欢迎您, 来到 宁时修博客.^_^

Docker系列--后台进程参数与docker.json文件

2018/11/19 林木立 Docker 1038
Docker容器技术

一、docker进程后台命令参数

/usr/bin/dockerd --help

Usage:  dockerd COMMAND

A self-sufficient runtime for containers.

Options:
      --add-runtime runtime                     Register an additional OCI compatible runtime (default [])
      --allow-nondistributable-artifacts list   Allow push of nondistributable artifacts to registry
                                                允许推送 nondistributable artifacts到Docker registry
----------------------------------------------------------------------------------------------------------------------
      --api-cors-header string                  Set CORS headers in the Engine API
                                                在docker engine API中设置 CORS headers信息
----------------------------------------------------------------------------------------------------------------------
      --authorization-plugin list               Authorization plugins to load
                                                加载授权插件
----------------------------------------------------------------------------------------------------------------------
      --bip string                              Specify network bridge IP
                                                指定docker网桥的IP
----------------------------------------------------------------------------------------------------------------------
  -b, --bridge string                           Attach containers to a network bridge
                                                把容器固定在某个docker网桥上
---------------------------------------------------------------------------------------------------------------------
      --cgroup-parent string                    Set parent cgroup for all containers
                                                为所有容器设置父级 cgroup
----------------------------------------------------------------------------------------------------------------------
      --cluster-advertise string                Address or interface name to advertise
                                                cluster对外的地址或者接口
----------------------------------------------------------------------------------------------------------------------
      --cluster-store string                    URL of the distributed storage backend
                                                cluster的后端URL
---------------------------------------------------------------------------------------------------------------------
      --cluster-store-opt map                   Set cluster store options (default map[])
                                                设置cluster存储选项(默认 map[])
-------------------------------------------------------------------------------------------------------------------
      --config-file string                      Daemon configuration file (default "/etc/docker/daemon.json")
                                                docker守护进程配置文件路径(默认 "/etc/docker/daemon.json")
--------------------------------------------------------------------------------------------------------------------
      --containerd string                       containerd grpc address
                                                容器的grpc(google开发的RPC框架)地址
-----------------------------------------------------------------------------------------------------------------
      --cpu-rt-period int                       Limit the CPU real-time period in microseconds
                                                将CPU实时处理周期限制在微秒级
-----------------------------------------------------------------------------------------------------------------------
      --cpu-rt-runtime int                      Limit the CPU real-time runtime in microseconds
                                                将CPU实时运行时间限制在微秒级
-----------------------------------------------------------------------------------------------------------------------
      --data-root string                        Root directory of persistent Docker state (default "/var/lib/docker")
                                                Docker运行根目录(默认 "/var/lib/docker")
-----------------------------------------------------------------------------------------------------------------------
  -D, --debug                                   Enable debug mode
                                                守护进程启用debug模式
------------------------------------------------------------------------------------------------------------------------
      --default-gateway ip                      Container default gateway IPv4 address
      --default-gateway-v6 ip                   Container default gateway IPv6 address
                                                设置容器的默认网关(IPv4 | IPv6)地址
-------------------------------------------------------------------------------------------------------------------
      --default-ipc-mode string                 Default mode for containers ipc ("shareable" | "private") (default
                                                "shareable")
                                                容器ipc的模式(共享 | 私有)(默认 "shareable")
-------------------------------------------------------------------------------------------------------------------
      --default-runtime string                  Default OCI runtime for containers (default "runc")
                                                容器OCI runtime(默认 "runc")
-----------------------------------------------------------------------------------------------------------------
      --default-shm-size bytes                  Default shm size for containers (default 64MiB)
                                                容器 shm大小 (默认 64MB)
--------------------------------------------------------------------------------------------------------------
      --default-ulimit ulimit                   Default ulimits for containers (default [])
                                                容器 ulimits多少 (默认 [])
--------------------------------------------------------------------------------------------------------------------
      --dns list                                DNS server to use
                                                DNS服务器
------------------------------------------------------------------------------------------------------------------
      --dns-opt list                            DNS options to use
                                                DNS服务选项          
------------------------------------------------------------------------------------------------------------------
      --dns-search list                         DNS search domains to use
                                                DNS搜索域
------------------------------------------------------------------------------------------------------------------
      --exec-opt list                           Runtime execution options
                                                容器运行时执行的选项
------------------------------------------------------------------------------------------------------------------
      --exec-root string                        Root directory for execution state files (default "/var/run/docker")
                                                容器执行状态文件的路径 (默认 "/var/run/docker")
------------------------------------------------------------------------------------------------------------------
      --experimental                            Enable experimental features
                                                启用 实验版的特性
------------------------------------------------------------------------------------------------------------------
      --fixed-cidr string                       IPv4 subnet for fixed IPs
      --fixed-cidr-v6 string                    IPv6 subnet for fixed IPs
                                                固定IP的(IPv4 | IPv6)子网
------------------------------------------------------------------------------------------------------------------
  -G, --group string                            Group for the unix socket (default "docker")
                                                Docker的unix socket用户组  (默认 "docker")
------------------------------------------------------------------------------------------------------------------
      --help                                    Print usage
  -H, --host list                               Daemon socket(s) to connect to
                                                连接守护进程的unix socket有哪些
------------------------------------------------------------------------------------------------------------------
      --icc                                     Enable inter-container communication (default true)
                                                启用容器间通信 (默认 true)
------------------------------------------------------------------------------------------------------------------    
      --init                                    Run an init in the container to forward signals and reap processes
                                                在容器内运行 init 以 转发信号和获取进程
------------------------------------------------------------------------------------------------------------------    
      --init-path string                        Path to the docker-init binary
                                                docker-init 路径
------------------------------------------------------------------------------------------------------------------  
      --insecure-registry list                  Enable insecure registry communication
                                                启用不安全的 registry通信,也就是开放其它服务器访问
------------------------------------------------------------------------------------------------------------------ 
      --ip ip                                   Default IP when binding container ports (default 0.0.0.0)
                                                绑定容器端口的默认IP (默认 0.0.0.0)
------------------------------------------------------------------------------------------------------------------ 
      --ip-forward                              Enable net.ipv4.ip_forward (default true)
                                                启用net.ipv4.ip_forward (默认 true)
------------------------------------------------------------------------------------------------------------------
      --ip-masq                                 Enable IP masquerading (default true)
                                                容器访问外部启用IP伪装 (默认true)
------------------------------------------------------------------------------------------------------------------
      --iptables                                Enable addition of iptables rules (default true)
                                                启用docker对iptables规则的添加  (默认 true)  
------------------------------------------------------------------------------------------------------------------
      --ipv6                                    Enable IPv6 networking
      --label list                              Set key=value labels to the daemon
                                                设置守护进程标签 key=value
------------------------------------------------------------------------------------------------------------------
      --live-restore                            Enable live restore of docker when containers are still running

