docker
修改正在运行的docker容器,禁用重启自动启动
Linux • 马化云 发表了文章 • 0 个评论 • 1842 次浏览 • 2023-03-26 11:17
可以使用 docker update 命令修改容器的配置,示例命令如下:docker update --restart=no <容器ID或名称>
这条命令会将容器的重启策略设置为不重启,即禁用重启自动启动。如果需要启用自动启动,只需要将 --restart 参数的值改为 always 或 on-failure 等相应的选项即可。
需要注意的是,修改容器的配置并不会立即生效,需要重启容器才能使修改生效。可以使用 docker restart 命令重启容器,示例命令如下:
docker restart <容器ID或名称>
执行这条命令后,容器会被重启并应用新的配置。 查看全部
可以使用 docker update 命令修改容器的配置,示例命令如下:
docker update --restart=no <容器ID或名称>
这条命令会将容器的重启策略设置为不重启,即禁用重启自动启动。如果需要启用自动启动,只需要将 --restart 参数的值改为 always 或 on-failure 等相应的选项即可。
需要注意的是,修改容器的配置并不会立即生效,需要重启容器才能使修改生效。可以使用 docker restart 命令重启容器,示例命令如下:
docker restart <容器ID或名称>
执行这条命令后,容器会被重启并应用新的配置。
docker安装的podman报错
Linux • 李魔佛 发表了文章 • 0 个评论 • 2288 次浏览 • 2022-07-17 18:29
ERRO[0000] 'overlay' is not supported over overlayfs
Error: error creating libpod runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver
本来计划在docker里面安装一个docker,启动docker报错,
于是安装了一个podman,结果ps -a的时候报错。
唯一的办法,可能就是启动第一个docker的时候使用特权模式, privillage=True
查看全部
ERRO[0000] 'overlay' is not supported over overlayfs
Error: error creating libpod runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver
本来计划在docker里面安装一个docker,启动docker报错,
于是安装了一个podman,结果ps -a的时候报错。
唯一的办法,可能就是启动第一个docker的时候使用特权模式, privillage=True
docker访问外部主机的ip
Linux • 马化云 发表了文章 • 0 个评论 • 2906 次浏览 • 2022-05-10 01:48
那么假如我部署了一个nginx容器在docker里面,那么我的nginx要如何反向代理到我的linux主机的80端口呢?
那么我们测试一下,加入nginx容器的名字为ng110,那么我们通过命令docker exec -it ng110 /bin/bash
进入容器内部。
然后我们尝试curl获取主机的80端口。
首先,curl http://127.0.0.1/
这样子是不通的,因为127.0.0.1是docker内部的回环地址。并不是外部linux的ip。
那么我们先在linux外部,运行命令:ifconfig
这里有一个docker的的字样的ip地址。 那么这个地址就是在docker看来的外部ip地址。
然后我们继续回到docker容器里面,curl http://172.17.0.1/
结果我们发现有返回数据了。
所以在外面的ifconfig的docker容器地址,就是主机相对容器的ip地址。
所以我的nginx配置文件应该这么写:
proxy_pass http://172.17.0.1:80 查看全部
那么假如我部署了一个nginx容器在docker里面,那么我的nginx要如何反向代理到我的linux主机的80端口呢?
那么我们测试一下,加入nginx容器的名字为ng110,那么我们通过命令docker exec -it ng110 /bin/bash
进入容器内部。
然后我们尝试curl获取主机的80端口。
首先,curl http://127.0.0.1/
这样子是不通的,因为127.0.0.1是docker内部的回环地址。并不是外部linux的ip。
那么我们先在linux外部,运行命令:ifconfig
这里有一个docker的的字样的ip地址。 那么这个地址就是在docker看来的外部ip地址。
然后我们继续回到docker容器里面,curl http://172.17.0.1/
结果我们发现有返回数据了。
所以在外面的ifconfig的docker容器地址,就是主机相对容器的ip地址。
所以我的nginx配置文件应该这么写:
proxy_pass http://172.17.0.1:80
ubuntu安装微信PC版
Linux • 李魔佛 发表了文章 • 0 个评论 • 2783 次浏览 • 2022-04-10 17:13
使用一行命令就可以安装:curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
前提你已经安装了docker
上面的命令不能用sudo安装,
如果所docker需要sudo启动,可以设置一下用户:sudo usermod -aG docker $USER
如果遇到错误:
mkdir: 无法创建目录 “/home/user/.wine/drive_c/users/user/Application Data/Tencent”: 权限不够
需要把用户目录下的DoWechat 文件夹给一个777的权限。
sudo chmod +R 777 DoWechat
然后重新运行
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
就可以扫描登陆PC版微信了。
其底层用的就是Wine。 类似与ubuntu下的windows模拟框架。
查看全部
使用一行命令就可以安装:
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
前提你已经安装了docker
上面的命令不能用sudo安装,
如果所docker需要sudo启动,可以设置一下用户:
sudo usermod -aG docker $USER
如果遇到错误:
mkdir: 无法创建目录 “/home/user/.wine/drive_c/users/user/Application Data/Tencent”: 权限不够
需要把用户目录下的DoWechat 文件夹给一个777的权限。
sudo chmod +R 777 DoWechat
然后重新运行
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
就可以扫描登陆PC版微信了。
其底层用的就是Wine。 类似与ubuntu下的windows模拟框架。
Docker sed: cannot rename /etc/sedyGSbui: Device or resource busy
Linux • 李魔佛 发表了文章 • 0 个评论 • 3267 次浏览 • 2022-04-10 14:19
比如挂载命令如下:
