1 Introduction
to Docker Docker provides an envelope, or container, that can run your application. It was originally a side project started by dotCloud and was open sourced some time ago. It attracted a lot of attention and discussion, leading dotCloud to rename it to Docker Inc. It was originally written in the Go language, and it is equivalent to a pipeline added to LXC (LinuX Containers, linux containers), allowing developers to work on higher-level concepts.
Docker extends Linux Containers (Linux Containers), or LXC, to provide a single, lightweight virtual environment for processes through a high-level API. Docker utilizes LXC, cgroups and Linux's own kernel. Unlike traditional virtual machines, a Docker container does not contain a separate operating system, but runs based on the functions provided by the operating system in the existing infrastructure.
Docker is similar to the concept of a virtual machine, but it is different from virtualization technology in the following points:
1. Virtualization technology relies on physical CPU and memory, which is at the hardware level; while Docker is built on the operating system and uses the containerization technology of the operating system , so docker can even run on a virtual machine.
2. Virtualization systems generally refer to operating system images, which are more complex and are called "systems"; while docker is open source and lightweight, called "containers". A single container is suitable for deploying a small number of applications, such as deploying a redis and a memcached.
3. The traditional virtualization technology uses snapshots to save the state; while docker is not only lighter and less expensive to save the state, but also introduces a similar source code management mechanism to record the snapshot history versions of the container one by one, and the switching cost is very low .
4. The traditional virtualization technology is more complicated when building the system and requires a lot of manpower; while docker can build the entire container through the Dockfile, and the restart and construction speed is very fast. More importantly, the Dockfile can be written manually, so that the application developer can guide the system environment and dependencies by publishing the Dockfile, which is very beneficial for continuous delivery.
5. Dockerfile can create new containers based on already built container images. Dockerfile can be shared and downloaded by the community, which is conducive to the promotion of this technology.
Docker will act like a portable container engine. It packages the application and all its dependencies into a virtual container that can run on any Linux server. This greatly increases the flexibility and portability of how programs run, whether permissioned or not, in a public or private cloud, in a bare metal environment, etc.
Docker is also a cloud computing platform. It uses Linux's LXC, AUFU, Go language, and cgroup to achieve resource independence. It can easily isolate files, resources, and networks. Its ultimate goal is to achieve application isolation similar to PaaS platforms. .
Docker consists of the following:
1. The Docker server daemon, which manages all containers.
2. Docker command line client for controlling the server daemon.
3. Docker images: Find and browse docker container images.
2 docker features
File system isolation: Each process container runs in a completely independent root file system.
Resource isolation: Each process container can be allocated different system resources, such as CPU and memory, using cgroups.
Network isolation: Each process container runs in its own network namespace with its own virtual interface and IP address.
Copy-on-write: The root file system is created with copy-on-write, which makes deployment extremely fast and saves memory and hard disk space.
Logging: Docker will collect and log standard streams (stdout/stderr/stdin) per process container for real-time retrieval or batch retrieval.
Change Management: Changes to a container's filesystem can be committed to a new image and reused to create more containers. No templates or manual configuration required.
Interactive Shell: Docker can assign a virtual terminal and attach it to any container's standard input, for example to run a one-time interactive shell.
3 Two basic concepts: images and container
Container and Image In the world of Docker, Image refers to a read-only layer (Layer). The layer here is the concept in AUFS. The most intuitive way is to look at the official docker. picture:
Docker uses a file system called AUFS. This file system allows you to modify your files layer by layer. The bottom file system is read-only. If you need to modify files, AUFS will add a writable file. Layer (Layer), this has many advantages, such as different Containers can share the underlying read-only file system (the same Kernel), so that you can run N multiple Containers without your hard disk being crowded! This read-only layer is Image! And as you can see, a writable layer is the Container.
What is the difference between Image and Container? Very simple, the difference between them is only that one is a read-only layer and the other is a writable layer. You can use the docker commit command to turn your Container into an Image, that is, to submit the modified content of the Container you are running. becomes a new read-only Image, which is very similar to the git commit command.
4 docker installation and startup
Install docker
[root@localhost /]# yum -y install docker-io
change configuration file
[root@localhost /]# vi /etc/sysconfig/docker
The other-args column is changed to: other_args="--exec-driver=lxc --selinux-enabled"
to start the docker service
[root@localhost /]# service docker start
Starting cgconfig service: [ OK ]
Starting docker: [ OK ]
Add docker to boot
[root@localhost /]# chkconfig docker on
Check docker version for basic information
: Check the version number of docker, including client, server, and dependent Go, etc.