------------------------------------------------------------------------------------------------------------------ 
      --log-driver string                       Default driver for container logs (default "json-file")
  -l, --log-level string                        Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default
                                                "info")
      --log-opt map                             Default log driver options for containers (default map[])
      --max-concurrent-downloads int            Set the max concurrent downloads for each pull (default 3)
      --max-concurrent-uploads int              Set the max concurrent uploads for each push (default 5)
      --metrics-addr string                     Set default address and port to serve the metrics api on
      --mtu int                                 Set the containers network MTU
      --network-control-plane-mtu int           Network Control plane MTU (default 1500)
      --no-new-privileges                       Set no-new-privileges by default for new containers
      --node-generic-resource list              Advertise user-defined resource
      --oom-score-adjust int                    Set the oom_score_adj for the daemon (default -500)
  -p, --pidfile string                          Path to use for daemon PID file (default "/var/run/docker.pid")
      --raw-logs                                Full timestamps without ANSI coloring
      --registry-mirror list                    Preferred Docker registry mirror
      --seccomp-profile string                  Path to seccomp profile
      --selinux-enabled                         Enable selinux support
      --shutdown-timeout int                    Set the default shutdown timeout (default 15)
  -s, --storage-driver string                   Storage driver to use
      --storage-opt list                        Storage driver options
      --swarm-default-advertise-addr string     Set default address or interface for swarm advertised address
      --tls                                     Use TLS; implied by --tlsverify
      --tlscacert string                        Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string                          Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string                           Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify                               Use TLS and verify the remote
      --userland-proxy                          Use userland proxy for loopback traffic (default true)
      --userland-proxy-path string              Path to the userland proxy binary
      --userns-remap string                     User/Group setting for user namespaces
  -v, --version                                 Print version information and quit

Run 'dockerd COMMAND --help' for more information on a command.


