Basic Docker operations
As a new user of Docker on IBM Z, you need to develop an understanding of the hardware platform that runs the Linux operating system. Linux is designed to make full use of the hardware and its many sophisticated peripheral devices and features.
This chapter introduces you to some of the useful and frequently used Docker commands for system administrators and developers. Some of the most commonly used commands can be used to configure the environment and install, configure, and manage containers.
This chapter includes the following topics:
4.1 Linux on Z commands
In this section, we describe are some of the more common Linux commands that can be used on Linux on IBM Z.
4.1.1 Overview
Some commands include an init script, a configuration file, or both. It is assumed that init scripts are installed in /etc/init.d/. You can extract any missing files from the /etc subdirectory in the s390-tools package.
lscss
The use of the command that is shown in Example 4-1 shows information about all of the subchannels from the Linux virtual file system that are named sysfs. The information is displayed in summary format.
Example 4-1 Use od lscss display command
itsoslec:~ # lscss
Device Subchan. DevType CU Type Use PIM PAM POM CHPIDs
----------------------------------------------------------------------
0.0.0600 0.0.0000 1732/01 1731/01 yes 80 80 ff 00000000 00000000
0.0.0601 0.0.0001 1732/01 1731/01 yes 80 80 ff 00000000 00000000
0.0.0602 0.0.0002 1732/01 1731/01 yes 80 80 ff 00000000 00000000
0.0.0620 0.0.0003 1732/01 1731/01 80 80 ff 01000000 00000000
0.0.0621 0.0.0004 1732/01 1731/01 80 80 ff 01000000 00000000
0.0.0622 0.0.0005 1732/01 1731/01 80 80 ff 01000000 00000000
0.0.0500 0.0.0007 3390/0e 3990/e9 yes 80 80 ff ff000000 00000000
0.0.0100 0.0.0008 3390/0e 3990/e9 yes 80 80 ff ff000000 00000000
0.0.0200 0.0.0009 3390/0e 3990/e9 yes 80 80 ff ff000000 00000000
0.0.000c 0.0.000a 0000/00 2540/00 80 80 ff ff000000 00000000
0.0.000d 0.0.000b 0000/00 2540/00 80 80 ff ff000000 00000000
0.0.000e 0.0.000c 0000/00 1403/00 80 80 ff ff000000 00000000
0.0.0009 0.0.000d 0000/00 3215/00 yes 80 80 ff ff000000 00000000
0.0.019f 0.0.0011 3390/0e 3990/e9 80 80 ff ff000000 00000000
0.0.0300 0.0.0015 9336/10 6310/80 yes 80 80 ff ff000000 00000000
0.0.0301 0.0.0016 9336/10 6310/80 yes 80 80 ff ff000000 00000000
itsoslec:~ #
lsdasd
Example 4-2 shows the command that lists information about DASD devices from sysfs.
Example 4-2 Output of lsdasd command
itsoslec:~ # lsdasd
Bus-ID Status Name Device Type BlkSz Size Blocks
==============================================================================
0.0.0100 active dasda 94:0 ECKD 4096 21129MB 5409180
0.0.0200 active dasdb 94:4 ECKD 4096 21129MB 5409180
0.0.0300 active dasdc 94:8 FBA 512 256MB 524288
0.0.0301 active dasdd 94:12 FBA 512 512MB 1048576
0.0.0500 active dasde 94:16 ECKD 4096 10564MB 2704500
itsoslec:~ #
modinfo
The command modinfo can be used with parameters to show information about the Linux kernel module.
Example 4-3 shows the command that provides kernel module information for the btrfs file system.
Example 4-3 Kernel module output for btrfs
itsoslec:~ # modinfo btrfs
filename: /lib/modules/4.4.156-94.57-default/kernel/fs/btrfs/btrfs.ko
license: GPL
alias: devname:btrfs-control
alias: char-major-10-234
alias: fs-btrfs
srcversion: 6C9650B4874D020A776AE29
depends: raid6_pq,xor
supported: yes
intree: Y
vermagic: 4.4.156-94.57-default SMP mod_unload modversions
signer: SUSE Linux Enterprise Secure Boot Signkey
sig_key: 3F:B0:77:B6:CE:BC:6F:F2:52:2E:1C:14:8C:57:C7:77:C7:88:E3:E7
sig_hashalgo: sha256
parm: allow_unsupported:Allow using feature that are out of supported scope
itsoslec:~ #
If an overlay is in use, the use of the modinfo overlay command displays the information about the overlay, as shown in Example 4-4.
