Getting started with Docker: basic usage

Getting started with Docker: basic usage

.Docker Introduction

1.1 The first Docker book

I kept encountering Docker at work, and today I finally started learning. I have encountered a lot of troubles when selecting books on the system to learn Docker and virtualization technology, mainly because there are no particularly classic books! Docker's "First Edition Docker Book" and "Docker Technology Introduction and Practical Combat" are generally not highly evaluated, while "Docker Development Practice" and "Dockeru Source Code Analysis" were released recently in 2015, and there are not many evaluations. After a comprehensive look, I finally chose "Docker Development Practice". The following are mainly used as learning materials.

1.2 What is Docker?

There is a story in "Docker Development Practice": In the shipping before the 1960s, the goods were all placed together and were easily crushed and damaged. At the same time, transshipment between different modes of transportation is also very troublesome, such as when unloading goods from docks and train cars. The combination of different goods and different vehicles is a huge two-dimensional matrix. The shipping industry finally reached an agreement and formulated an international standard container to solve this thorny problem. All goods are packed into containers and isolated from each other, and all vehicles are transshipped through containers, which greatly improves the safety and efficiency of transportation.

We often encounter the same problem in software development. Applications that use a variety of technical frameworks, from front-end static websites to back-end databases , from PHP to Java , and various deployment environments, from test servers To online environments, from virtual machines to public clouds, and so on. Docker is this container, and Docker's logo is indeed a container.

1.3 Docker and containers and virtual machines

Naturally we will ask, what is the difference between Docker and virtual machine? This question can be divided into two parts. Because Docker is not a completely original technology, but a container technology that has been around for a long time, so the first question is the difference between a container and a virtual machine? Also belonging to container technology, Docker's brothers and sisters also include Solaris Zones, BSD jails, LXC, etc. But Docker is so hot now, it naturally has its own uniqueness, so the second question is the difference between Docker and other containers?

The first question is relatively simple. Containers are a lightweight virtualization technology. It does not have a complete set of CPU, memory and disk like a virtual machine, and has absolute authority over the operating system . The container and the host host share the kernel, and all the containers share the operating system. Hundreds of containers can run on one physical machine. The second problem is a bit more troublesome. Compared with LXC, Docker abstracts the configuration to make the application running environment consistent on any platform. At the same time, it provides modern facilities and ecosystems similar to Git , such as version control and mirror hosting .

In general, the application scenarios of Docker are:

• Accelerate local development: quickly build a development environment and operating environment.
• Automatically package and deploy applications.
• Create a lightweight private Paas environment.
• Automated testing and continuous integration.
• Create a security sandbox.

---

2. Docker installation and 32-bit issues

2.1 Install Docker

Docker has two requirements for the Linux environment, one is a 64-bit system, and the other is a kernel above 3.8. And I am using the 32-bit version of Linux Mint 17, so I downloaded the source code package to compile and install. When Zheng Chou couldn't find the compilation and installation information, it was great to find that the Ubuntu software library provides a compiled Docker 32-bit version! Look at my kernel version 3.13, which also meets the requirements, so I installed it directly with apt.

cdai@dell ~ $ uname -a
Linux dell 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:30:01 UTC 2014 i686 i686 i686 GNU/Linux

cdai@dell ~ $ apt-cache search docker
docker.io - Linux container runtime
kdocker - lets you dock any application into the system tray
vim-syntax-docker - Docker container engine - Vim highlighting syntax files

cdai@dell ~ $ sudo apt-get install docker.io
cdai@dell ~ $ docker -v
Docker version 1.0.1, build 990021a
 
  
  

   
   
1
   
   
2
   
   
3
   
   
4
   
   
5
   
   
6
   
   
7
   
   
8
   
   
9
   
   
10
   
   
11
  
  
 
  
  

  
   
   
 
  
  
 
  
  

   
   
1
   
   
2
   
   
3
   
   
4
   
   
5
   
   
6
   
   
7
   
   
8
   
   
9
   
   
10
   
   
11
  
  

2.2 32-bit version image

Although Docker can be used, the images in the official Docker Hub are all prepared for 64-bit systems. After downloading these images, the error "finalize namespace drop capabilities operation not permitted" will be reported when creating and starting the container. So we can use the official Dockerfile to build a 32-bit version of the image before it can be used on a 32-bit system. (Please refer to section 3.4 for specific explanation of image construction)

Take the 32-bit version of Ubuntu as an example, just execute the Shell script provided on the official GitHub . After a long wait, we can see that the 32-bit Ubuntu image has been successfully installed locally, and the official script is quite reliable.

cdai ~ $ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
32bit/ubuntu        14.04               c062cc00654e        About a minute ago   295.3 MB

 
  
  

   
   
1
  
  

Note: I made a workaround here to learn and research Docker on my old book. Of course, you must use Docker on a 64-bit machine in real applications.