docker run -p 80:80 --name mynginx --privileged=true -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf -v /data/nginx/logs:/var/log/nginx -d nginx:1.21
如果有文件存在,可以改为挂载其父母录
比如这里:
/data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
把它改成
/data/nginx/conf.d:/etc/nginx/conf.d
即可解决这个问题。
查看全部
比如挂载命令如下:
docker run -p 80:80 --name mynginx --privileged=true -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf -v /data/nginx/logs:/var/log/nginx -d nginx:1.21
如果有文件存在,可以改为挂载其父母录
比如这里:
/data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
把它改成
/data/nginx/conf.d:/etc/nginx/conf.d
即可解决这个问题。
查看docker运行的容器的启动命令
Linux • 李魔佛 发表了文章 • 0 个评论 • 1779 次浏览 • 2022-04-04 23:52
这时可以用到一个python脚本,runlike
安装:
pip install runlike
体积很小,估计就几k不到。
然后运行:
runlike -p 容器名字
查看全部
这时可以用到一个python脚本,runlike
安装:
pip install runlike
体积很小,估计就几k不到。
然后运行:
runlike -p 容器名字
docker compose 部署 Wordpress
Linux • 李魔佛 发表了文章 • 0 个评论 • 1618 次浏览 • 2022-04-04 20:03
这个失败的wordpress的compose yaml文件如下:
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
使用logs查看,报错信息如下:
MySQL Connection Error: (1045) Access denied for user 'root'@'172.23.0.3' (using password: YES)
问题的根源在于用这个compose文件创建的数据库无法连接。 这个数据用的是要大于mysql > 5.7.
创建后默认的密码是root为空,而登录需要用到一个密码转换的插件。
后面找了另外一个wordpress 可以正常运行的:
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- wordpress_data:/var/www/html
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
wordpress_data: {}
查看全部
这个失败的wordpress的compose yaml文件如下:
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
使用logs查看,报错信息如下:
MySQL Connection Error: (1045) Access denied for user 'root'@'172.23.0.3' (using password: YES)
问题的根源在于用这个compose文件创建的数据库无法连接。 这个数据用的是要大于mysql > 5.7.
创建后默认的密码是root为空,而登录需要用到一个密码转换的插件。
后面找了另外一个wordpress 可以正常运行的:
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- wordpress_data:/var/www/html
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
wordpress_data: {}
docker restart always 不起作用
Linux • 李魔佛 发表了文章 • 0 个评论 • 1818 次浏览 • 2021-10-25 13:56
docker logs xxxxxxxxxx
xxxxxxx 为该容器的sha哈希的ID值
然后发现,--restart=always 被识别为非正确参数。
大概知道问题是 --restart 的位置不对, 它不能放在最后,
吧 --restart=always 放到前面 就可以了。
查看全部
docker logs xxxxxxxxxx
xxxxxxx 为该容器的sha哈希的ID值
然后发现,--restart=always 被识别为非正确参数。
大概知道问题是 --restart 的位置不对, 它不能放在最后,
吧 --restart=always 放到前面 就可以了。
docker run 和 create 区别
Linux • 李魔佛 发表了文章 • 0 个评论 • 7667 次浏览 • 2019-11-25 13:49
docker create command creates a writeable container from the image and prepares it for running.
docker run command creates the container (same as docker create ) and starts it.
查看全部
docker create command creates a writeable container from the image and prepares it for running.
docker run command creates the container (same as docker create ) and starts it.
用docker编译go代码
Linux • 李魔佛 发表了文章 • 0 个评论 • 4046 次浏览 • 2019-11-25 13:45
1. 用文本编辑你的go代码,现在以hello world为例:
package main import "fmt" func main() {
/* 这是我的第一个简单的程序 */
fmt.Println("Hello, World!")
}
2. 然后直接使用docker执行编译。docker首先会自动去下载go的编译器,顺便把所有的依赖给解决掉
docker run --rm -v "$(pwd)":/usr/src/hello -w /usr/src/hello golang:1.3 go build -v
最后会在本地生成一个编译好的hello静态文件。
上述docker命令的具体含义就是把当前路径挂在到docker容器里头,然后切换到改到改路径下,然后进行编译。 查看全部
如果偶尔需要编译go代码,但是又不想要安装一堆乱七八糟的依赖和Go编译器,可以利用docker来实现。 应该是解决起来话费时间最小的。
1. 用文本编辑你的go代码,现在以hello world为例:
package main import "fmt" func main() {
/* 这是我的第一个简单的程序 */
fmt.Println("Hello, World!")
