The principle and application of docker core technology (on)

One, docker overview

Docker is an open management platform for developing, running and deploying applications. Developers can use docker to develop and run applications, and operation and maintenance personnel can use docker to deploy and manage applications.

Docker provides the ability to package and run applications in a completely isolated environment, which is called a container. Due to the isolation and security of containers, multiple isolated containers can be run on a host (host) at the same time without interfering with each other. Docker has provided tools and components (Docker Client, Docker Daemon, etc.) to manage the life cycle of containers:

1. Use containers to develop applications and their supporting components.
2. The container becomes the unit for distributing and testing your application.
3. When you are ready, deploy your application to the production environment as a container or coordination service. This is the same whether your production environment is a local data center, a cloud provider, or a hybrid of the two.

Why use docker?

docker enables you to separate applications from infrastructure so that you can deliver software quickly.

1. With the help of docker, you can manage the infrastructure like an application.
2. By using docker's method to quickly transport, test, and deploy code, you can significantly reduce the delay between writing code and running it in a production environment. Such as:
   • Developers write code locally and can use docker colleagues to share and achieve collaborative work.
   • Using docker to develop and complete the program, you can directly perform automatic and manual tests on the application.
   • When developers find errors or BUGs, they can directly fix them in the development environment and quickly redeploy them to the test environment for testing and verification.
   • After the docker development is completed, when the delivery is completed, the docker is directly delivered, which means that the delivery is completed. If a patch or update is provided in the future, it needs to be pushed to the build environment to run, which is just as simple.
3. The main problems that docker solves:
   • Ensure the consistency of the program operating environment;
   • Reduce the complexity and cost of configuring the development environment and production environment;
   • Realize the rapid deployment and distribution of the program.

Understanding the overall structure of docker

Docker Engine is a client-server (C/S) application that contains the following components. Server-a long-running daemon (Docker Daemon). REST API — A set of interfaces used to communicate with Docker Daemon and instruct it to perform operations. Client-the command line interface CLI (Command Line Interface).

CLI uses docker commands to directly control Docker Daemon to perform operations through REST API. Docker Daemon is responsible for creating and managing Docker objects (images, containers, networks, data volumes).

Docker Client: It is the most important way for users to interact with docker. When you enter the docker command in the terminal, the corresponding one will have a corresponding effect on the server, and the result will be returned to the client. In addition to connecting to the local server, Docker Client connects to the remote server by changing or specifying DOCKER_HOST.
Docker Server: Docker Daemon is actually the server of Docker. It is responsible for listening to Docker API requests (such as Docker Client) and managing docker objects (Docker Objects), such as images, containers, networks, data volumes, etc.
Docker Registries: commonly known as docker warehouse, a cloud service environment dedicated to storing images. Docker Hub is a public place for storing images, similar to Github for storing code files. Similarly, you can build a private warehouse similar to Github.
Docker Objects

1. Image: A docker executable file, which includes all the code content, dependent libraries, environment variables and configuration files needed to run the application.
2. Container: The instance after the image is run.
3. Network: The network method of how to access each other from outside or between containers, such as host mode and bridge mode.
4. Data volume: The storage mode is shared between the container and the host, and between the container and the container, similar to the shared file directory between the virtual machine and the host.

Understanding the underlying technology of docker

1. docker is implemented in Go language.
2. Docker uses several features of the linux kernel to achieve functions:
   use Linux namespaces, use linux control groups (Control Groups), and use linux's Union File Systems (Union File Systems). This means that docker can only run on linux. Running docker on Windows and MacOS is actually a docker program that uses virtualization technology and then runs on a linux virtual machine.
3. Container Format (Container Format) Docker Engine combines namespace, cgroups, and UnionFS. A package is a container format (Container Format). Docker realizes container creation and life cycle management by managing and controlling the namespace, cgroups, and UnionFS in this package. There are many container formats, and the container format currently used by docker is called libcontainer.
4. Namespaces: Provide operating system-level isolation for docker containers. Process ID isolation: For the first process running in each container, the process ID always starts from 1. Network isolation: The network of the container is isolated and separated from the network of the host or other containers, which is equivalent to two networks. Inter-process communication isolation: The process in the container and the process in the host or other containers are invisible to each other, and communication needs to rely on the network. File system mount isolation: The container has its own separate working directory. Kernel and system version number isolation: When the container views the kernel version number or the system version number, it is the container, not the host.
5. Control Groups (control group-cgroups): Provide hardware-level isolation for docker containers, and control groups can control the hardware resources used by applications. Based on this nature, the control group helps the docker engine share hardware resources for container use, and impose constraints and restrictions. Such as controlling the memory size used by the container.
6. Union File Systems (UnionFS): Use layered thinking to manage images and containers.

