Summary of fragmented knowledge of Docker management

1. Overview

This article aims to summarize and organize the knowledge fragments of daily Docker management for future review and reference.

2. Application Examples

2.1、Docker container isolation Namespace

Namespace: It is the main core technology of Linux that container virtualization relies on and is used to isolate containers. It is mainly achieved through the following six isolation technologies: There are two pseudo file systems: /proc and /sys/

● UTS: Allows each container to have an independent hostname and domainname, so that it can be regarded as an independent node on the network rather than a process on the host.

● IPC : The process interaction in the container still uses the common inter-process interaction methods in Linux, including common semaphores, message queues and shared memory. The interaction between container processes is actually the interaction between processes with the same PID on the host.

● PID: Processes of different users are isolated by pid namesapce, and the same pid can exist in different namespaces. The parent process of all LXC (linux containers) processes in docker is the docker process , and each LXC process has a different namespace.

● NET:

● MNT: The mount point of the file system.

● USRE: Each container can have different user and groupid, which means that the program can be executed inside the container using the user inside the container instead of the user on the host.

2.2. Docker's free restriction cgroup

eg1: docker run -it -m 200M --memory-swap 300M centos //-m or –memory: set the memory usage limit, –memory-swap: set the swap (swap partition) usage limit

eg2: docker run -it --name containerB -c 512 centos //containerB, cpu weight limit is 512; -c or –cpu-shares sets the cpu weight of the container experiment. If not set, the default is 1024

eg3: docker run -it --name testA --device-write-bps /dev/sda:30MB centos //Container testA limits the amount of writes to the disk to 30MB per second;

Other parameters:

-bps: The amount of data read and written per second. byte per second
-iops: The number of io operations per second. io per second

--device-read-bps: Set the bps of the read device
--device-write-bps: Set the bps for writing to the device

--device-read-iops: Set the iops of the read device
--device-write-iops: Set the iops for writing to the device

2.3. Set port mapping for the running container

Sometimes we want to adjust the container mapping port without stopping the container. So how can we map the service port of the application in the container to the local host machine while the container is in use?

When running some network applications in the container and want to allow external access to these applications, you can specify port mapping using the -P or -p parameters. When using the -P (large) parameter, Docker will randomly map a host local port to the open network port of the internal container; when using the -p (small) parameter, you can specify the port to be mapped, and only one container can be bound to a specified port. Supported formats are:

IP:HostPort:ContainerPort
IP:ContainerPort
HostPort:ContainerPort

Let's take a look at some examples:

eg1: docker run -d -P nginx //docker ps will show that a 3**** port is randomly assigned to the local host and mapped to port 80 of the container. When you visit http://localhost:3**** in the local browser, the nginx welcome page will appear.

eg2: docker run -d -p 8080:80 nginx //Using docker ps, you can see that port 8080 of the local host is mapped to port 80 of the container

Verification: Command format: docker port CONTAINER [PRIVATE_PORT[/PROTO]]

Use docker inspect + container ID to get the specific information of the container:

eg3: Add a mapping port to a running container

docker inspect \`container_name` | grep IPAddress //Replace container_name with the container name in the actual environment to obtain the container's IP address iptables -t nat -A DOCKER -p tcp --dport 8001 -j DNAT --to-destination 172.17.0.19:8000 //Map the container's port 8000 to the docker host's port 8001 or:
docker commit container_id foo/live //Submit a running container as an image docker run -d -p 8000:80 foo/live /bin/bash //Run the image and add port mapping, host 8000 to container 80,

2.4. Modify the contents of a running docker container

In Docker, the host and container copy and transfer files to each other

docker cp mycontainer:/opt/testnew/file.txt /opt/test/ //Copy files from the container to the host docker cp /opt/test/file.txt mycontainer:/opt/testnew/ //Copy files from the host to the container sudo docker commit -m "description content" -a "author name" 32555789dd00 aipaper/devinz83:v2 //-m is used to specify the submission description, just like the version control tool we use; -a can specify the updated user information; followed by the ID of the container used to create the image; finally, specify the warehouse name and tag information of the target image. After successful creation, the image ID information will be returned. docker images //Verify REPOSITORY TAG
aipaper/devinz83 v2

#Modify the container configuration file yaml
vi /opt/docker/yml/docker-compose-resty-redis.yml

docker stack deploy --compose-file=/opt/docker/yml/docker-compose-resty-redis.yml resty_redis //Deploy the docker application using the newly modified image

Note: docker cp will take effect regardless of whether the container is started; after completion, use the docker commit command to commit the updated copy.