3. Getting started

3.1 Core concepts

Before you start using Docker, you must first understand the concepts in Docker and the relationship between them, otherwise you may get confused when you get started. The three most important concepts in Docker are: image, container, and library.

• Image: It is a read-only file that contains the application and its runtime dependent environment.
• Container: It is a template for building containers. Through a mirror image, we can construct many independent containers with the same operating environment.
• Repository: Docker provides Hub to store public or private images, and also allows third parties to build.

The following is a typical Docker workflow. From this picture, the relationship between these three important concepts can be clearly understood. Next in this section, we will introduce common operations one by one according to this Workflow.

3.2 Search and download mirror

First use the docker search [keyword]command to check which images are available for download on Docker Hub. After searching, you can use wildcards to represent keywords:

cdai ~ $ docker search ubuntu
NAME                           DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
ubuntu                         Ubuntu is a Debian-based Linux operating s...   2179      [OK]      
ubuntu-upstart                 Upstart is an event-based replacement for ...   31        [OK]      
torusware/speedus-ubuntu       Always updated official Ubuntu docker imag...   25                   [OK]
tleyden5iwx/ubuntu-cuda        Ubuntu 14.04 with CUDA drivers pre-installed    17                   [OK]
ubuntu-debootstrap             debootstrap --variant=minbase --components...   12        [OK]      
neurodebian                    NeuroDebian provides neuroscience research...   11        [OK]      
    ...

Next use the docker pull [repository/url:tag]command to download the mirror. Because downloading from the official Docker Hub is very slow, here is a very fast download from the domestic mirror site http://dockerpool.com/ . (Note: I will talk about using the docker run command to create a container later. In fact, if the image does not exist, Docker will automatically download it. In order to learn the pull command, I download the image manually)

    	1.cdai ~ $ docker pull dl.dockerpool.com:5000/ubuntu:14.04
	2.cdai ~ $ docker pull dl.dockerpool.com:5000/centos:latest

After the download is complete, you can use it to docker imagescheck which mirrors are available locally. The REPOSITORY column here may have three types:

• [namespace/ubuntu]: When you register an account on Docker Hub, the account name automatically becomes your namespace, which is used to distinguish the images of different users.
• [ubuntu]: This kind of warehouse name can be considered as a top-level namespace, this kind of warehouse is only used for official mirroring.
• [dl.dockerpool.com:5000/ubuntu]: URL path indicates that the image is placed on a Hub built by a third party.

cdai ~ $ docker images
REPOSITORY                      TAG             IMAGE ID         CREATED          VIRTUAL SIZE
dl.dockerpool.com:5000/ubuntu   14.04           5506de2b643b     10 months ago      199.3 MB
dl.dockerpool.com:5000/centos   latest          87e5b6b3ccc1     11 months ago      224 MB

If you want to view the detailed information of the mirror, you can use the docker inspect [image-id]command to view it. (Note: As you will see in the container section below, this command can also be used to view detailed information about the container)

1 . cdai ~ $ docker inspect 5506de2b643b
2 . [{
3 .     "Architecture": "amd64",
4 .     "Author": "",
5 .     "Comment": "",
6 .     "Config": {
7 .         "AttachStderr": false,
8 .         "AttachStdin": false,
9 .         "AttachStdout": false,
10.         "Cmd": [
11.             "/bin/bash"
12.         ],
13.         ...
14.     },
15.     "Container": "201ae89099c20e577dd9c60cb9199c2dac0688d49efa676bf3eeb859666294bd",
16.     "ContainerConfig": {
17.         "AttachStderr": false,
18.         "AttachStdin": false,
19.         "AttachStdout": false,
20.         ...
21.     },
22.     "Created": "2014-10-23T23:53:59.03271073Z",
23.     "DockerVersion": "1.3.0",
24.     "Id": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
25.     "Os": "linux",
26.     "Parent": "22093c35d77bb609b9257ffb2640845ec05018e3d96cb939f68d0e19127f1723",
27.     "Size": 0
28. }]

3.3 Create a startup container

After understanding the basic operation of mirroring, we can create a container. First use to docker createcreate the container or use to docker run [repository:tag]create and run the container. Containers can be divided into two types:

• Interactive container : It runs in the foreground and can interact with the container through the console. If the terminal that created the container is closed, the container becomes stopped. In addition, the container can be terminated by typing exit or passing docker stopor in the container console docker kill.
• Background-type container : It runs in the background and has nothing to do with the terminal after it is created and started. It needs to be terminated with docker stopor docker kill.