Two, docker version and installation introduction

Docker-CE 和 Docker-EE

Docker-CE refers to the docker community edition, which is maintained by the community and provides technical support. It is a free version, suitable for individual developers and small teams. Docker-EE refers to the docker enterprise version. It is a paid version. The after-sales team and technical team provide technical support. It is designed for enterprise development and IT teams. Compared with Docker-CE, it adds some additional functions, and more importantly, provides a more secure guarantee. In addition, the release version of docker is divided into Stable version and Edge version. The difference is that the former is a stable version released quarterly (slow release), and the latter is an edge version released monthly (fast release). Under normal circumstances, Docker-CE is sufficient to meet our needs. The following study is mainly for Docker-CE.

Install docker in Linux Centos7 environment

Installation environment: Centos 7
Installation conditions: docker official requires at least 3.8 or above, recommended 3.10 or above

Docker version: docker EE enterprise version, docker CE community version
Turn off the firewall: systemctl stop firewalld.service and set vi /etc/selinux/config to

install Docker Ce Community version:

1. Install wget command: yum install -y wget
2. Download Alibaba Cloud docker community version yum source

    cd /etc/yum.repos.d/
    wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   

3. View the docker installation package: yum list | grep docker
4. Install Docker Ce community version: yum install -y docker-ce.x86_64
5. Set boot up: systemctl enable docker
6. 更新 xfsprogs：yum -y update xfsprogs
7. 启动 docker：systemctl start docker
8. View version: docker version
9. View detailed information: docker info

Configure Alibaba Cloud Image Acceleration for Docker Core Foundation

1. Click here to sign in Ali cloud, copy the accelerator address of the current page.
2. Select the CentOS configuration mirror accelerator in the operation document, the operation steps are as follows:

   sudo mkdir -p /etc/docker
   vi /etc/docker/daemon.json ⇒ {
         
         
   	"registry-mirrors": ["自己的加速器地址"]}
   sudo systemctl daemon-reload
   sudo systemctl restart docker
   

3. Mirror of docker core technology

The image is a docker executable file, which includes all the code content, dependent libraries, environment variables and configuration files needed to run the application. One or more containers can be created by mirroring.

Image management

1. You can use the command docker command --help to have a deeper understanding of the usage of the specified docker command, for example: view the specific usage of the mirror search command: docker search --help
2. Search mirror: docker search mysql
3. Searching for mirrors and filtering is official: docker search --filter “is-official=true” centos
4. Search the mirror and filter the number of stars greater than: docker search --filter stars=10 centos
5. Only the first 5 of the search mirror results are displayed: docker search --filter stars=10 centos --limit 5
6. View the local image: docker images/docker image ls For example: docker images ubuntu:latest
7. Download centos7 mirror: docker pull centos:7
8. Image deletion: docker rmi/docker image rm, -f/--force force deletion. Delete the local centos7 mirror: docker rmi centos:7. Delete multiple mirrors at the same time: docker rmi f643 8652
9. Image save backup docker save, function: package and save one or more local images into a local tar file (output to STDOUT). -o, --output string specify the file name and path to be written, docker save -o linux_images.tar centos
10. Import the image backup into docker load, function: Import the image packaged by the save command into the local image library. docker load -i linux_images.tar
11. Mirror rename docker tag, function: Rename the NAME and TAG of the local mirror, and create a new named mirror. docker tag centos:7 mycentos:1
12. Mirror details docker image inspect/docker inspect. For example: docker image inspect centos:7, docker image inspect -f “{ {json .Id}}” centos:7, docker image inspect -f “{ {json .Created}}” centos:7. -f, --format string Use the format format of the specific Go language to output the result
13. Mirror history information docker history, function: to view the history (history hierarchical) information of a local mirror. For example: docker history centos:7, docker history centos:7 -H=False

Fourth, the container of docker's core technology

What is a container? Container (Container): A container is a lightweight, portable, and packaging technology that enables applications to run in the same way almost anywhere. After docker runs the image file, the resulting object is the container. The container is equivalent to an instance of the image running. Containers have a certain life cycle. In addition, it can help docker pscommand to check the containers, as viewing running processes using the ps command on linux that.