Example 4-4 Kernel module output for overlay
itsosleb:~ # modinfo overlay
filename: /lib/modules/4.4.156-94.57-default/kernel/fs/overlayfs/overlay.ko
alias: fs-overlayfs
alias: fs-overlay
license: GPL
description: Overlay filesystem
author: Miklos Szeredi <[email protected]>
srcversion: 5273297588F9E3388FDC816
depends:
supported: yes
intree: Y
vermagic: 4.4.156-94.57-default SMP mod_unload modversions
signer: SUSE Linux Enterprise Secure Boot Signkey
sig_key: 3F:B0:77:B6:CE:BC:6F:F2:52:2E:1C:14:8C:57:C7:77:C7:88:E3:E7
sig_hashalgo: sha256
itsosleb:~ #
dasdfmt
This command is used to format the DASD for a Linux volume. Example 4-5 shows the formatting of the /dev/dasde disk.
Example 4-5 Output of formatting disk /dev/dasde
itsoslea:~ # /sbin/dasdfmt -b 4096 -y -f /dev/dasde -m 500
Printing hashmark every 500 cylinders.
0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
Finished formatting the device.
Rereading the partition table... ok
fdasd
This command is used to create partitions on a specific disk. Example 4-6 shows the automatic creation of one partition that uses the whole disk in non-interactive mode.
Example 4-6 Output of fdasd command
itsoslea:~ # fdasd -a /dev/dasde
reading volume label ..: VOL1
reading vtoc ..........: ok
auto-creating one partition for the whole disk...
writing volume label...
writing VTOC...
rereading partition table...
itsoslea:~ #
pvcreate
Example 4-7 shows the command that is used to create a physical volume.
Example 4-7 Creating a physical volume for disk /dev/dasde1
itsoslea:~ # pvcreate /dev/dasde1
Physical volume "/dev/dasde1" successfully created
vgcreate
Example 4-8 shows the command that creates a volume group by name and adds at least one physical volume to it.
Example 4-8 Use of the vgcreate command
itsoslea:~ # vgcreate dockervg /dev/dasde1
Volume group "dockervg" successfully created
itsoslea:~ #
lvcreate
This command creates a logical volume in a volume group. Example 4-9 shows this command, which creates a logical volume in the dokcervg volume group.
Example 4-9 Output of lvcreate command
itsoslea:~ # lvcreate -l 100%free -n var_lib_docker dockervg
Logical volume "var_lib_docker" created.
mount
This command logically attaches a file system. As shown in Example 4-10, the use of the mount -a command causes all file systems that are listed in the fstab file to be attached, except for those file systems that are listed as noauto.
Example 4-10 Example mount command
itsoslea:~ # mount -a
itsoslea:~ # df -h | grep docker
/dev/mapper/dockervg-var_lib_docker 11G 17M 11G 1% /var/lib/docker
useradd and usermod
The command useradd is used to add a user account to the operating system. The use of the usermod command modifies the setting of this user. In Example 4-11, a new user is added and then modified to assign this new user to a group. The next command in the example (id dockeradmin) displays the user and group names that are associated with the new user.
Example 4-11 Example of a user set-up
itsoslea:~ # useradd -m -c "docker administrator" -d /home/dockeradmin dockeradmin -p passwordXX
itsoslea:~ # usermod -aG docker dockeradmin
itsoslea:~ # id dockeradmin
uid=1001(dockeradmin) gid=100(users) groups=482(docker),100(users)
itsoslea:~ #
4.2 Basic Docker commands
In this section, we introduce some basic Docker commands.
4.2.1 Docker info
This command displays system-wide information about the Docker installation, as shown in Example 4-12.
Example 4-12 Docker info output
itsosleb:~ # docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.06.2-ee-16
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 4.4.156-94.57-default
Operating System: SUSE Linux Enterprise Server 12 SP3
OSType: linux
Architecture: s390x
CPUs: 2
Total Memory: 15.63GiB
Name: itsosleb
ID: PBNE:M6RS:SJHZ:KGRT:TBD4:NJR3:WSHT:5YR5:E36Y:6UBW:ARNM:N6X7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: No kernel memory limit support
itsosleb:~ #
4.2.2 Docker ps
This command shows all running containers, as shown in Example 4-13. If you include -a, it shows all running and non-running (stopped) containers.
