file
-v # args
docker run ... \ -e MYSQL_ROOT_USER=root \ -e MYSQL_ROOT_PASSWD=my-secret-pw \ ...
--env-file file.cf # specify all required environment variables in a single file
file.cf
JWT_ENABLED=true JWT_SECRET=??? JWT_HEADER=Authorization
修改 Docker 中 container 的 Port mapping
[方法1]
docker stop web
docker commit redis newweb
docker run -d -p 8443:443 newweb
[方法2]
docker stop mysql57
vim /var/lib/docker/containers/ID/hostconfig.json
systemctl restart docker
docker start mysql57