Similarities between containers and virtual machines:

1. Containers and virtual machines share the use of physical hardware resources.
2. The life cycles of containers and virtual machines are similar (create, run, pause, shut down, etc.).
3. Various applications, such as redis, mysql, nginx, etc., can be installed in the container or in the virtual machine. In other words, the operation in the container is the same as the operation in a virtual machine (operating system).
4. Like the virtual machine, after the container is created, it will be stored on the host: Linux is located under /var/lib/docker/containers

The difference between containers and virtual machines:

1. The creation, startup, and shutdown of virtual machines are based on a complete operating system. A virtual machine is a complete operating system. The container runs directly on the kernel of the host machine, which is essentially a combination of a series of processes.
2. Containers are lightweight, and virtual machines are heavyweight. First, the container does not require additional resources to manage (no Hypervisor, Guest OS is required), and the virtual machine consumes more performance; secondly, creating, starting or closing the container is as easy as creating, starting or closing the process, but creating, starting, Shutting down an operating system is not so convenient. Therefore, it means that a larger number of containers can be run on a given hardware, and docker can even be run directly on a virtual machine.
   
   Note: Containers are not virtual machines, but they have many similarities

The life cycle of a virtual machine:

The life cycle of a container:

Container life cycle management

(1) View all local containers: docker ps -a
(2) View locally running containers: docker ps
(3) Container creation docker create: Function: Use the image to create a container to be started in the Created state, the command format:

docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
命令参数(OPTIONS)：查看更多
-t, --tty  分配一个伪TTY，也就是分配虚拟终端
-i, --interactive 即使没有连接，也要保持STDIN打开
--name  为容器起名，如果没有指定将会随机产生一个名称
命令参数 (COMMAND\ARG)：COMMAND 表示容器启动后，需要在容器中执行的命令，如 ps、ls 等命令
ARG 表示执行 COMMAND 时需要提供的一些参数，如 ps 命令的 aux、ls 命令的 -a 等等。

Command demonstration:

(4) Container delete docker rm CONTAINER_ID/ CONTAINER_NAME, delete one or more containers

-f, --force  强行删除容器(会使用 SIGKILL信号) 
-v, --volumes  同时删除绑定在容器上的数据卷	

Command demonstration:

(5) The container starts docker start, which is used to start one or more containers in the created or closed state. Command format:

docker start [OPTIONS] CONTAINER [CONTAINER...]
命令参数(OPTIONS)：
-a, --attach		将当前 shell 的 STDOUT/STDERR 连接到容器上
-i, --interactive	将当前 shell 的 STDIN 连接到容器上	

Command demonstration 1:

Command demonstration 2:

(6) Container creation and start docker run, function: use the image to create and start a container, command format:

docker run [OPTIONS] IMAGE [COMMAND] [ARG...] 命令参数(OPTIONS)：查看更多
-t, --tty：分配一个伪TTY，也就是分配虚拟终端
-i, --interactive：即使没有连接，也要保持 STDIN 打开
--name：为容器起名，如果没有指定将会随机产生一个名称
-d, --detach：在后台运行容器并打印出容器 ID
--rm：当容器退出运行后，自动删除容器
命令参数 (COMMAND\ARG)：
COMMAND 表示容器启动后，需要在容器中执行的命令，如 ps、ls 等命令
ARG 表示执行 COMMAND 时需要提供的一些参数，如 ps 命令的 aux、ls 命令的 -a 等等

Command demonstration:

docker run is equivalent to docker create + docker start -a foreground mode
docker run -d is equivalent to docker create + docker start background mode
(7) The container closes docker stop, function: close one or more in pause state or running state Container, command format:

docker stop [OPTIONS] CONTAINER [CONTAINER...]
命令参数(OPTIONS)：
-t, --time int 关闭前，等待的时间，单位秒(默认10s)	