}
2. 然后直接使用docker执行编译。docker首先会自动去下载go的编译器,顺便把所有的依赖给解决掉
docker run --rm -v "$(pwd)":/usr/src/hello -w /usr/src/hello golang:1.3 go build -v
最后会在本地生成一个编译好的hello静态文件。
上述docker命令的具体含义就是把当前路径挂在到docker容器里头,然后切换到改到改路径下,然后进行编译。
docker实战 代码勘误
Linux • 李魔佛 发表了文章 • 0 个评论 • 2735 次浏览 • 2019-11-25 11:24
看这本书的作者一定要看,不然坑挺多的。
一路采坑过来的哭着说。Last updated August 21, 2016
In an effort to offer continued support beyond publication, we have listed many updates to code due to version updates.
[code - omission] Page 18
The command to start the "mailer" is missing a line. Where the book reads:
docker run -d \
--name mailer \
the proper command should read:
docker run -d \
--name mailer \
dockerinaction/ch2_mailer
[code - regression] Page 68
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" reader
Replacement:
docker inspect --format "{{json .Mounts}}" reader
[code - regression] Page 69
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" student
Replacement:
docker inspect --format "{{json .Mounts}}" student
[code - regression] Page 74
The alpine image entrypoint has changed since original publication and has been unset. The last command on the page should now read:
docker run --rm \
--volumes-from tools \
--entrypoint /bin/sh \
alpine:latest \
-c 'ls /operations/*'
[code - regression] Page 75
The docker exec example on the top of page 75 was printed with the wrong tool name. The correct command is:
docker exec important_application /operations/tools/diagnostics
[code - regression] Page 86
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--hostname barker \
busybox:1 \
nslookup barker
[code - regression] Page 87 (top)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns 8.8.8.8 \
busybox:1 \
nslookup docker.com
[code - regression] Page 87 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns-search docker.com \
busybox:1 \
nslookup registry.hub
[code - regression] Page 88 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--add-host test:10.10.10.255 \
busybox:1 \
nslookup test
[code - regression] Page 106
There are a few new problems with this example. First, the named repository (dockerfile/mariadb) no longer exists. You can use mariadb:5.5 as replacement. However, the second problem is that containers created from the mariadb image perform certain initialization at startup. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start the database with the following command:
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024 \
--cap-drop net_raw \
-e MYSQL_ROOT_PASSWORD=test \
mariadb:5.5
[code - regression] Page 107
Containers created from the wordpress:4.1 image perform certain initialization at startup and expect certain environment variables. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start wordpress with the following command:
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--cap-drop net_raw \
-e WORDPRESS_DB_PASSWORD=test \
mariadb:5.5
[code - typo] Page 109
The device access example is missing the "run" subcommand. The command listed as:
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
should have been written as:
docker run -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
[code - typo] Page 110 - 111
Several commands are missing the "run" subcommand. In each case the command begins with
docker -d ...
and should have been written as:
docker run -d ...
[code - regression] Page 115 (bottom)
The busybox and alpine images have been updated to fix the problem described in the paragraph below. The 'su' command does not have the SUID bit set and will not provide any automatic privilege escalation.
[command correction] Page 116
Boot2Docker has been discontinued and rolled into a newer project called Docker Machine. Because a reader is unlikely to have the boot2docker command installed, the command at the top of this page should be changed from:
boot2docker ssh
to the Docker Machine equivalent:
docker-machine ssh default
where default is the name of the machine you created.
[code - regression] Page 119
The ifconfig command has since been removed from ubuntu:latest. Instead of using the ubuntu:latest image for these examples use ubuntu:trusty. The example using ifconfig should look like:
docker run --rm \
--privileged \
ubuntu:trusty ifconfig
[Illustration Mistake] Page 136
Image layer ced2 on the left side of the illustration is listed at c3d2 on the right side. These two layers should represent the same item.
[code - typo] Page 140
Containers need not be in a running state in order to export their file system. The first command on page 140 uses the "run" subcommand but the command listed will never be able to start. Replace "run" with "create." The command should appear as follows:
docker create --name export-test \
dockerinaction/ch7_packed:latest ./echo For Export
[code - missing line] Page 146
In the example Dockerfile near the top of the page the line with the RUN directive is missing part of the instruction. That line should read:
RUN apt-get update && apt-get install -y git
[code - evolution] Page 215
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: s3-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 216
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: rados-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
rados:
poolname: radospool
username: radosuser
chunksize: 4194304
maintenance:
uploadpurging:
enabled: false
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 218
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: redis-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
storage:
cache:
blobdescriptor: redis
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
redis:
addr: redis-host:6379
password: asecret
dialtimeout: 10ms
readtimeout: 10ms
writetimeout: 10ms
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
[code - typo] Page 220
The name of the file shown should be scalable-config.yml as in previous examples. This example also requires the addition of the newer uploadpurging attributes. The mainenance section of the file should be as follows:
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
[text - typo] Page 240
In the second paragraph the reader is instructed to, "Open ./coffee/api/api.py" this is not the correct location of the file. The correct file location is at, "./coffee/app/api.py."
[text - typo] Page 262
The refere nce to "flock.json" in the first sentence of the third paragraph should be "flock.yml."
[code - typo] Page 270
The git clone command uses the ssh protocol instead of https. The command should read as follows:
git clone https://github.com/dockerinact ... i.git 查看全部
看这本书的作者一定要看,不然坑挺多的。
一路采坑过来的哭着说。
Last updated August 21, 2016
In an effort to offer continued support beyond publication, we have listed many updates to code due to version updates.