二、daemon.json文件

    Linux上配置文件的默认位置是 /etc/docker/daemon.json。--config-file参数可用于指定非默认位置。

    配置文件中设置的选项不得与通过命令行设置的选项冲突。如果文件和命令行之间的选项重复,则docker守护程序无法启动,无论其值如何。这样做是为了避免忽略配置重新加载引入的更改。例如,如果在配置文件中设置守护程序标签,并且还通过--label参数设置守护程序标签,则守护程序无法启动。守护程序启动时忽略文件中不存在的选项。

    这是Linux上允许的配置选项的完整示例:

{
	"authorization-plugins": [],
	"data-root": "",    # 存储图像,卷和群集状态等持久数据的路径。默认值为/var/lib/docker
	"dns": [],      #设定容器DNS的地址,在容器的 /etc/resolv.conf文件中可查看。
	"dns-opts": [],   #容器 /etc/resolv.conf 文件其他设置
	"dns-search": [],  #设定容器的搜索域,当设定搜索域为 .example.com 时,
	                    在搜索一个名为 host 的 主机时,DNS不仅搜索host,还
	                    会搜索host.example.com 。 注意:如果不设置, 
	                    Docker 会默认用主机上的 /etc/resolv.conf 来配置容器。
	"exec-opts": [],
	"exec-root": "",  #存储容器状态的路径。默认为/var/run/docker
	"experimental": false,
	"features": {},
	"storage-driver": "",   # Docker存储驱动
	"storage-opts": [],       # 存储驱动程序选项
	"labels": [],   #docker主机的标签,很实用的功能,例如定义:–label nodeName=host-121
	"live-restore": true,  #允许在守护程序停机期间保持容器处于活动状态。
	"log-driver": "",
	"log-opts": {},
	"mtu": 0,
	"pidfile": "",    #Docker守护进程的PID文件
	"cluster-store": "",
	"cluster-store-opts": {},
	"cluster-advertise": "",
	"max-concurrent-downloads": 3,  #每次拉动的最大并发下载量
	"max-concurrent-uploads": 5,  #每次推送的最大并发上传
	"default-shm-size": "64M",
	"shutdown-timeout": 15,
	"debug": true,  #启用debug的模式,启用后,可以看到很多的启动信息。默认false
	"host": [],    #指定Docker守护程序将侦听客户端连接的位置。默认为/var/run/docker.sock
	"log-level": "",  #日志级别
	"tls": true,   #Docker守护程序支持--tlsverify强制加密和经过身份验证的远程连接的模式
	"tlsverify": true,
	"tlscacert": "",
	"tlscert": "",
	"tlskey": "",
	"swarm-default-advertise-addr": "",
	"api-cors-header": "",
	"selinux-enabled": false,   #默认 false,启用selinux支持
	"userns-remap": "",
	"group": "",     #Unix套接字的属组,仅指/var/run/docker.sock
	"cgroup-parent": "",
	"default-ulimits": {
		"nofile": {
			"Name": "nofile",
			"Hard": 64000,
			"Soft": 64000
		}
	},
	"init": false,
	"init-path": "/usr/libexec/docker-init",
	"ipv6": false,
	"iptables": false,  #阻止Docker守护进程添加iptables规则
	"ip-forward": false,   #默认true, 启用 net.ipv4.ip_forward
	"ip-masq": false,
	"userland-proxy": false,
	"userland-proxy-path": "/usr/libexec/docker-proxy",
	"ip": "0.0.0.0",
	"bridge": "",   # 默认Docker网桥
	"bip": "",
	"fixed-cidr": "",
	"fixed-cidr-v6": "",
	"default-gateway": "",
	"default-gateway-v6": "",
	"icc": false,
	"raw-logs": false,
	"allow-nondistributable-artifacts": [],
	"registry-mirrors": [],  #镜像加速的地址,增加后在 docker info中可查看
	"seccomp-profile": "",
	"insecure-registries": [],   #配置docker的私有仓库地址
	"no-new-privileges": false,
	"default-runtime": "runc",
	"oom-score-adjust": -500,
	"node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
	"runtimes": {
		"cc-runtime": {
			"path": "/usr/bin/cc-runtime"
		},
		"custom": {
			"path": "/usr/local/bin/my-runc-replacement",
			"runtimeArgs": [
				"--debug"
			]
		}
	},
	"default-address-pools":[{"base":"172.80.0.0/16","size":24},
	{"base":"172.90.0.0/16","size":24}]}




点赞
说说你的看法

所有评论: (0)