Command demonstration:

Stop all containers at one time: docker stop $(docker ps -a -q)
(8) The container terminates docker kill. Function: Force and immediately shut down one or more containers in a suspended or running state. Command format:

docker kill [OPTIONS] CONTAINER [CONTAINER...]
命令参数(OPTIONS)：
-s, --signal string   	指定发送给容器的关闭信号 (默认 KILL 信号)

Command demonstration:

Prerequisite knowledge points: Linux Two of the signals to terminate the process are: SIGTERM and SIGKILL. SIGKILL signal: Unconditionally terminate the process signal. When the process receives this signal, it will terminate immediately without cleaning up and staging. This signal cannot be ignored, processed, and blocked. It provides a method for system administrators to kill any process. SIGTERM signal: the program termination signal, which can be generated by the kill command. Unlike SIGKILL, the SIGTERM signal can be blocked and terminated so that the program can save work or clean up temporary files before exiting. The difference between docker stop and docker kill:

1. docker stop will first send a SIGTERM signal to the process, telling the process that it will be shut down. After the waiting time specified by -t has elapsed, the SIGKILL signal will be sent immediately and the container will be closed directly.
2. docker kill sends a SIGKILL signal directly to shut down the container. But it is also possible to modify the signal sent through the -s parameter.

Therefore, you will find that in the waiting process of docker stop, if the execution of docker stop is terminated, the container will not be closed in the end. The docker kill happens almost immediately and cannot be undone. In addition, there are some abnormal reasons that can also cause the container to be shut down, such as the restart of the docker daemon, the operation of the internal process of the container and other abnormal reasons.

(9) Container pause docker pause, function: pause one or more containers in running state; container unpause docker unpause, function: cancel one or more containers in pause state, and resume running. The command is demonstrated as follows:

(10) Container restart docker restart, function: restart one or more containers in running, paused, closed or newly created state. This command is equivalent to a combination of stop and start commands.
(11) View the detailed information of the container: docker inspect CONTAINER_ID / CONTAINER_NAME
(12) View the log information of the container: docker logs, the container log records the output of the main process of the container STDOUT\STDERR
(13) Modify the name of the container: docker rename CONTAINER NEW_NAME
(14) Container connection docker attach, function: bind the STDIN, STDOUT, and STDERR of the current terminal to the main process of the running container to realize the connection.

(15) Execute the new command docker exec in the container to enter the container: docker exec -it 0ad5d7b2c3a4 /bin/bash

File copy and mount of the container

1. Copy from host to container: docker cp host local path container name/ID: container path docker cp /root/123.txt kind_cerf:/home/
2. Copy from container to host: docker cp container name/ID: container path host local path docker cp kind_cerf:/home/456.txt /root
3. Mount the host folder to the container: docker run -itd -v host path: container path mirror ID docker run -itd -v /root/xdclass/:/home centos:7

5. Containers and images of docker's core technology

The relationship between the docker container and the mirror:

(1) The container submits docker commit. Function: Generate a new mirror according to the container. Command format:

docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
命令参数(OPTIONS)：
-a, --author string  作者
-c, --change list  为创建的镜像加入 Dockerfile 命令
-m, --message string   提交信息，类似 git commit -m
-p, --pause 提交时暂停容器 (default true)	

The command demonstration is as follows:

docker ps -a
docker run -dti centos:7 bash
docker exec 629b yum install -y net-tools
docker exec 629b ifconfig
docker ps -a
docker commit -m "install net-tools" 629b centos-net:v1.0
docker images
docker run -dti 6ea0 bash
docker exec be8b ifconfig

(2) Container export docker export, function: export the current file system of the container into a tar file, docker export [OPTIONS] CONTAINER

-o, --output string specifies the file to be written, the default is STDOUT
(3) The container is packaged Import docker import, import content from a tar file to create a mirror, docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]], command demonstration:

-c, --change list add Dockerfile command to the created mirror
-m, --message string When importing, add the submission information
(4) The perspective of the layer image of the

image:

(5)


The perspective

of the layer

container of the container : the underlying relationship between the container and the image: the operation of the container:


summary: