Docker container introduction

1.5 The foundation of Docker technology:

• Namespace, the basis of container isolation, ensures that container A cannot see container B. 6 namespaces: User, Mnt, Network, UTS, IPC, Pid
• cgroups, container resource statistics and isolation. The main cgroups subsystems used: cpu, blkio, device, freezer, memory
• unionfs, typical: aufs/overlayfs, the basis for layered mirroring

1.6 Docker components:

• Docker Client --> Initiate requests to the Docker server process, such as: create, stop, destroy containers, etc.
• Docker Server server process --> handles all Docker requests and manages all containers
• Docker Registry image warehouse -> the central warehouse where the image is stored, which can be regarded as a storage binary scm

2. Installation and Deployment

2.1 Prerequisites

Currently, CentOS only supports Docker in the kernel released.

Docker runs on CentOS 7, which requires a 64-bit system and a kernel version of 3.10 or later.

Docker runs on CentOS-6.5 or higher versions of CentOS, requiring the system to be 64-bit and the system kernel version 2.6.32-431 or higher.

2.2 Install Docker

yum install docker -y #Install systemctl start docker #Start systemctl enable docker #Set up automatic startup

2.3 Basic Commands

docker search centos #Search for images

By default, the data is pulled from abroad, which is very slow. You can use daocloud to configure acceleration.

 curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://d6f11267.m.daocloud.io
The script is written to echo "{\"registry-mirrors\": [\"http://d6f11267.m.daocloud.io\"]}"> /etc/docker/daemon.json
systemctl restart docker #Restart failed 

Pull the image as needed:

docker pull docker.io/ansible/centos7-ansible

Pull all the images found in the search:

for i in `docker search centos|awk '!/NAME/{print $2}'`;do docker pull $i;done

View the local image:

docker images 

2.4 Command Arrangement:

Container Operations:

docker create # Create a container but don't start it docker run # Create and start a container docker stop # Stop the container and send a SIGTERM signal
docker start # Start a stopped containerdocker restart # Restart a containerdocker rm # Delete a containerdocker kill # Send a signal to the container, default is SIGKILL
docker attach # connect to a running container docker wait # block a container until it stops running

Get container information:

docker ps # Displays containers that are Up docker ps -a # Displays all containers, including those that are Up and Exited
docker inspect # Go deep into the container to get all the information of the container docker logs # View the logs of the container (stdout/stderr)
docker events # Get real-time events of the docker server docker port # Display the port mapping of the container docker top # Display the process information of the container docker diff # Display the changes before and after the container file system

Export the container:

docker cp # Copy files or directories from the container docker export # Export the entire file system of the container as a tarball without layers, tags, etc.

implement:

docker exec # Execute a command in the container, you can execute bash to enter interactive

Mirror operation:

docker images # Display a list of all local images docker import # Create an image from a tarball, often used in conjunction with export docker build # Use Dockerfile to create an image (recommended)
docker commit # create an image from a containerdocker rmi # delete an imagedocker load # create an image from a tarball, use with savedocker save # save an image as a tarball with layers and tagsdocker history # show the history of commands that generated an imagedocker tag # give an alias to an image

Registry operations:

docker login # Log in to a registry
docker search # Search for images from the registry docker pull # Download images from the repository to the local docker push # Push an image to the registry

2.5 Simple practical operation

Run and enter the container operation:

docker run -i -t docker.io/1832990/centos6.5 /bin/bash

-t specifies a pseudo terminal or terminal in the new container;

-i allows us to interact with the container (STDIN);

-d means running the container in the background;

/bin/bash . This will start a bash shell inside the container;

So when the container starts, we will get a command prompt:

We install MySQL in the container and set it to start automatically at boot, and submit the modified image:

docker ps -l query container ID
docker commit -m "function" -a "user information" ID tag to submit the modified image 

docker inspect ID View detailed information docker push ID Upload docker image

Creating an image using DockerFile

To use the command docker build, you need to create a Dockerfile file, which contains a set of instructions to tell Docker how to build the image.

mkdir DockerFile
cd DockerFile
cat > Dockerfile <<EOF
FROM 603dd3515fcc
MAINTAINER Docker xuel
RUN yum install mysql mysql-server -y
RUN mddir /etc/sysconfig/network
RUN /etc/init.d/mysqld start
EOF 

docker build -t "centos6.8:mysqld" .