Example 4-13 Docker ps output
itsosleb:~ # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a862aea0126 nginx "nginx -g 'daemon ..." 18 hours ago Up 18 hours 80/tcp hopeful_hoover
Example 4-14 shows the same docker ps command, but the results now show a running container that is listening on a specific network ports. You can see all of the ports that are mapped by using this command.
Example 4-14 Docker ps output with exposed ports
itsosleb:~ # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5e994288ff6 nginx "/bin/bash" About an hour ago Up About an hour 0.0.0.0:80->80/tcp mywebcontainer
4.2.3 Docker rmi
A Docker image is an immutable file that is essentially a snapshot of a container. Images are created by using the build command and they produce a container when started by using the run command. Images are stored in a Docker registry.
Example 4-15 Docker rmi output
itsosleb:~ # docker rmi nginx
Untagged: nginx:latest
Untagged: nginx@sha256:9ad0746d8f2ea6df3a17ba89eca40b48c47066dfab55a75e08e2b70fc80d929e
Deleted: sha256:a398f7e872a9fd128e7c96029db9a6ea8166b5f0371243675debd085e9802846
Deleted: sha256:840f95e5227ce83f513117be2f7115a8acab25b8dfc5e8c26487742a58e40a8d
Deleted: sha256:a10e7dbfae84e247fc7de243b303ccc7ed58c1038edca4194f8cdc26ade561d7
Deleted: sha256:20d026287261aea4a4623254f82ce85a6e1f94eeae2b31945640d205c2b06123
itsosleb:~ #
|
Note: To delete all images, run the docker rmi $(docker images -q) command.
|
If you attempt to remove an image that is being used by a container, an error results, as shown in Example 4-16. In this case, you must determine whether the container is still needed. If the container is not needed not, run the docker stop <id> command and then the docker rm <id> command to stop and remove the container.
Example 4-16 Error message when trying to remove a Docker image
Error response from daemon: conflict: unable to remove repository reference "nginx" (must force) - container 9a862aea0126 is using its referenced image a398f7e872a9
4.2.4 Docker rm
The use of this command removes a Docker container, as shown in Example 4-17.
Example 4-17 Output of docker rm command
itsosleb:~ # docker rm 9a862aea0126
9a862aea0126
|
Note: To remove all containers, issue the docker rm $(docker ps -aq) command. Use caution when you are deleting all of the containers.
|
4.2.5 Docker stop
The use of this command stops a running container, as shown in Example 4-18.
Example 4-18 Docker stop command
itsosleb:~ # docker stop 9a862aea0126
9a862aea0126
4.2.6 Docker pull
The use of this command downloads an image from a Docker repository or registry, as shown in Example 4-19.
Example 4-19 Docker pull command and results
itsosleb:~ # docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
599d69132c05: Pull complete
bc12a10c7cc5: Pull complete
54372546fe97: Pull complete
Digest: sha256:9ad0746d8f2ea6df3a17ba89eca40b48c47066dfab55a75e08e2b70fc80d929e
Status: Downloaded newer image for nginx:latest
itsosleb:~ #
By default, the use of the docker pull command download images or repositories from the Docker Hub website. Alternatively, you can specify where the image is downloaded.
For example, Red Hat provides their own Red Hat Enterprise Linux 7 in a fully featured and supported base image. How to download a container image for Red Hat Enterprise Linux is shown in Example 4-20.
Example 4-20 Docker pull command and results for RHEL
itsosleb:~ # docker pull registry.access.redhat.com/rhel7
Using default tag: latest
latest: Pulling from rhel7
f8cc1f42a63a: Pull complete
3d3c2dcd04a1: Pull complete
Digest: sha256:33963577a88086a7cafc5efbed42c21f16dee63d79a9ebb416a231097aa44cf2
Status: Downloaded newer image for registry.access.redhat.com/rhel7:latest
itsosleb:~ #
|
Note: If the docker pull command does not work because no internet access is available, you can use the docker save and docker load commands to download the image, as shown in Example 4-56 on page 124.
|
4.2.7 Docker tag
Docker tags are aliases to the ID of a Docker image. It is another way to refer to an image. An example of the docker tag command is shown in Example 4-21, which assigns the image named nginx to the tag mytag/nginx.
Example 4-21 Output of docker tag command
itsosleb:~ # docker tag nginx mytag/nginx:1.0
Because tag clarifies information about the image, ensure that any use who pulls down an image knows what they are getting. It is also a best practice to use version control for images.
4.2.8 Docker build
The use of this command builds an image from the Dockerfile in the current directory, as shown in Example 4-22.