[code - omission] Page 18
The command to start the "mailer" is missing a line. Where the book reads:
docker run -d \
--name mailer \
the proper command should read:
docker run -d \
--name mailer \
dockerinaction/ch2_mailer
[code - regression] Page 68
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" reader
Replacement:
docker inspect --format "{{json .Mounts}}" reader
[code - regression] Page 69
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" student
Replacement:
docker inspect --format "{{json .Mounts}}" student
[code - regression] Page 74
The alpine image entrypoint has changed since original publication and has been unset. The last command on the page should now read:
docker run --rm \
--volumes-from tools \
--entrypoint /bin/sh \
alpine:latest \
-c 'ls /operations/*'
[code - regression] Page 75
The docker exec example on the top of page 75 was printed with the wrong tool name. The correct command is:
docker exec important_application /operations/tools/diagnostics
[code - regression] Page 86
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--hostname barker \
busybox:1 \
nslookup barker
[code - regression] Page 87 (top)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns 8.8.8.8 \
busybox:1 \
nslookup docker.com
[code - regression] Page 87 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns-search docker.com \
busybox:1 \
nslookup registry.hub
[code - regression] Page 88 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--add-host test:10.10.10.255 \
busybox:1 \
nslookup test
[code - regression] Page 106
There are a few new problems with this example. First, the named repository (dockerfile/mariadb) no longer exists. You can use mariadb:5.5 as replacement. However, the second problem is that containers created from the mariadb image perform certain initialization at startup. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start the database with the following command:
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024 \
--cap-drop net_raw \
-e MYSQL_ROOT_PASSWORD=test \
mariadb:5.5
[code - regression] Page 107
Containers created from the wordpress:4.1 image perform certain initialization at startup and expect certain environment variables. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start wordpress with the following command:
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--cap-drop net_raw \
-e WORDPRESS_DB_PASSWORD=test \
mariadb:5.5
[code - typo] Page 109
The device access example is missing the "run" subcommand. The command listed as:
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
should have been written as:
docker run -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
[code - typo] Page 110 - 111
Several commands are missing the "run" subcommand. In each case the command begins with
docker -d ...
and should have been written as:
docker run -d ...
[code - regression] Page 115 (bottom)
The busybox and alpine images have been updated to fix the problem described in the paragraph below. The 'su' command does not have the SUID bit set and will not provide any automatic privilege escalation.
[command correction] Page 116
Boot2Docker has been discontinued and rolled into a newer project called Docker Machine. Because a reader is unlikely to have the boot2docker command installed, the command at the top of this page should be changed from:
boot2docker ssh
to the Docker Machine equivalent:
docker-machine ssh default
where default is the name of the machine you created.
[code - regression] Page 119
The ifconfig command has since been removed from ubuntu:latest. Instead of using the ubuntu:latest image for these examples use ubuntu:trusty. The example using ifconfig should look like:
docker run --rm \
--privileged \
ubuntu:trusty ifconfig
[Illustration Mistake] Page 136
Image layer ced2 on the left side of the illustration is listed at c3d2 on the right side. These two layers should represent the same item.
[code - typo] Page 140
Containers need not be in a running state in order to export their file system. The first command on page 140 uses the "run" subcommand but the command listed will never be able to start. Replace "run" with "create." The command should appear as follows:
docker create --name export-test \
dockerinaction/ch7_packed:latest ./echo For Export
[code - missing line] Page 146
In the example Dockerfile near the top of the page the line with the RUN directive is missing part of the instruction. That line should read:
RUN apt-get update && apt-get install -y git
[code - evolution] Page 215
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: s3-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 216
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: rados-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
rados:
poolname: radospool
username: radosuser
chunksize: 4194304
maintenance:
uploadpurging:
enabled: false
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 218
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: redis-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
storage:
cache:
blobdescriptor: redis
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
redis:
addr: redis-host:6379
password: asecret
dialtimeout: 10ms
readtimeout: 10ms
writetimeout: 10ms
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
[code - typo] Page 220
The name of the file shown should be scalable-config.yml as in previous examples. This example also requires the addition of the newer uploadpurging attributes. The mainenance section of the file should be as follows:
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
[text - typo] Page 240
In the second paragraph the reader is instructed to, "Open ./coffee/api/api.py" this is not the correct location of the file. The correct file location is at, "./coffee/app/api.py."
[text - typo] Page 262
The refere nce to "flock.json" in the first sentence of the third paragraph should be "flock.yml."