[root@localhost /]# docker version
Client version: 1.0.0
Client API version: 1.12
Go version (client): go1.2.2
Git commit (client): 63fe64c/1.0.0
Server version: 1.0.0
Server API version: 1.12
Go version (server): go1.2.2
Git commit (server): 63fe64c/1.0.0
docker info :查看系统(docker)层面信息,包括管理的images, containers数等
[root@localhost /]# docker info
Containers: 16
Images: 40
Storage Driver: devicemapper
Pool Name: docker-253:0-1183580-pool
Data file: /var/lib/docker/devicemapper/devicemapper/data
Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
Data Space Used: 2180.4 Mb
Data Space Total: 102400.0 Mb
Metadata Space Used: 3.4 Mb
Metadata Space Total: 2048.0 Mb
Execution Driver: lxc-0.9.0
Kernel Version: 2.6.32-431.el6.x86_64
5 Acquisition of images and use of containers An
image can be regarded as a container system containing some software. For example, ubuntu is an official base image, and many images are "derived" based on this image, which contains the basic ubuntu system. For another example, hipache is an official image container, which can support proxy services of http and websocket after running, and the image itself is based on ubuntu.
Search for images
docker search <image>: Search for images in the docker index
[root@localhost /]# docker search ubuntu12.10
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mirolin/ubuntu12.10 0
marcgibbons/ubuntu12.10 0
mirolin/ubuntu12.10_redis 0
chug/ubuntu12.10x32 Ubuntu Quantal Quetzal 12.10 32bit base i... 0
chug/ubuntu12.10x64 Ubuntu Quantal Quetzal 12.10 64bit base i... 0
Download image
docker pull <image> : pull the image from the docker registry server
[root@localhost /]# docker pull chug/ubuntu12.10x64
View images
docker images: list images
docker images -a : list all images (including history)
docker images --tree : display all layers of
an image docker rmi <image ID>: delete one or more images
[root@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
chug/ubuntu12.10x64 latest 0b96c14dafcd 4 months ago 270.3 MB
[root@localhost /]# docker images -a
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
chug/ubuntu12.10x64 latest 0b96c14dafcd 4 months ago 270.3 MB
<none> <none> 31edfed3bb88 4 months ago 175.8 MB
[root@localhost /]# docker images --tree
Warning: '--tree' is deprecated, it will be removed soon. See usage.
└─31edfed3bb88 Virtual Size: 175.8 MB
└─0b96c14dafcd Virtual Size: 270.3 MB Tags: chug/ubuntu12.10x64:latest
[root@localhost /]# docker rmi <image ID> ....
Create a container from an image
[root@localhost /]# docker run chug/ubuntu12.10x64 /bin/echo hello world
hello world
Run interactively
[root@localhost /]# docker run -i -t chug/ubuntu12.10x64 /bin/bash
root@2161509ff65e:/#
View container
docker ps : list all currently running containers
docker ps -l : list the most recently started container
docker ps -a : list all containers (including history, that is, containers that have been run)
docker ps -q : List the container ID of the last run
[root@localhost /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ccf3de663dc9 chug/ubuntu12.10x64:latest /bin/bash 22 hours ago Up 22 hours sharp_hypatia
[root@localhost /]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f145f184647b chug/ubuntu12.10x64:latest /bin/bash 6 seconds ago Exited (0) 3 seconds ago compassionate_galileo
[root@localhost /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f145f184647b chug/ubuntu12.10x64:latest /bin/bash 30 seconds ago Exited (0) 26 seconds ago compassionate_galileo
f4624b42fe7e chug/ubuntu12.10x64:latest /bin/bash 2 minutes ago Exited (0) 2 minutes ago sharp_wilson
ccf3de663dc9 chug/ubuntu12.10x64:latest /bin/bash 22 hours ago Up 22 hours sharp_hypatia
9cbaa79b9703 chug/ubuntu12.10x64:latest /bin/bash 22 hours ago Exited (127) 36 minutes ago berserk_mcclintock
2161509ff65e chug/ubuntu12.10x64:latest /bin/bash 22 hours ago Exited (0) 22 hours ago backstabbing_mclean
[root@localhost /]# docker ps -q
ccf3de663dc9
Start the container again
docker start/stop/restart <container>: start/stop/restart the container
docker start [container_id]: run a container again (including historical containers)
docker attach [container_id]: connect a running container instance (ie The instance must be in the start state, and multiple windows can be attached to a container instance at the same time)
docker start -i <container> : start a container and enter interactive mode (equivalent to start first, in attach)
docker run -i -t <image> / bin/bash : use the image to create a container and enter the interactive mode, the login shell is /bin/bash
docker run -i -t -p <host_port:contain_port> : map the HOST port to the container to facilitate external access to services in the container, host_port can be omitted , omitted to map container_port to a dynamic port.
