Docker is an open source application container engine, a system-level lightweight virtualization technology.
The application automation deployment solution can quickly create a container, deploy and run the application on the container, and easily realize the automatic installation, deployment and upgrade of the application through the configuration file.
Docker is written in Go language and uses cgroup to achieve resource isolation. The container technology uses LXC, which is a kernel virtualization technology that provides lightweight virtualization. lxc is a feature of the linux kernel, which allows a process or process group to run in an independent space and control it. And realize container and host resource sharing.
Related components and functions?
1.LXC, docker is the manager of lxc. Provides a series of stronger features, such as portability (standards are defined, can be run on any host), automated builds (dockerfile), version control, image sharing, etc.
2. cgroup, lxc is a management tool for cgroup. Restrict system resource management used by a process or process group. Provides a file-like interface, which is very convenient for configuration.
3. namespace, cgroup is the management interface of namespace user space. And isolation between processes or process groups, such as net, mnt, pid, user, etc.
4. aufs (AnotherUnionFS), which supports mounting different directories to the same virtual file system. The docker container is divided into a read-only image layer and a writable layer above. AUFS implements incremental modification (incremental file system) on the writable layer.
The types of joint file systems currently supported by docker include AUFS, btrfs, vfs and
DeviceMapper 5.chroot, enabling containers to run in the specified directory.
relationship between components?
Cgroup implements resource management at the bottom layer, lxc encapsulates a layer on cgroup, and docker encapsulates a layer on lxc.
Way of working?
When we start a docker container, docker will load the read-only image and add a read-write layer on it (copy the image directory to /var/lib/docker/aufs/mnt with the ID as the directory, we can Use chroot into this directory, the same as the directory inside the container). If a running container modifies an existing file, the file will be copied from the read-only layer below the read-write layer to the read-write layer. The read-only version of the file still exists, but it has been read by the read-write layer. The copy of this file in the docker container is hidden, and when the docker container is deleted and restarted with this image, the previous changes will be lost.
In docker, the combination of read-only layer and read-write layer at the top is called Union File System, UFS (Union File System)
(1) Download and install
Download and install
~$sudo apt-get install docker.io
~$sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
view status
~$sudo service docker status
docker start/running, process 17905
view version
~$sudo docker version
docker start/running, process 17905
~$ sudo docker version
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.2.1
Git commit (client): 7c8fca2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.2.1
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64
查看信息
~$sudo docker -D info
Containers: 5
Images: 2
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 12
Dirperm1 Supported: false
Execution Driver: native-0.2
Kernel Version: 3.13.0-92-generic
Operating System: Ubuntu 14.04.3 LTS
CPUs: 4
Total Memory: 7.681 GiB
Name: vobile-B85M-D3V
ID: UBLC:EWSG:XV2E:5ILL:WDOY:PZTG:KGGO:O6GQ:ZBGJ:MFBO:UT4L:A5JH
Debug mode (server): false
Debug mode (client): true
Fds: 20
Goroutines: 22
System Time: Tue Aug 23 16:14:27 CST 2016
EventsListeners: 0
Init SHA1: 22082e594df367c79a11672c59a9d5da15851227
Init Path: /usr/lib/docker.io/ dockerinit
Docker Root Dir: /var/lib/docker
WARNING: No swap limit support
Added:
Install the latest version of deocker (Add source https://get.docker.io/ubuntu):
Confirm /usr/lib/apt/methods/https is there, if not, install apt-get install apt-transport-https
~$sudo apt-get install apt-transport-https
将Docker官方资料库的访问Key添加到你本地系统
~$sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.wfZ40rp7nH --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/sogou-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpg: key A88D21E9: public key "Docker Release Tool (releasedocker) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
安装Lxc-docker包
~$sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
~$sudo apt-get update
安装最新版本的docker:
~$sudo apt-get install -y lxc-docker
ln -sf /usr/bin/docker /usr/local/bin/docker
~$sudo apt-get upgrade lxc-docker
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
lxc-docker is already the newest version.