[code - typo] Page 270
The git clone command uses the ssh protocol instead of https. The command should read as follows:
git clone https://github.com/dockerinact ... i.git
修改正在运行的docker容器,禁用重启自动启动
Linux • 马化云 发表了文章 • 0 个评论 • 1842 次浏览 • 2023-03-26 11:17
可以使用 docker update 命令修改容器的配置,示例命令如下:docker update --restart=no <容器ID或名称>
这条命令会将容器的重启策略设置为不重启,即禁用重启自动启动。如果需要启用自动启动,只需要将 --restart 参数的值改为 always 或 on-failure 等相应的选项即可。
需要注意的是,修改容器的配置并不会立即生效,需要重启容器才能使修改生效。可以使用 docker restart 命令重启容器,示例命令如下:
docker restart <容器ID或名称>
执行这条命令后,容器会被重启并应用新的配置。 查看全部
可以使用 docker update 命令修改容器的配置,示例命令如下:
docker update --restart=no <容器ID或名称>
这条命令会将容器的重启策略设置为不重启,即禁用重启自动启动。如果需要启用自动启动,只需要将 --restart 参数的值改为 always 或 on-failure 等相应的选项即可。
需要注意的是,修改容器的配置并不会立即生效,需要重启容器才能使修改生效。可以使用 docker restart 命令重启容器,示例命令如下:
docker restart <容器ID或名称>
执行这条命令后,容器会被重启并应用新的配置。
docker安装的podman报错
Linux • 李魔佛 发表了文章 • 0 个评论 • 2288 次浏览 • 2022-07-17 18:29
ERRO[0000] 'overlay' is not supported over overlayfs
Error: error creating libpod runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver
本来计划在docker里面安装一个docker,启动docker报错,
于是安装了一个podman,结果ps -a的时候报错。
唯一的办法,可能就是启动第一个docker的时候使用特权模式, privillage=True
查看全部
ERRO[0000] 'overlay' is not supported over overlayfs
Error: error creating libpod runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver
本来计划在docker里面安装一个docker,启动docker报错,
于是安装了一个podman,结果ps -a的时候报错。
唯一的办法,可能就是启动第一个docker的时候使用特权模式, privillage=True
docker访问外部主机的ip
Linux • 马化云 发表了文章 • 0 个评论 • 2906 次浏览 • 2022-05-10 01:48
那么假如我部署了一个nginx容器在docker里面,那么我的nginx要如何反向代理到我的linux主机的80端口呢?
那么我们测试一下,加入nginx容器的名字为ng110,那么我们通过命令docker exec -it ng110 /bin/bash
进入容器内部。
然后我们尝试curl获取主机的80端口。
首先,curl http://127.0.0.1/
这样子是不通的,因为127.0.0.1是docker内部的回环地址。并不是外部linux的ip。
那么我们先在linux外部,运行命令:ifconfig
这里有一个docker的的字样的ip地址。 那么这个地址就是在docker看来的外部ip地址。
然后我们继续回到docker容器里面,curl http://172.17.0.1/
结果我们发现有返回数据了。
所以在外面的ifconfig的docker容器地址,就是主机相对容器的ip地址。
所以我的nginx配置文件应该这么写:
proxy_pass http://172.17.0.1:80 查看全部
那么假如我部署了一个nginx容器在docker里面,那么我的nginx要如何反向代理到我的linux主机的80端口呢?
那么我们测试一下,加入nginx容器的名字为ng110,那么我们通过命令docker exec -it ng110 /bin/bash
进入容器内部。
然后我们尝试curl获取主机的80端口。
首先,curl http://127.0.0.1/
这样子是不通的,因为127.0.0.1是docker内部的回环地址。并不是外部linux的ip。
那么我们先在linux外部,运行命令:ifconfig
这里有一个docker的的字样的ip地址。 那么这个地址就是在docker看来的外部ip地址。
然后我们继续回到docker容器里面,curl http://172.17.0.1/
结果我们发现有返回数据了。
所以在外面的ifconfig的docker容器地址,就是主机相对容器的ip地址。
所以我的nginx配置文件应该这么写:
proxy_pass http://172.17.0.1:80
ubuntu安装微信PC版
Linux • 李魔佛 发表了文章 • 0 个评论 • 2783 次浏览 • 2022-04-10 17:13
使用一行命令就可以安装:curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
前提你已经安装了docker
上面的命令不能用sudo安装,
如果所docker需要sudo启动,可以设置一下用户:sudo usermod -aG docker $USER
如果遇到错误:
mkdir: 无法创建目录 “/home/user/.wine/drive_c/users/user/Application Data/Tencent”: 权限不够
需要把用户目录下的DoWechat 文件夹给一个777的权限。
sudo chmod +R 777 DoWechat
然后重新运行
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
就可以扫描登陆PC版微信了。
其底层用的就是Wine。 类似与ubuntu下的windows模拟框架。
查看全部
使用一行命令就可以安装:
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
前提你已经安装了docker
上面的命令不能用sudo安装,
如果所docker需要sudo启动,可以设置一下用户:
sudo usermod -aG docker $USER
如果遇到错误:
mkdir: 无法创建目录 “/home/user/.wine/drive_c/users/user/Application Data/Tencent”: 权限不够
需要把用户目录下的DoWechat 文件夹给一个777的权限。
sudo chmod +R 777 DoWechat
然后重新运行
curl -sL https://gitee.com/mirrors/doch ... at.sh | bash
就可以扫描登陆PC版微信了。
其底层用的就是Wine。 类似与ubuntu下的windows模拟框架。
Docker sed: cannot rename /etc/sedyGSbui: Device or resource busy
Linux • 李魔佛 发表了文章 • 0 个评论 • 3267 次浏览 • 2022-04-10 14:19
比如挂载命令如下:
docker run -p 80:80 --name mynginx --privileged=true -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf -v /data/nginx/logs:/var/log/nginx -d nginx:1.21
如果有文件存在,可以改为挂载其父母录
比如这里:
/data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
把它改成
/data/nginx/conf.d:/etc/nginx/conf.d
即可解决这个问题。
查看全部
比如挂载命令如下:
docker run -p 80:80 --name mynginx --privileged=true -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf -v /data/nginx/logs:/var/log/nginx -d nginx:1.21
如果有文件存在,可以改为挂载其父母录
比如这里:
/data/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
把它改成
/data/nginx/conf.d:/etc/nginx/conf.d
即可解决这个问题。
查看docker运行的容器的启动命令
Linux • 李魔佛 发表了文章 • 0 个评论 • 1779 次浏览 • 2022-04-04 23:52
这时可以用到一个python脚本,runlike
安装:
pip install runlike
体积很小,估计就几k不到。
然后运行:
runlike -p 容器名字
查看全部
这时可以用到一个python脚本,runlike
安装:
pip install runlike
体积很小,估计就几k不到。
然后运行:
runlike -p 容器名字
docker compose 部署 Wordpress
Linux • 李魔佛 发表了文章 • 0 个评论 • 1618 次浏览 • 2022-04-04 20:03
这个失败的wordpress的compose yaml文件如下:
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
使用logs查看,报错信息如下:
MySQL Connection Error: (1045) Access denied for user 'root'@'172.23.0.3' (using password: YES)
问题的根源在于用这个compose文件创建的数据库无法连接。 这个数据用的是要大于mysql > 5.7.