-t specifies repository and tag

. Specify the path to the Dockerfile

Note that an image cannot exceed 127 layers.

In addition, you can use the ADD command to copy local files to the mirror;

Use the EXPOSE command to open the port to the outside world;

Use the CMD command to describe the program that runs after the container is started.

CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]

2.6 Dockerfile Detailed Explanation

Dockerfile instructions are case-insensitive. It is recommended to use uppercase letters and # as comments. Each line supports only one instruction, and each instruction can carry multiple parameters.

Dockerfile instructions can be divided into two types according to their functions: build instructions and setup instructions.

Build instructions: used to build images. The specified operations will not be performed on the container running the image.

Setting instructions: used to set the properties of the image. The specified operations will be performed in the container running the image.

FROM (specify base image)

Build instructions must be specified and must be placed before other instructions in the Dockerfile. Subsequent instructions all depend on the image specified by this instruction. The base image specified by the FROM instruction can be in an official remote repository or in a local repository.

This instruction has two formats:

• FROM <image> #Specify the base image as the last modified version of the image
• FROM <image>:<tag> #Specify the base image as a tag version of the image.

MAINTAINER (used to specify the image creator information)

Build instructions, used to write information about the image's creator into the image. When we execute the docker inspect command on the image, there are corresponding fields in the output to record this information.

• MAINTAINER <name>

RUN (for software installation)

Build instructions, RUN can run any command supported by the base image. If Ubuntu is selected as the base image, only Ubuntu commands can be used in the software management section.

• RUN <command> (the command is run in a shell - `/bin/sh -c`)
• RUN ["executable", "param1", "param2" ... ] (exec form)

CMD (set the operation to be performed when the container starts)

Set instructions for operations specified when the container is started. The operation can be to execute a custom script or a system command. This directive can only exist once in a file. If there are multiple directives, only the last one will be executed.

• CMD ["executable","param1","param2"] (like an exec, this is the preferred form)
• CMD command param1 param2 (as a shell)

ENTRYPOINT specifies the path to an executable script or program that will be executed with param1 and param2 as parameters. So if the CMD instruction uses the above form, then there must be a matching ENTRYPOINT in the Dockerfile. When a Dockerfile specifies an ENTRYPOINT, it uses the following format:

• CMD ["param1","param2"] (as default parameters to ENTRYPOINT)

ENTRYPOINT (sets the operation to be performed when the container starts)

Set the instruction to specify the command to be executed when the container starts. It can be set multiple times, but only the last one is valid.

• ENTRYPOINT ["executable", "param1", "param2"] (like an exec, the preferred form)
• ENTRYPOINT command param1 param2 (as a shell)

There are two situations for using this instruction, one is to use it alone, and the other is to use it in conjunction with the CMD instruction.
When used alone, if you also use the CMD command and CMD is a complete executable command, the CMD instruction and ENTRYPOINT will overwrite each other and only the last CMD or ENTRYPOINT will be valid.

# The CMD command will not be executed, only the ENTRYPOINT command will be executed CMD echo "Hello, World!" 
ENTRYPOINT ls -l

Another usage is to use it with the CMD instruction to specify the default parameters of ENTRYPOINT. In this case, the CMD instruction is not a complete executable command, but only the parameter part. The ENTRYPOINT instruction can only use JSON to specify the execution command, but not the parameters.

FROM ubuntu 
CMD ["-l"] 
ENTRYPOINT ["/usr/bin/ls"]

USER (set the user of the container)

Set the instruction to set the user who starts the container. The default user is root.