Example 4-22 Output of an image build by using docker build command
itsosleb:/docker_config # docker build --rm -t rh_oracle_image .
Sending build context to Docker daemon 3.072kB
Step 1/5 : FROM registry.access.redhat.com/rhel7/rhel
---> 099889565575
Step 2/5 : MAINTAINER Eric Marins <[email protected]>
---> Using cache
---> c938d81527d8
Step 3/5 : ADD DOCKER_START.sh /DOCKER_START.sh
---> Using cache
---> 857d05784ddc
Step 4/5 : RUN chmod +x /DOCKER_START.sh
---> Using cache
---> 4801932fcb05
Step 5/5 : ENTRYPOINT /DOCKER_START.sh
---> Running in 010aec53e093
---> cc1237d2f0cc
Removing intermediate container 010aec53e093
Successfully built cc1237d2f0cc
Successfully tagged rh_oracle_image:latest
The content of the Dockerfile that built this image is shown in Example 4-23.
Example 4-23 Dockerfile
itsosleb:/docker_config # cat Dockerfile
FROM registry.access.redhat.com/rhel7/rhel
MAINTAINER Eric Marins <[email protected]>
ADD DOCKER_START.sh /DOCKER_START.sh
RUN chmod +x /DOCKER_START.sh
ENTRYPOINT ["/DOCKER_START.sh"]
4.2.9 Docker run
The use of this command runs a process in an isolated container. The container process that runs is isolated in that it has its own file system, networking, and isolated process tree that is separate from the host, as shown in Example 4-24.
Example 4-24 Docker run command
tsosleb:~ # docker run -d -it --name mywebcontainer -p 80:80 nginx
86a900286fcb4f26ed379550a83aa9597a026c75505b03743c60dfbba335bd22
itsosleb:~ #
The command options are listed in Table 4-1.
Table 4-1 Docker run options
|
Option
|
Description
|
|
|
-d
|
Run container in background and print container ID.
|
|
|
-it
|
Connect the container to terminal.
|
|
|
--name
|
Set a name to your new container.
|
|
|
-p 80:80
|
Expose port 80 externally and redirect to container port 80.
|
|
|
nginx
|
The base image from where the container is created.
|
|
4.2.10 Docker container port
The use of the command lists the port mappings for a container, as shown in Example 4-25.
Example 4-25 Docker container port command
itsosleb:~ # docker container port 86a900286fcb
80/tcp -> 0.0.0.0:80
itsosleb:~ #
|
Note: You can use the command that is shown in Example 4-26 to find the container ports.
|
Example 4-26 Docker container inspect command
itsosleb:~ # docker container inspect 86a900286fcb -f "{{json .NetworkSettings.Ports}}"
{"80/tcp":[{"HostIp":"0.0.0.0","HostPort":"80"}]}
4.2.11 Docker exec
The use of this command creates a process (bash) inside the container and connects it to a terminal. It is used to run a command in a running container, as shown in Example 4-27.
Example 4-27 Docker exec command
itsosleb:~ # docker exec -it c5e994288ff6 /bin/bash
root@c5e994288ff6:/#
|
Note: This command is similar to an SSH connection for a Linux guest.
|
4.2.12 Docker attach
Use this command to attach your terminal’s standard input, output, and error (or any combination of the three) to a running container by using the container’s ID or name. The use of this command allows you to view its ongoing output or to control it interactively as though the commands were running directly in your terminal.
If the Docker container was started by using the /bin/bash command, you can access it by using attach. If it was not started in this manner, you must run the attach command to create a bash instance inside the container by using the docker exec command.
|
Note: The docker attach command is not used for running a new process in a container; instead, it is for attaching to the running process.
The command docker exec is used or running new items in a started container, be it a shell or some other process.
|
The use of the docker attach command is shown in Example 4-28.
Example 4-28 Docker attach command
# This container (d98d0460d6d5) was started using /bin/bash, so the attach command works.
itsoslec:~ # docker attach d98d0460d6d5
root@d98d0460d6d5:/#
4.2.13 Docker stop
The use of this command stops one or more running containers, as shown in Example 4-29.
Example 4-29 Docker stop command
itsosleb:~ # docker stop c5e994288ff6
c5e994288ff6
itsosleb:~ #
|
Note: To stop all containers, run the docker stop $(docker ps -aq) command.
|
4.2.14 Docker kill
The use of the docker kill command kills one or more containers. The main process inside the container is sent a SIGKILL signal (default), or the signal that is specified by using the --signal option. You can kill a container by using the container’s ID (see Example 4-30), ID-prefix, or name.