创建后默认的密码是root为空,而登录需要用到一个密码转换的插件。
后面找了另外一个wordpress 可以正常运行的:
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- wordpress_data:/var/www/html
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
wordpress_data: {}
查看全部
这个失败的wordpress的compose yaml文件如下:
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
使用logs查看,报错信息如下:
MySQL Connection Error: (1045) Access denied for user 'root'@'172.23.0.3' (using password: YES)
问题的根源在于用这个compose文件创建的数据库无法连接。 这个数据用的是要大于mysql > 5.7.
创建后默认的密码是root为空,而登录需要用到一个密码转换的插件。
后面找了另外一个wordpress 可以正常运行的:
version: "3.3"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- wordpress_data:/var/www/html
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
wordpress_data: {}
docker restart always 不起作用
Linux • 李魔佛 发表了文章 • 0 个评论 • 1818 次浏览 • 2021-10-25 13:56
docker logs xxxxxxxxxx
xxxxxxx 为该容器的sha哈希的ID值
然后发现,--restart=always 被识别为非正确参数。
大概知道问题是 --restart 的位置不对, 它不能放在最后,
吧 --restart=always 放到前面 就可以了。
查看全部
docker logs xxxxxxxxxx
xxxxxxx 为该容器的sha哈希的ID值
然后发现,--restart=always 被识别为非正确参数。
大概知道问题是 --restart 的位置不对, 它不能放在最后,
吧 --restart=always 放到前面 就可以了。
docker run 和 create 区别
Linux • 李魔佛 发表了文章 • 0 个评论 • 7667 次浏览 • 2019-11-25 13:49
docker create command creates a writeable container from the image and prepares it for running.
docker run command creates the container (same as docker create ) and starts it.
查看全部
docker create command creates a writeable container from the image and prepares it for running.
docker run command creates the container (same as docker create ) and starts it.
用docker编译go代码
Linux • 李魔佛 发表了文章 • 0 个评论 • 4046 次浏览 • 2019-11-25 13:45
1. 用文本编辑你的go代码,现在以hello world为例:
package main import "fmt" func main() {
/* 这是我的第一个简单的程序 */
fmt.Println("Hello, World!")
}
2. 然后直接使用docker执行编译。docker首先会自动去下载go的编译器,顺便把所有的依赖给解决掉
docker run --rm -v "$(pwd)":/usr/src/hello -w /usr/src/hello golang:1.3 go build -v
最后会在本地生成一个编译好的hello静态文件。
上述docker命令的具体含义就是把当前路径挂在到docker容器里头,然后切换到改到改路径下,然后进行编译。 查看全部
如果偶尔需要编译go代码,但是又不想要安装一堆乱七八糟的依赖和Go编译器,可以利用docker来实现。 应该是解决起来话费时间最小的。
1. 用文本编辑你的go代码,现在以hello world为例:
package main import "fmt" func main() {
/* 这是我的第一个简单的程序 */
fmt.Println("Hello, World!")
}
2. 然后直接使用docker执行编译。docker首先会自动去下载go的编译器,顺便把所有的依赖给解决掉
docker run --rm -v "$(pwd)":/usr/src/hello -w /usr/src/hello golang:1.3 go build -v
最后会在本地生成一个编译好的hello静态文件。
上述docker命令的具体含义就是把当前路径挂在到docker容器里头,然后切换到改到改路径下,然后进行编译。
docker实战 代码勘误
Linux • 李魔佛 发表了文章 • 0 个评论 • 2735 次浏览 • 2019-11-25 11:24
看这本书的作者一定要看,不然坑挺多的。
一路采坑过来的哭着说。Last updated August 21, 2016
In an effort to offer continued support beyond publication, we have listed many updates to code due to version updates.