Note: Because my old notebook is 32-bit, even if the image is installed from a third-party Hub, it is still 64-bit unusable, so the examples here use the 32-bit Ubuntu image manually constructed in the first section.

First, let's try to create and run an interactive container. Simply output "Hello, Docker" in the container's console. how about it? Docker containers are very lightweight, so start up very quickly! docker psYou can use to view the running container, and use to docker ps -aview all containers, including those that are not started. (-L and -n=x can list the last created one or x containers)

cdai ~ $ docker run -i -t 32bit/ubuntu:14.04 /bin/bash
root@328aa6305d82:/# echo "Hello, Docker!"
Hello, Docker!
root@328aa6305d82:/# exit
exit

cdai ~ $ docker ps -a
CONTAINER ID        IMAGE                COMMAND             CREATED             STATUS                     PORTS               NAMES
328aa6305d82

3.4 Make upload mirror

There are two ways to make a local image: using the commit command and writing a Dockerfile. Let's first introduce these two production methods separately, and then learn how to upload our own local images to Docker Hub.

3.4.1 Making a mirror with commit

First start the interactive container stupefied_curie we created earlier. After the startup is successful, we will find that we have not entered the console of the container. At this time, we must use a command used in a container that has not been introduced before, the attach command, to help us re-enter the console of a started container. (Note: After the attach is executed, the console interface of the container will appear after pressing Enter once. And the background container cannot be attached)

After attaching, we can operate in the container. Here we install a Sqlite database and save a text file, ready to make a local mirrored container. I thought everything would go smoothly, but I ran into the problem of not being able to access the Internet in the container, because the default relationship between the container and the host host is bridged, and some DNS settings must be configured. The easiest way to check it online is to change the network mode so that the container uses the same network stack as the host host. An interactive container is recreated here, and the network mode uses host mode.

Now you can use docker commit [container-id]commands to make the previously prepared container into a mirror image! (Why do some commands use ID and some use name?) After execution, we can check that our mirror has been installed in the local library. There is also a problem found here, that is, a container created based on a 32-bit image, and then made into an image seems to be 64-bit again, and the error "finalize namespace drop capabilities operation not permitted" will be reported at startup: (

3.4.2 Make a mirror with Dockerfile

Above we manually perform some operations on the console of the container, and Dockerfile is a more transparent and repeatable production method , because we do not perform operations manually, but write all operations into the Dockerfile using the commands and syntax provided by Docker . Command names are all uppercase. Commonly used Dockerfile commands are:

• FROM : Specify which parent mirror to extend from.
• RUN : Execute commands to modify the image. For example, RUN apt-get update and RUN ["apt-get", "update"]. The former executes commands in /bin/sh, and the latter executes directly using the system call exec.
• EXPOSE : Specify the port opened to the outside by the process in the container. You can also use the -p parameter to open some ports that are not listed in the Dockerfile when the container is started.
• ADD : Add the host host file, folder or URL specified resource to the mirror.
• ENV : Set the environment variable for container operation.
• USER : Specify the user for running the container and the commands following the Dockerfile.

Other commands include: MAINTAINER declares author information, WORKDIR specifies the working directory (the last one will be the working directory after the container is started), VOLUME mount files, CMD and ENTRYPOINT specify commands to be executed after the container is started, ONBUILD specifies some commands in the current mirror It will not be executed when building, but triggered when the submirror is built.

Knowing these commonly used commands, you can start writing Dockerfile below. Note: The Dockerfile file name is called "Dockerfile" by default, otherwise Docker will not find it when the build command is executed. After writing, execution docker build .can start to build, each Dockerfile command is equivalent to building a temporary image, the final step will generate the final target image.

3.4.3 Upload image to Hub

First docker loginenter our login information in Docker Hub with the command, and Docker will save it to ~/.dockercfg.

4. Attachment: Docker related technology

• Container isolation : use libcontainer instead of LXC as the default container. The isolation of processes, networks, messages, file systems and host names is achieved through the kernel's pid, net, ipc, mnt, and uts namespaces.
• Resource allocation : Control the measurement and allocation of resources through cgroups.
• Portability : Use AUFS to achieve rapid updates to containers. AUFS has the concept of layers. Each modification is an incremental modification in the existing write-only layer, and the modified content forms a new file layer without affecting the original layer.
• Security : Security is ensured through namespace isolation and cgroups auditing, and a series of tools such as SELinux.