Example 4-30 Output of docker kill command
itsosleb:~ # docker kill c5e994288ff6
c5e994288ff6
itsosleb:~ # 
|
Note: To kill all running containers, runt the docker kill $(docker ps -aq) command.
|
4.2.15 Docker logs
The use of this command batch-retrieves logs that are present at the time of execution. As shown in Example 4-31, the last five lines of a container’s logs are printed (these lines are the log’s output from STDOUT/STDERR).
Example 4-31 Docker logs command for the last five lines
itsosleb:~ # docker logs --tail 5 86a900286fcb
2018/10/11 19:57:39 [error] 5#5: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 9.57.215.135, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "9.76.61.246"
9.57.215.135 - - [11/Oct/2018:19:57:39 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" "-"
9.57.232.251 - - [11/Oct/2018:19:57:41 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "-"
2018/10/11 19:57:41 [error] 5#5: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 9.57.232.251, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "9.76.61.246", referrer: "http://9.76.61.246/"
9.57.232.251 - - [11/Oct/2018:19:57:41 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://9.76.61.246/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "-"
itsosleb:~ #
|
Note: This command is similar to running the tail -n 5 -f /var/log/messages command in Linux.
|
4.2.16 Docker diff
The use of this command lists the changed files and directories between a container’s current image and its base image, as shown in Example 4-32.
Example 4-32 Docker diff command
itsosleb:~ # docker diff 86a900286fcb
C /run
A /run/nginx.pid
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/proxy_temp
A /var/cache/nginx/scgi_temp
A /var/cache/nginx/uwsgi_temp
A /var/cache/nginx/client_temp
A /var/cache/nginx/fastcgi_temp
itsosleb:~ #
In column 1 of Example 4-32, a symbol is displayed that indicates the type of change that was tracked. Three different types of changes are tracked, as listed in Table 4-2.
Table 4-2 Symbols table
|
Symbol
|
Description
|
|
|
A
|
A file or directory was added
|
|
|
D
|
A file or directory was deleted
|
|
|
C
|
A file or directory was changed
|
|
4.2.17 Docker image
The use of this command provides a way of managing your Docker images, as shown in Example 4-33.
Example 4-33 List installed Docker images
itsosleb:~ # docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest a398f7e872a9 8 days ago 115MB
registry.access.redhat.com/rhel7 latest 099889565575 3 weeks ago 198MB
itsosleb:~ #
To list the layers of an image, you can issue the command that is shown in Example 4-34. Column one of the output of this command indicates IMAGE, which is a historical result (pre-Docker v1.10) because whenever a layer was created as a result of a commit action, Docker also created a corresponding image.
Example 4-34 List the history of an image
itsosleb:~ # docker image history nginx
IMAGE CREATED CREATED BY SIZE COMMENT
a398f7e872a9 8 days ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daem... 0B
<missing> 8 days ago /bin/sh -c #(nop) STOPSIGNAL [SIGTERM] 0B
<missing> 8 days ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B
<missing> 8 days ago /bin/sh -c ln -sf /dev/stdout /var/log/ngi... 22B
<missing> 8 days ago /bin/sh -c set -x && apt-get update && a... 56.1MB
<missing> 8 days ago /bin/sh -c #(nop) ENV NJS_VERSION=1.15.5.... 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.15.... 0B
<missing> 5 weeks ago /bin/sh -c #(nop) LABEL maintainer=NGINX ... 0B
<missing> 5 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 5 weeks ago /bin/sh -c #(nop) ADD file:f5f366bce70b148... 59MB
itsosleb:~ #
4.2.18 Docker network
The use of this command allows you to manage Docker networks. You can use subcommands to create, inspect, list, remove, prune, connect, and disconnect networks (see Example 4-35).
Example 4-35 Output of docker network command
itsosleb:~ # docker network ls
NETWORK ID NAME DRIVER SCOPE
092eeb7e7874 bridge bridge local
9064785f0c1c host host local
a2fc0a17ca28 none null local
itsosleb:~ #
4.2.19 Docker commit
The use of this command commits a container’s file changes or settings into a new image. The commit command performs a snapshot of a running container; however, the container that is committed and its processes are paused by default while the image is committed. The commit operation does not include any data that is contained in volumes that are mounted inside the container (see Example 4-36).