(2)搜索/下载/安装images
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
搜索images
~$sudo docker search debian
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
debian Debian is a Linux distribution that's comp... 1585 [OK]
neurodebian NeuroDebian provides neuroscience research... 27 [OK]
jesselang/debian-vagrant Stock Debian Images made Vagrant-friendly ... 8 [OK]
armbuild/debian ARMHF port of debian 8 [OK]
eboraas/debian Debian base images, for all currently-avai... 5 [OK]
mschuerig/debian-subsonic Subsonic 5.1 on Debian/wheezy. 4 [OK]
reinblau/debian Debian with usefully default packages for ... 2 [OK]
frekele/debian docker run --rm --name debian frekele/debian 2 [OK]
datenbetrieb/debian minor adaption of official upstream debian... 1 [OK]
maxexcloo/debian Docker base image built on Debian with Sup... 1 [OK]
servivum/debian Debian Docker Base Image with Useful Tools 1 [OK]
lucasbarros/debian Basic image based on Debian 1 [OK]
webhippie/debian Docker images for debian 1 [OK]
lephare/debian Base debian images 1 [OK]
eeacms/debian Docker image for Debian to be used with EE... 1 [OK]
icedream/debian-jenkinsslave Debian for Jenkins to be used as slaves. 0 [OK]
konstruktoid/debian Debian base image 0 [OK]
smartentry/debian Debian with smartentry 0 [OK]
fike/debian Debian Images with language locale installed. 0 [OK]
mariorez/debian Debian Containers for PHP Projects 0 [OK]
nimmis/debian This is different version of Debian with a... 0 [OK]
visono/debian Docker base image of debian 7 with tools i... 0 [OK]
ustclug/debian debian image for docker with rustic mirror 0 [OK]
pl31/debian Debian base image. 0 [OK]
gnumoksha/debian [PT-BR] Imagem básica do Debian com ajust... 0 [OK]
安装debian
~$sudo docker pull debian
...
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
debian latest 04d4df406f8b 3 weeks ago 125.1 MB
删除images(docker rmi IMAGE_ID )
~$ sudo docker rmi 04d4df406f8b
Untagged: debian:latest
Deleted: 04d4df406f8b...
Create container debian
~$sudo docker create debian
run container debian
~$sudo docker run -i -t -d debian /bin/bash
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f
(For the description of the parameters of the run command, please refer to: http://www.cnblogs.com/vikings-blog/p/4238062.html)
View running containers in the background
~$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
80742db56cbb debian:latest "/bin/bash" 21 minutes ago Up 21 minutes serene_shockley
View container logs (docker logs CONTAINER ID/NAMES)
~$sudo docker logs serene_shockley
or
~$sudo docker logs 80742db56cbb
return container (docker exec -i -t CONTAINER ID/NAMES )
~$sudo docker exec -i -t serene_shockley /bin/bash or ~$sudo docker exec -i -t 80742db56cbb /bin/ bash
root@80742db56cbb:/#
root@80742db56cbb:/# exit
exit
stops the container without removing it
~$sudo docker stop NAME/ContainerID
Restart the container:
~$sudo docker start NAME/ContainerID
Delete the container, stop it first, and then delete it with the command:
~$sudo docker rm NAME/ContainerID
After deleting, continue to restart and report an error:
Error response from daemon: no such id: 80742db56cbb
FATA[0000] Error: failed to start one or more containers
(4) Bidirectional copying of files
Copy the physical system files to the container
Obtain the complete id of the container (docker inspect -f '{ {.Id}} ' CONTAINER ID/NAMES)
~$sudo docker inspect -f '{ {.Id}}' serene_shockley or ~$sudo docker inspect -f '{ {.Id}}' 80742db56cbb
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb
/fss/var/ mnt/channel+CONTAINER ID Container complete completion file (be.log) is copied to the /root/ directory of the container
~$sudo cp -r ./be.log /var/lib/docker/aufs/mnt/80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f/root/
Copy container files to physical system (docker cp CONTAINER ID/NAMES:/root/be.log /tmp/)
~$sudo docker cp 80742db56cbb:/root/be.log /tmp/ or ~$sudo docker cp serene_shockley:/root/be.log /tmp/
(5) Install software Install software
in docker:
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vim
execute update, synchronize /etc/apt/sources.list and /etc/apt/sources.list The index of the sources listed in .d, so that the latest package
root@80742db56cbb:~# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://httpredir.debian.org jessie InRelease
Get:2 http://httpredir.debian.org jessie-updates InRelease [142 kB]
Get:3 http://httpredir.debian.org jessie Release.gpg [2373 B]
Get:4 http://httpredir.debian.org jessie Release [148 kB]
Get:5 http://httpredir.debian.org jessie/main amd64 Packages [9032 kB]
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [15.5 kB]
Get:7 http://security.debian.org jessie/updates/main amd64 Packages [385 kB]
Fetched 9788 kB in 1min 42s (95.4 kB/s)
Reading package lists... Done
再次安装vim
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
........