Then update the container's yml file and update the image to the new object:

2.5. Migrate Docker containers to other servers

Sometimes we need to migrate the current Docker container to another resource pool or host due to various reasons, such as hardware upgrades, data center changes, resource limitations, etc.

1) Export and import containers:

Export the container: This creates a compressed file from the container's file system. The exported file is saved as a "gzip" file. The compressed file is then copied to the new server using a file transfer tool such as scp or rsync. On the new server, import the gzip file into a new container.

docker export container-name | gzip > container-name.gz

zcat container-name.gz | docker import - container-name

docker run -d container-name /bin/bash //Use the "docker run" command to access the new container created in the new server

Note : One drawback of the Export Container tool is that it does not export the container's ports and variables, nor does it export the underlying data that contains the container. This may cause errors when trying to load the container in another server. In this regard, we can also consider using Docker image migration to migrate containers from one server to another.

2) Container image migration:

That is, we migrate the image associated with the container to a new resource pool. This is also the most common method to migrate a Docker container to another server. For the container to be migrated, first use the "Docker commit" command to save its Docker image into a compressed file.

docker commit container-id image-name //The generated image will be compressed

After that, upload the above image to the new server, and in the new server, create a new container using "docker run".
Using this method, the data volume will not be migrated, but it will preserve the application data created inside the container.

3) Save first, then load the image

A Docker image is a package of your application's code, libraries, configuration files, etc. Docker containers are created from these images.

You can use "docker save" to compress the image and migrate it to the new server. Then, in the new server, use "docker load" to use the compressed image file to create a new image.

docker save image-name > image-name.tar

cat image-name.tar | docker load

4) Migrate data volumes:

Data volumes in Docker containers are shared directories that contain container-specific data. The data in the volume is persistent and is not lost during container recreation.

When you migrate a Docker container or image from one server to another using the export or commit tools, the underlying data volumes are not migrated. In this case, the directories containing the data will be migrated manually to the new server. Then create a container on the new server, referencing that directory as its data volume.

Another simple way is to backup and restore data volumes by passing the “-volumes from” parameter in the “docker run” command.

docker run --rm --volumes-from datavolume-name -v $(pwd):/backup image-name tar cvf backup.tar /path-to-datavolume

docker run --rm --volumes-from datavolume-name -v $(pwd):/backup image-name bash -c "cd /path-to-datavolume && tar xvf /backup/backup.tar --strip 1"

In the above command, datavolume-name is /path/to/volume. This command provides a backup of the data volume. To specify a working directory, you can also specify -w/backup. The backup generated in the /backup folder can be copied to the new server via scp or ftp tools. The copied backup is then extracted and restored to the data volume in the new container.

5) Migrate the entire Docker container:

The above method only works for a single container . But in the case where all containers need to be migrated from one server to another, we take another approach. This method involves copying the entire docker directory ("/var/lib/docker") to the new server. In order for this approach to be successful, several key points need to be identified.

1. Preserve folder permissions and ownership.
2. Stop the Docker service before migration.
3. Verify that the Docker versions in the two servers are compatible.
4. Verify container list and functionality before and after migration.
5. Paths to environment variables and other configuration files.
6. If this method does not work due to any failure, we will configure a custom script to migrate containers and images from one server to another.

2.6. View files in docker image

docker attach ContainerID //The corresponding container needs to be running, not in the stopped state##For the non-running one, you can copy the files in the Docker image to the host, as shown in the following examplesudo docker cp nginx-ubuntu-container:/etc/apt/sources.list ~/Documents/  

2.7. Running containers: docker run common options

Syntax: docker run [option] image name [command passed to the startup container]

Description of common optional parameters:

• -i means running the container in "interactive mode"
• -t means that the container will enter its command line after it starts. After adding these two parameters, you can log in to the container after it is created. That is, allocate a pseudo terminal.
• --name Name the created container
• -v indicates the directory mapping relationship (the former is the host directory, and the latter is the directory mapped to the host, that is, host directory: directory in the container). Multiple -v can be used to map multiple directories or files. Note: It is best to do directory mapping, make changes on the host machine, and then share it to the container.
• -d If you add the -d parameter after run, a guarded container will be created and run in the background (in this way, you will not automatically log in to the container after creating it. If you only add the -i -t parameters, you will automatically enter the container after creation).
• -p means port mapping. The former is the host port and the latter is the mapping port in the container. You can use multiple -p to map multiple ports.
• -e sets environment variables for the container
• --network=host means mapping the host's network environment to the container, and the container's network is the same as the host's

This is the end of this article about the summary of fragmented knowledge on Docker management. For more relevant Docker management content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!