Example 4-36 Docker commit command and its output
[root@itsoredd oracle]# docker commit db2_v2 db2_image
sha256:203e4e4294d877a76aba58f7654631ab943dd4f801067eda2a7a730eb033bc94
[root@itsoredd oracle]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
db2_image latest 203e4e4294d8 4 seconds ago 1.41GB
Docker system prune
The use of this command remove all unused containers, networks, images (dangling and unreferenced), and optionally, volumes, as shown in Example 4-37.
Example 4-37 Docker system prune command
root@itsoubua:~# docker system prune
WARNING! This will remove:
- all stopped containers
- all networks not used by at least one container
- all dangling images
- all build cache
Are you sure you want to continue? [y/N] y
Deleted Containers:
4a5ad28292251b356a8635b4e8ba078551d993d9836f889c24416cd412d43f14
b57a30f38436afaaa23c5f04a07c2136c655084bfd0b6c5bb3a16b2603b4a139
f78301a12eb9eaee87505ed141509eaed325b16429b90c10348fc293e935e5ad
Total reclaimed space: 14B
root@itsoubua:~#
4.2.20 Docker inspect
The use of this command returns low-level information about the Docker container. You can check aspects of the Docker container configuration, such as IP address, the type of image, and other useful information about a specific Docker container. The use of this command paired with a search on “IP Address” to obtain one such piece of information is shown in Example 4-38.
Example 4-38 Output of docker inspect to collect the IP Address of a docker container
itsoslec:~ # docker inspect mongoTestv1 | grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
itsoslec:~ #
4.3 Swarm commands
In this section, we describe some Docker commands that are useful when Docker is in swarm mode.
|
Note: For more information about the initialization of a swarm cluster, see 3.6, “Setting up swarm mode” on page 79.
|
4.3.1 Get information about your cluster
You can use the docker info command to get information about your swarm nodes, as highlighted in Example 4-39.
Example 4-39 Obtaining Swarm information
itsoslea:~ # docker info
Containers: 3
Running: 1
Paused: 0
Stopped: 2
Images: 2
Server Version: 17.06.2-ee-16
Storage Driver: btrfs
Build Version: Btrfs v4.5.3+20160729
Library Version: 101
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: s19ndwtonxd0ryjslar39m9v8
Is Manager: true
ClusterID: z31h3dw9kfvt5ae60lpro0wq3
Managers: 2
Nodes: 2
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Root Rotation In Progress: false
Node Address: 9.76.61.245
Manager Addresses:
9.76.61.245:2377
9.76.61.246:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 4.4.156-94.57-default
Operating System: SUSE Linux Enterprise Server 12 SP3
OSType: linux
Architecture: s390x
CPUs: 2
Total Memory: 15.63GiB
Name: itsoslea
ID: FMCX:4PPD:34K4:RXEJ:OOQX:L7XE:6SVF:SCXM:SYQF:BPXJ:YNIT:H634
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: No kernel memory limit support
itsoslea:~ #
4.3.2 List nodes in swarm
The command that is shown in Example 4-40 is used to list all nodes in a swarm.
Example 4-40 Output of docker node command
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
itsoslea:~ #
4.3.3 Demote a node
The docker node demote command is used to demote one or more nodes from manager in the swarm, as shown in Example 4-41.
Example 4-41 Output of docker node demote command
# Listing current node status in swarm
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
# Demoting itsosleb
itsoslea:~ # docker node demote itsosleb
Manager itsosleb demoted in the swarm.
# Checking Status of nodes in swarm to confirm itsosleb was demoted.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active
itsoslea:~ #
4.3.4 Promote a node
As shown in Example 4-42, the use of the docker node promote command promotes a worker node to manager.
Example 4-42 Output of docker node command to promote itsosleb
# Listing current node status in swarm
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active
# Promoting itsosleb
itsoslea:~ # docker node promote itsosleb
Node itsosleb promoted to a manager in the swarm.
# Checking Status of nodes in swarm to confirm itsosleb was promoted.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
itsoslea:~ # 
4.3.5 Changing the availability of your nodes
By default, swarm manager nodes can assign tasks to any ACTIVE node. However, system administrators or developers can update the node status from ACTIVE to DRAIN to prevent a node from receiving new tasks from the swarm manager.
When done, the manager node stops tasks that are running on the node and starts replica tasks on any other node with ACTIVE availability.
You also can pause new tasks to be assigned to a node. However, the existing tasks remain running. How to update change the status of a swarm node is shown in Example 4-43, Example 4-44, and Example 4-45 on page 120.