[code - omission] Page 18
The command to start the "mailer" is missing a line. Where the book reads:
docker run -d \
--name mailer \
the proper command should read:
docker run -d \
--name mailer \
dockerinaction/ch2_mailer
[code - regression] Page 68
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" reader
Replacement:
docker inspect --format "{{json .Mounts}}" reader
[code - regression] Page 69
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" student
Replacement:
docker inspect --format "{{json .Mounts}}" student
[code - regression] Page 74
The alpine image entrypoint has changed since original publication and has been unset. The last command on the page should now read:
docker run --rm \
--volumes-from tools \
--entrypoint /bin/sh \
alpine:latest \
-c 'ls /operations/*'
[code - regression] Page 75
The docker exec example on the top of page 75 was printed with the wrong tool name. The correct command is:
docker exec important_application /operations/tools/diagnostics
[code - regression] Page 86
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--hostname barker \
busybox:1 \
nslookup barker
[code - regression] Page 87 (top)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns 8.8.8.8 \
busybox:1 \
nslookup docker.com
[code - regression] Page 87 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns-search docker.com \
busybox:1 \
nslookup registry.hub
[code - regression] Page 88 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--add-host test:10.10.10.255 \
busybox:1 \
nslookup test
[code - regression] Page 106
There are a few new problems with this example. First, the named repository (dockerfile/mariadb) no longer exists. You can use mariadb:5.5 as replacement. However, the second problem is that containers created from the mariadb image perform certain initialization at startup. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start the database with the following command:
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024 \
--cap-drop net_raw \
-e MYSQL_ROOT_PASSWORD=test \
mariadb:5.5
[code - regression] Page 107
Containers created from the wordpress:4.1 image perform certain initialization at startup and expect certain environment variables. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start wordpress with the following command:
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--cap-drop net_raw \
-e WORDPRESS_DB_PASSWORD=test \
mariadb:5.5
[code - typo] Page 109
The device access example is missing the "run" subcommand. The command listed as:
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
should have been written as:
docker run -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
[code - typo] Page 110 - 111
Several commands are missing the "run" subcommand. In each case the command begins with
docker -d ...
and should have been written as:
docker run -d ...
[code - regression] Page 115 (bottom)
The busybox and alpine images have been updated to fix the problem described in the paragraph below. The 'su' command does not have the SUID bit set and will not provide any automatic privilege escalation.
[command correction] Page 116
Boot2Docker has been discontinued and rolled into a newer project called Docker Machine. Because a reader is unlikely to have the boot2docker command installed, the command at the top of this page should be changed from:
boot2docker ssh
to the Docker Machine equivalent:
docker-machine ssh default
where default is the name of the machine you created.
[code - regression] Page 119
The ifconfig command has since been removed from ubuntu:latest. Instead of using the ubuntu:latest image for these examples use ubuntu:trusty. The example using ifconfig should look like:
docker run --rm \
--privileged \
ubuntu:trusty ifconfig
[Illustration Mistake] Page 136
Image layer ced2 on the left side of the illustration is listed at c3d2 on the right side. These two layers should represent the same item.
[code - typo] Page 140
Containers need not be in a running state in order to export their file system. The first command on page 140 uses the "run" subcommand but the command listed will never be able to start. Replace "run" with "create." The command should appear as follows:
docker create --name export-test \
dockerinaction/ch7_packed:latest ./echo For Export
[code - missing line] Page 146
In the example Dockerfile near the top of the page the line with the RUN directive is missing part of the instruction. That line should read:
RUN apt-get update && apt-get install -y git
[code - evolution] Page 215
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: s3-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 216
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: rados-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
rados:
poolname: radospool
username: radosuser
chunksize: 4194304
maintenance:
uploadpurging:
enabled: false
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 218
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: redis-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
storage:
cache:
blobdescriptor: redis
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
redis:
addr: redis-host:6379
password: asecret
dialtimeout: 10ms
readtimeout: 10ms
writetimeout: 10ms
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
[code - typo] Page 220
The name of the file shown should be scalable-config.yml as in previous examples. This example also requires the addition of the newer uploadpurging attributes. The mainenance section of the file should be as follows:
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
[text - typo] Page 240
In the second paragraph the reader is instructed to, "Open ./coffee/api/api.py" this is not the correct location of the file. The correct file location is at, "./coffee/app/api.py."
[text - typo] Page 262
The refere nce to "flock.json" in the first sentence of the third paragraph should be "flock.yml."
[code - typo] Page 270
The git clone command uses the ssh protocol instead of https. The command should read as follows:
git clone https://github.com/dockerinact ... i.git 查看全部
看这本书的作者一定要看,不然坑挺多的。
一路采坑过来的哭着说。
Last updated August 21, 2016
In an effort to offer continued support beyond publication, we have listed many updates to code due to version updates.