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in auto mode
Processing triggers for libc-bin (2.19-18+deb8u4) ...
(6)容器迁移
查看所有CONTAINER
~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
086a7124db71 debian "/bin/bas" 18 hours ago Created dreamy_lumiere
80742db56cbb debian "/bin/bash" 18 hours ago Exited (0) About an hour ago serene_shockley
a7fc8d3d28d5 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago happy_yonath
7cc08a218270 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago drunk_fermat
acb345834663 debian "/bin/bash" 18 hours ago Created happy_mccarthy
select CONTAINER and complete the commit
~$ sudo docker commit acb345834663 mynewimage
0e7ebd3dd379ed8df8a22255d8a437342b218791f2d33072c9793aa48dc95a13
Export: save CONTAINER as a tar file
~$ sudo docker save mynewimage > /tmp/ftp/mynewimage.tar
Select the appropriate way to
import : Execute load in the docker of the target machine
~$ sudo docker load < /tmp/mynewimage.tar
Check: The docker images command checks if the image is now available.
~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mynewimage latest 0e7ebd3dd379 3 minutes ago 125.1 MB
(6) Network settings
When docker starts, it creates a virtual network interface called docker0 on the host machine. It randomly selects an address and subnet mask not used by the host from the private addresses defined in RFC 1918 and assigns it to docker0. For example when I start docker a few minutes later it chooses 172.17.42.1/16 - a 16 bit subnet mask gives 65,534 ip addresses for the host and its containers. But docker0 is not a normal network interface. It's just a virtual ethernet bridge that automatically forwards packets between other NICs bound to it. It enables the container to communicate with the host. Every time Docker creates a container, it creates a pair of peer interfaces, similar to two ends of a pipe - one side receives packets sent by the other side. Docker will attach one of the peer interfaces to the container as the eth0 interface and hold the other with a unique name like vethAQI2QT, which depends on the host's namespace. By binding all veth* interfaces to the docker0 bridge NIC, Docker creates a shared virtual subnet between the host and all Docker containers.
(For details, please refer to: http://www.oschina.net/translate/docker-network-configuration)
The bridge mode is the default network setting of Docker. This mode will assign Network Namespace, set IP, etc. to each container, and assign a Docker containers on the host are connected to a virtual bridge.
Since the IP address of the docker container will change every time it is started, the easiest way is of course to do port mapping of the host machine. In the early stage, configure the ports that need to be mapped when creating the container as much as possible, as follows:
ssh 50022:22
tomcat/jetty 58080 :8080
nginx/apache 50080:80
mysql 53306:3306
When creating a container, specify the parameters:
eg:
docker run -h="debian" --name debian -itd -p 50022:22 -p 53306:3306 -p 58080:8080 -p 192.168.6.210:50080:80 debian /bin/bash