Note: Use start to start the container that has been created, and use run to open a new container through image.
delete container
docker rm <container...> : delete one or more containers
docker rm `docker ps -a -q` : delete all containers
docker ps -a -q | xargs docker rm : same as above,
6 Persistent Containers and Images
6.1 Generate new images through containers A
running image is called a container. You can make changes to the container (such as deleting a file), but these changes will not affect the image. However, you can turn a running container into a new image using the docker commit <container-id> <image-name> command.
docker commit <container> [repo:tag] solidifies a container into a new image, and the following repo:tag is optional.
[root@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
chug/ubuntu12.10x64 latest 0b96c14dafcd 4 months ago 270.3 MB
[root@localhost /]# docker commit d0fd23b8d3ac chug/ubuntu12.10x64_2
daa11948e23d970c18ad89c9e5d8972157fb6f0733f4742db04219b9bb6d063b
[root@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
chug/ubuntu12.10x64_2 latest daa11948e23d 6 seconds ago 270.3 MB
chug/ubuntu12.10x64 latest 0b96c14dafcd 4 months ago 270.3 MB
6.2 Persistent container
export command is used for persistent container
docker export <CONTAINER ID> > /tmp/export.tar
6.3 Persistent image
Save command is used to persist the image
docker save Image ID > /tmp/save.tar
6.4 Import persistent container and
delete container 2161509ff65e
Import export.tar file
[root@localhost /]# cat /tmp/export.tar | docker import - export:latest
af19a55ff0745fb0a68655392d6d7653c29460d22d916814208bbb9626183aaa
[root@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
export latest af19a55ff074 34 seconds ago 270.3 MB
chug/ubuntu12.10x64_2 latest daa11948e23d 20 minutes ago 270.3 MB
chug/ubuntu12.10x64 latest 0b96c14dafcd 4 months ago 270.3 MB
6.5 Import persistent image
delete image daa11948e23d
Import the save.tar file
[root@localhost /]# docker load < /tmp/save.tar
对image打tag
[root@localhost /]# docker tag daa11948e23d load:tag
6.6 The difference between export-import and save-load The image that is
exported and then imported (export-import) will lose all history, while the image that is saved and then loaded (save-load) will not lose history and layers. This means that by exporting and then importing, you cannot roll back to the previous layer. At the same time, by persisting the entire image by saving and then loading, you can roll back the layer. (You can execute docker tag <LAYER ID> <IMAGE NAME> to roll back the previous layer).
6.7 Some other commands
docker logs $CONTAINER_ID #View the running log of the docker instance to ensure normal operation
docker inspect $CONTAINER_ID #docker inspect <image|container> View the underlying information of the image or container
docker build <path> Find the Dockerfile named under the path config file, use this configuration to generate a new image
docker build -t repo[:tag] Same as above, you can specify repo and optional tag
docker build - < <dockerfile> Use the specified dockerfile configuration file, docker gets the content in stdin , use this configuration to generate a new image
docker port <container> <container port> Check which local port is mapped to the specified port of the container. In fact, you can also use docker ps to see
7 Some usage skills
7.1 Docker file storage directory
Docker actually stores all the Everything is placed in the /var/lib/docker path.
[root@localhost docker]# ls -F
containers/ devicemapper/ execdriver/ graph/ init/ linkgraph.db repositories-devicemapper volumes/
The containers directory is of course the container, the graph directory stores the image, and the file system layer is stored in the graph/imageid/layer path, so that we can see what is in the file layer. The hierarchical structure can clearly see how the file layers are stacked on top of each other.
7.2 Viewing the root password
The root user's password is randomly assigned when the docker container starts. So, in this way, you can get the password of the root user of the container.
docker logs 5817938c3f6e 2>&1 | grep 'User: ' | tail -n1
**************************************************** ****************************************
Please indicate the original address for reprinting: http://www .server110.com/docker/201411/11105.html