Example 4-43 Change availability from ACTIVE to drain
# Listing current node status in swarm
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Active
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
# Changing status of itsoslec server from ACTIVE to drain
itsoslea:~ # docker node update --availability=drain itsoslec
itsoslec
# Checking Status of nodes in swarm to confirm itsoslec is in drain status.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Drain
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
itsoslea:~ #
Example 4-44 Change availability from drain to ACTIVE
# Listing current node status in swarm
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Drain
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
# Changing status of itsoslec server from drain to ACTIVE
itsoslea:~ # docker node update --availability=active itsoslec
itsoslec
# Checking Status of nodes in swarm to confirm itsoslec is in ACTIVE status.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Active
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
itsoslea:~ #
Example 4-45 Change availability from ACTIVE to pause and returning the previous status
# Listing current node status in swarm
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Active
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
# Changing status of itsoslec server from ACTIVE to pause
itsoslea:~ # docker node update --availability=pause itsoslec
itsoslec
# Checking Status of nodes in swarm to confirm itsoslec is in PAUSE status.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Pause
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
# Changing status of itsoslec server from pause to ACTIVE
itsoslea:~ # docker node update --availability=active itsoslec
itsoslec
# Checking Status of nodes in swarm to confirm itsoslec is in ACTIVE status.
itsoslea:~ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
hv09lmdcmcm8ancnl85yvquo0 itsoslec Ready Active
s19ndwtonxd0ryjslar39m9v8 * itsoslea Ready Active Leader
s2omwkehmf0qmvj5yxvul3b1y itsosleb Ready Active Reachable
itsoslea:~ #
|
Note: It is not recommended to run containers on manager nodes. Therefore, you must set its availability as DRAIN.
|
4.3.6 Find worker join command
Run the command that is shown in Example 4-46 on a manager node. In our lab, slesa or slesb servers were defined as manager nodes.
Example 4-46 Output of docker swarm command to determine the worker join command
itsoslea:~ # docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-081948sx63y81hnvpuqwf07acbosv4w3fuqug450w0kor2kevp-cn9oqd0lccrearp8qai6qv1fb 9.76.61.245:2377
itsoslea:~ # 
4.3.7 Find manager join command
Run the command that is shown in Example 4-47 on a manager node. In our lab, slesa and slesb servers were defined as manager nodes.
Example 4-47 Output of docker swarm command to determine the manager join command
itsoslea:~ # docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-081948sx63y81hnvpuqwf07acbosv4w3fuqug450w0kor2kevp-d70cx02wyuaz2mkamvuulbvox 9.76.61.245:2377
itsoslea:~ #
4.3.8 Leave a swarm
If node does not need to be part of swarm, you can issue the command that is shown in Example 4-48.
Example 4-48 Output of docker swarm command to remove a node from swarm
itsoslec:~ # docker swarm leave
Node left the swarm.
itsoslec:~ #
4.4 Kubernetes commands
Many of the Docker commands that were described in this chapter are also available as Kubernetes commands. This section presents basic commands to check the status of a Kubernetes cluster and perform some basic operations.
4.4.1 Getting the status of the cluster
The use of the kubectl get componnentstatus command shows the status of the parts of Kubernetes, as shown in Example 4-49.
Example 4-49 get componentstatus
[lnxadmin@itsoredc ~]$ kubectl get componentstatus
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
[lnxadmin@itsoredc ~]$
The use of the kubectl get nodes command displays which nodes are part of the cluster and their current status (see Example 4-50).
Example 4-50 get nodes
[lnxadmin@itsoredc ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
itsoredb.cpolab.ibm.com Ready <none> 13m v1.12.1
itsoredc.cpolab.ibm.com Ready master 10d v1.12.1
itsoredd.cpolab.ibm.com Ready <none> 21h v1.12.1
[lnxadmin@itsoredc ~]$
The use of the kubectl get pods command show which pods are deployed (see Example 4-51).