# Specify the running user of memcached ENTRYPOINT ["memcached"] 
USER daemon 
or ENTRYPOINT ["memcached", "-u", "daemon"]

EXPOSE (specify the port that the container needs to map to the host machine)

Sets the instruction that will map the port in the container to a port on the host machine. When you need to access the container, you can use the host machine's IP address and the mapped port instead of the container's IP address. There are two steps to complete the whole operation. First, use EXPOSE to set the container port to be mapped in Dockerfile, and then specify the -p option plus the port set by EXPOSE when running the container. In this way, the port number set by EXPOSE will be randomly mapped to a port number in the host machine. You can also specify the port that needs to be mapped to the host machine. In this case, make sure that the port number on the host machine is not in use. The EXPOSE instruction can set multiple port numbers at a time. When running the container, you can use the -p option multiple times.

# Map a port EXPOSE port1 
# The corresponding command used to run the container (host port: container port)
docker run -p port1 image 
 
# Map multiple ports EXPOSE port1 port2 port3 
# The corresponding command used to run the container is docker run -p port1 -p port2 -p port3 image 
# You can also specify a port number that needs to be mapped to the host machine docker run -p host_port1:port1 -p host_port2:port2 -p host_port3:port3 image

Port mapping is an important function of Docker. The reason is that each time we run a container, the IP address of the container cannot be specified but is randomly generated within the address range of the bridge network card. The IP address of the host machine is fixed. We can map the port of the container to a port on the host machine, eliminating the need to check the IP address of the container every time a service in the container is accessed. For a running container, you can use docker port plus the port to be mapped in the container and the container ID to view the mapped port of the port number on the host machine.

ENV (for setting environment variables)

Build instructions to set an environment variable in the image.

• ENV<key><value>

After setting, subsequent RUN commands can be used. After the container is started, you can view this environment variable through docker inspect, or you can set or modify the environment variable during docker run --env key=value.

If you have installed the JAVA program and need to set JAVA_HOME, you can write it in the Dockerfile like this:

• ENVJAVA_HOME/path/to/java/dirent

ADD (copy files from src to the dest path of the container)

Build instructions, all files and folders copied to the container have permissions of 0755, and uid and gid are 0; if it is a directory, all files under the directory will be added to the container, excluding the directory; if the file is in a recognizable compression format, Docker will help decompress it (pay attention to the compression format); if <src> is a file and <dest> does not end with a slash, <dest> will be treated as a file and the content of <src> will be written to <dest>; if <src> is a file and <dest> ends with a slash, the <src> file will be copied to the <dest> directory.

• ADD <src><dest>

<src> is the relative path to the source directory being built, which can be a path to a file or directory, or a remote file URL;
<dest> is the absolute path in the container

VOLUME (specify mount point)

Set instructions to enable a directory in the container to have the function of persistently storing data. The directory can be used by the container itself or shared with other containers. We know that the container uses AUFS, which cannot persist data. When the container is closed, all changes will be lost. This instruction can be used in Dockerfile when the application in the container has a need for persistent data.

FROM base 
VOLUME ["/tmp/data"]

WORKDIR (Change Directory)

Set the command, which can be switched multiple times (equivalent to the cd command) and is effective for RUN, CMD, and ENTRYPOINT.

# Execute vim a.txt under /p1/p2 
WORKDIR /p1 WORKDIR p2 RUN vim a.txt

2.7 Image import and export

Export the image to local:

docker save -o centos6.5.tar centos6.5 or docker export f9c99092063c >centos6.5.tar

Import the image from local:

docker load --input centos6.5.tar or docker load < centos6.5.tar

docker rm deletes a terminated container docker -f rm can delete a running container

Modify the running background container:

docker exec -it CONTAINER ID /bin/bash 

3. Storage

3.1 Data disk

Docker images are composed of layers of files, and some storage engines of Docker can handle how to store these files.

docker inspect centos #View container details

The Layers below the information are the centos files. These things are read-only and cannot be modified. The images and containers we create based on this image will also share these file layers, and Docker will add a readable and writable file layer on top of these layers. If you need to modify something in the file layer, Docker will copy a copy to this readable and writable file layer. If you delete the container, the files in its corresponding readable and writable file layer will also be deleted.