[code - omission] Page 18
The command to start the "mailer" is missing a line. Where the book reads:
docker run -d \
--name mailer \
the proper command should read:
docker run -d \
--name mailer \
dockerinaction/ch2_mailer
[code - regression] Page 68
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" reader
Replacement:
docker inspect --format "{{json .Mounts}}" reader
[code - regression] Page 69
Newer versions of Docker have changed the structure of the JSON returned by the docker inspect subcommand. If the following command does not work then use the replacement. Original:
docker inspect --format "{{json .Volumes}}" student
Replacement:
docker inspect --format "{{json .Mounts}}" student
[code - regression] Page 74
The alpine image entrypoint has changed since original publication and has been unset. The last command on the page should now read:
docker run --rm \
--volumes-from tools \
--entrypoint /bin/sh \
alpine:latest \
-c 'ls /operations/*'
[code - regression] Page 75
The docker exec example on the top of page 75 was printed with the wrong tool name. The correct command is:
docker exec important_application /operations/tools/diagnostics
[code - regression] Page 86
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--hostname barker \
busybox:1 \
nslookup barker
[code - regression] Page 87 (top)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns 8.8.8.8 \
busybox:1 \
nslookup docker.com
[code - regression] Page 87 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--dns-search docker.com \
busybox:1 \
nslookup registry.hub
[code - regression] Page 88 (bottom)
It appears that nslookup behavior in the alpine image has changed. To run the example use the busybox:1 image.
docker run --rm \
--add-host test:10.10.10.255 \
busybox:1 \
nslookup test
[code - regression] Page 106
There are a few new problems with this example. First, the named repository (dockerfile/mariadb) no longer exists. You can use mariadb:5.5 as replacement. However, the second problem is that containers created from the mariadb image perform certain initialization at startup. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start the database with the following command:
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024 \
--cap-drop net_raw \
-e MYSQL_ROOT_PASSWORD=test \
mariadb:5.5
[code - regression] Page 107
Containers created from the wordpress:4.1 image perform certain initialization at startup and expect certain environment variables. That initialization work requires certain capabilities and to be started with the default user. The system should instead drop permissions after the initialization work is complete. Note that the real value of this example is in demonstrating different resource isolation mechanisms. It is not so important that you get it working. You can start wordpress with the following command:
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--cap-drop net_raw \
-e WORDPRESS_DB_PASSWORD=test \
mariadb:5.5
[code - typo] Page 109
The device access example is missing the "run" subcommand. The command listed as:
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
should have been written as:
docker run -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
[code - typo] Page 110 - 111
Several commands are missing the "run" subcommand. In each case the command begins with
docker -d ...
and should have been written as:
docker run -d ...
[code - regression] Page 115 (bottom)
The busybox and alpine images have been updated to fix the problem described in the paragraph below. The 'su' command does not have the SUID bit set and will not provide any automatic privilege escalation.
[command correction] Page 116
Boot2Docker has been discontinued and rolled into a newer project called Docker Machine. Because a reader is unlikely to have the boot2docker command installed, the command at the top of this page should be changed from:
boot2docker ssh
to the Docker Machine equivalent:
docker-machine ssh default
where default is the name of the machine you created.
[code - regression] Page 119
The ifconfig command has since been removed from ubuntu:latest. Instead of using the ubuntu:latest image for these examples use ubuntu:trusty. The example using ifconfig should look like:
docker run --rm \
--privileged \
ubuntu:trusty ifconfig
[Illustration Mistake] Page 136
Image layer ced2 on the left side of the illustration is listed at c3d2 on the right side. These two layers should represent the same item.
[code - typo] Page 140
Containers need not be in a running state in order to export their file system. The first command on page 140 uses the "run" subcommand but the command listed will never be able to start. Replace "run" with "create." The command should appear as follows:
docker create --name export-test \
dockerinaction/ch7_packed:latest ./echo For Export
[code - missing line] Page 146
In the example Dockerfile near the top of the page the line with the RUN directive is missing part of the instruction. That line should read:
RUN apt-get update && apt-get install -y git
[code - evolution] Page 215
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: s3-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 216
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: rados-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
storage:
cache:
layerinfo: inmemory
rados:
poolname: radospool
username: radosuser
chunksize: 4194304
maintenance:
uploadpurging:
enabled: false
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
[code - evolution] Page 218
The registry:2 configuration file now requires the population of additional fields under "maintenance > uploadpurging." The example should currently look like:
# Filename: redis-config.yml
version: 0.1
log:
level: debug
fields:
service: registry
environment: development
http:
addr: :5000
secret: asecretforlocaldevelopment
debug:
addr: localhost:5001
storage:
cache:
blobdescriptor: redis
s3:
accesskey:
secretkey:
region:
bucket:
encrypt: true
secure: true
v4auth: true
chunksize: 5242880
rootdirectory: /s3/object/name/prefix
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
redis:
addr: redis-host:6379
password: asecret
dialtimeout: 10ms
readtimeout: 10ms
writetimeout: 10ms
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
[code - typo] Page 220
The name of the file shown should be scalable-config.yml as in previous examples. This example also requires the addition of the newer uploadpurging attributes. The mainenance section of the file should be as follows:
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
[text - typo] Page 240
In the second paragraph the reader is instructed to, "Open ./coffee/api/api.py" this is not the correct location of the file. The correct file location is at, "./coffee/app/api.py."
[text - typo] Page 262
The refere nce to "flock.json" in the first sentence of the third paragraph should be "flock.yml."
[code - typo] Page 270
The git clone command uses the ssh protocol instead of https. The command should read as follows:
git clone https://github.com/dockerinact ... i.git