Example 4-51 Use of get pods command
[lnxadmin@itsoredc ~]$ kubectl get pods --all-namespaces=true
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-576cbf47c7-5vz6t 1/1 Running 0 10d
kube-system coredns-576cbf47c7-dtcrp 1/1 Running 0 10d
kube-system etcd-itsoredc.cpolab.ibm.com 1/1 Running 0 10d
kube-system kube-apiserver-itsoredc.cpolab.ibm.com 1/1 Running 0 10d
kube-system kube-controller-manager-itsoredc.cpolab.ibm.com 1/1 Running 0 10d
kube-system kube-proxy-b78qk 1/1 Running 0 10d
kube-system kube-proxy-nwvnf 1/1 Running 0 21h
kube-system kube-proxy-vq8qt 1/1 Running 0 17m
kube-system kube-router-5q2vc 1/1 Running 0 10d
kube-system kube-router-kwcnj 0/1 CrashLoopBackOff 257 21h
kube-system kube-router-v2hxp 0/1 CrashLoopBackOff 8 50m
kube-system kube-scheduler-itsoredc.cpolab.ibm.com 1/1 Running 0 10d
[lnxadmin@itsoredc ~]$
The use of the kubectl get services command shows all the services that are running (see Example 4-52).
Example 4-52 Use of get services command
[lnxadmin@itsoredc ~]$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10d
[lnxadmin@itsoredc ~]$
The use of the kubectl cluster-info command shows the status of the kubernetes cluster (see Example 4-53).
Example 4-53 Use of cluter-info command
[lnxadmin@itsoredc ~]$ kubectl cluster-info
Kubernetes master is running at https://9.76.61.241:6443
KubeDNS is running at https://9.76.61.241:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[lnxadmin@itsoredc ~]$
4.5 Backing up a container
Images of the containers that exist can be created to save a customized image, back it up, or copy a container to a different host. After an image is updated and customized per your business requirements or needs, you can commit your container and create an image to your repository.
Complete the following steps:
1. Confirm that your container is available, as shown in Example 4-54.
Example 4-54 Confirming containers available on your host
[root@itsoredd ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de63be560f7b registry.access.redhat.com/rhel7 "/bin/bash" 3
2. Perform a commit of your container after the configuration is completed by using the docker commit command, as shown in Example 4-55.
Example 4-55 Commit the Docker image
[root@itsoredd ~]# docker commit rh_oracle_v10 rh_oracle12c
sha256:ac5c4cb7f9e571cf0fed264af157cfca1966f5715dfff8238266163464a69f75
[root@itsoredd ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
rh_oracle12c latest ac5c4cb7f9e5 9 seconds ago 690MB
3. After the new image is created, create a container that is based on this image or save the container by using the docker save command and send it to a different host. Then, use the docker load command to load the new image to the other host (in this case, copied from server itsoredd to itsoredc), as shown in Example 4-56.
Example 4-56 Saving Docker image into a new file, transferring, then loading
[root@itsoredd tmp]# docker save rh_oracle12c > /oracle/oracle12image.tar
[root@itsoredd tmp]# scp /tmp/sles12sp2.tar itsoslea.cpolab.ibm.com:/oracle
[root@itsoredc tmp]# docker load < /oracle/oracle12image.tar
ca3c5eec1300: Loading layer [==================================================>] 155.6MB/155.6MB
Loaded image: oracle12image
itsoredd:/oracle # docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
oracle12image 1.0.2 2511879f104c 2 days ago 152MB
hello-world latest ca91c0e8c6ca 4 weeks ago 1.97kB
[root@itsoredc tmp]# /oracle #
This approach that uses the docker save and docker load commands can be used to download images to assist when a server lacks internet access. If your server lacks internet access and the docker pull command does not work, you can use a server with internet access to download the docker image.
Then, use the docker save command as shown in Example 4-56 on page 124 and copy the image to the server that lacks internet access and use the docker load command to make the image available on that server.
Another option to back up a Docker container is the use of the export or import options on Docker, as shown in Example 4-57.
Example 4-57 Export the current image, then import it using docker commands
[root@itsoredd oracle]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3c44208f7e7f registry.access.redhat.com/rhel7 "/bin/bash" 5 hours ago Up 4 hours rh_oracle_v11
[root@itsoredd oracle]# docker export rh_oracle_v11 | gzip > rh_oracle_v11.gz
[root@itsoredd oracle]# ls -ltr rh_oracle_v11.gz
-rw-rw-r-- 1 oracle lnxadmin 70536778 Oct 10 14:55 rh_oracle_v11.gz
[root@itsoredd oracle]#
[root@itsoredd oracle]# zcat rh_oracle_v11.gz | docker import - rh_oracle12c_v1
sha256:9b342e55a9b3061d094bec62efb01c8d1571fcfd079c978852da162e7d610549
[root@itsoredd oracle]#
[root@itsoredd oracle]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
rh_oracle12c latest ac5c4cb7f9e5 21 minutes ago 690MB
Several options for backup containers are available. Check which option is best for your scenario.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.