If there is some data that you want to keep forever, such as logs on a web server or data in a database management system, you can put this data in the data volumes disk. The data on it will be permanently retained even if the container is deleted. When creating a container, we can specify the data disk. In fact, it is to specify a specific directory.

docker run -i -t -v /mnt --name nginx docker.io/nginx /bin/bash

-v: Specify the directory to be mounted in the container

Use docker inspect container ID to view the physical file path of the mounted directory corresponding to the host machine

Similarly, we can use the directory of the specified physical host to mount the specified directory of the container:

Mount the host directory into the container:

-d Run in the background

--name Give the running container a name

-v host directory: container directory mounts the host directory in the container

-p Host port: The container listening port maps the application listening port in the container to a specific port on the physical host.

Map multiple physical directories: (just write more -v)

3.2 Data Container:

You can create a data container, that is, when you create a container, you specify the data disk of this container, and then allow other containers to use this container as their data disk, which is a bit like inheriting the data disk specified by this data container as the data disk.

First create a data container named newnginx

docker create -v /mnt -it --name newnginx docker.io/nginx /bin/bash

Use this data container to run a container nginx1 and create a file in the data directory /mnt

docker run --volumes-from newnginx --name nginx1 -it docker.io/nginx /bin/bash

Use the data container to create a container nginx2. Check that the files created by container nginx1 in the data directory still exist. Similarly, create files under /mnt of nginx2. Other new containers running based on the data container can also see the files.

3.3 Data disk management:

When deleting a container, Docker does not delete its data disk by default.

docker volume ls #View the data diskdocker volume ls -f dangling=true #View the data disk not used by the containerdocker volume rm VOLUME NAME #Delete the data disk 

If you want to delete the container and its data disk at the same time, you can use the -v parameter.

docker rm -v newnginx

4. Network

Docker provides several networks, which determine how containers communicate with each other and with the outside world.

docker network ls #View the network 

When the Docker process starts, a virtual bridge named docker0 is created on the host, and the Docker container started on this host is connected to this virtual bridge. The virtual bridge works similarly to a physical switch, so that all containers on the host are connected to a Layer 2 network through the switch. Assign an IP from the docker0 subnet to the container and set the docker0 IP address as the default gateway for the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container and names it eth0 (the container's network card), and the other end in the host, naming it vethxxx or something like that, and adds this network device to the docker0 bridge.

4.1 bridge network

Unless you specify a network when creating a container, the container will use a bridge network by default. Containers belonging to this network can communicate with each other, but if the outside world wants to access the containers of this network, they need to use a bridge network, which is a bit like a bridge between the host and the container, which has a certain isolation effect on the container. In fact, DNAT rules are set in iptables to realize the port forwarding function. You can use iptables -t nat -vnL to view it.

4.2 Host Network

If you use the host mode when starting a container, the container will not obtain an independent Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card, configure its own IP, etc., but will use the host's IP and port. However, other aspects of the container, such as the file system and process list, are still isolated from the host machine. Containers that only use this type of network will use the host's network. This network is completely open to the outside world. If you can access the host, you can access the container.

4.3 Using none mode

The Docker container has its own Network Namespace, but no network configuration is performed for the Docker container. In other words, this Docker container has no network card, IP, routing and other information. We need to add network cards and configure IP for the Docker container ourselves. Containers using this type of network are completely isolated.

4.4 Simple Demonstration:

Start two containers and view their internal IP addresses

Check that the containers in the host and the containers and the host can communicate normally in bridge mode

docker inspect container id 

Check that there is no IP address inside the container created by the host. It uses the address of the host machine.

docker run -d --net host docker.io/sergeyzh/centos6-nginx 

Check that there is no IP address inside the container created by the host. It uses the address of the host machine.

docker run -d --net none docker.io/sergeyzh/centos6-nginx 

4.5 Container Ports:

If you want the outside world to be able to access the services provided by the container created based on the bridge network, you can tell Docker which interfaces you want to use. If you want to see which ports the image will use, ExposedPorts can tell you which ports the image uses.

docker run -d -p 80 docker.io/sergeyzh/centos6-nginx  
docker port 09648b2ff7f6

The -p parameter will randomly map a high port on the host to the specified port in the container

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.