# docker cmd ## bash `docker exec -it bash` [Docker image的导入导出 - 简书](https://www.jianshu.com/p/69b6c4c556ad) ## 导出image 导出镜像 [docker load | Docker Documentation](https://docs.docker.com/engine/reference/commandline/load/) ```bash docker save -o /home/user/images/ubuntu_14.04.tar ubuntu:14.04 ``` ## 导入image 导入镜像 ```bash docker load --input ubuntu_14.04.tar ``` ## 导入导出压缩 ```bash docker save mp_info | gzip > /home/userapp/xiewei/mp_info/mp_info.tar.gz # gunzip -c /home/userapp/xiewei/mp_info/mp_info.tar.gz | docker load docker save gcr.io/cadvisor/cadvisor:latest | gzip > cadvisor.tar.gz docker load -i cadvisor.tar.gz # Load an image or repository from a tar archive (even if compressed with gzip, bzip2, or xz) from a file or STDIN. It restores both images and tags. # 直接读取,不解压也可以 docker load -i /home/userapp/xiewei/mp_info/mp_info.tar.gz ``` ## docker run 最后面的 `server /data` 是指定需要在容器内执行的命令。 ```sh docker run -p 9000:9000 --name myminio \ -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -v /mnt/data:/data \ -v /mnt/config:/root/.minio \ minio/minio server /data ``` ```yml version: '3' services: minio: image: minio/minio:latest container_name: myminio ports: - 9000:9000 volumes: - /var/minio/data:/data - /var/minio/config:/root/.minio environment: MINIO_ACCESS_KEY: "root" MINIO_SECRET_KEY: "password" command: server /data restart: always ``` ## docker stack 单机模式下,我们可以使用 Docker Compose 来编排多个服务,而 Docker Swarm 只能实现对单个服务的简单部署。本文的主角 Docker Stack ,通过 Docker Stack 我们只需对已有的 docker-compose.yml 配置文件稍加改造就可以完成 Docker 集群环境下的多服务编排 ## docker cp ```bash # Docker容器向宿主机传送文件 docker cp container_id: <本地保存文件的路径> # --- # 宿主机向Docker容器传送文件 docker cp 本地文件的路径 container_id: ``` ## docker stats 资源监控 ```shell docker top xxx docker stats ``` ## docker 进入未启动的容器 `How To Run Commands In Stopped Docker Containers` [How To Run Commands In Stopped Docker Containers · Thorsten Hans](https://www.thorsten-hans.com/how-to-run-commands-in-stopped-docker-containers/) ```bash # Commit the stopped image docker commit 0dfd54557799 xxx # now we have a new image docker images list REPOSITORY TAG IMAGE ID CREATED SIZE debug/ubuntu cc9db32dcc2d 2 seconds ago 64.3MB # create a new container from the "broken" image docker run -it --rm --entrypoint sh xxxx # inside of the container we can inspect - for example, the file system $ ls /app App.dll App.pdb App.deps.json # CTRL+D to exit the container # delete the container and the image docker image rm xxx ``` >端口映射 实际上就是  SNAT+DNAT 都是NAT SNAT(源地址转换)和DNAT(目的地址转换) 这个是 容器不能访问其他容器的情况 ```bash iptables -I INPUT -i docker0 -j ACCEPT iptables -t nat -L -n -v ```