docker deployment scheme
1. Engine introduction
1.1 Difference between docker and virtual machine
The process in the container runs in the host kernel, which is the same as the host process, except that the user space of the container is different, which is provided by the container image, that is, the image provides rootfs. The docker container is just a process, which uses the rootfs provided by the image to provide the library support of the user space required for the call, so that the process is carried out in a controlled environment.
1.2 image Mirror image
An image is a lightweight, executable, stand-alone software package that contains everything needed to run a piece of software, including code, runtime, libraries, environment variables, and configuration files. The image adopts a hierarchical storage structure,
1.3 container container
A container is an instance of an image running. Containers run applications natively on the host kernel. Each container runs in an independent process, taking up no more memory than any other executable.
1.4 docker swarm
Swarm is an officially designated cluster management tool. It can convert a system composed of multiple docker hosts into a single virtual docker host, so that containers can form a subnet network across hosts.
1.5 docker compose
Compose is a tool for orchestrating multi-container distributed deployments, providing a command set to manage the complete development cycle of containerized applications, including service build, start, and stop.
1.6 docker machine
DockerMachine is an official management tool that supports remote management of docker containers.
2. Installation and deployment
2.1 Environment configuration
Docker currently mainly has CE Community Edition and EE Enterprise Edition. Currently using the CE version, the old version of docker is called docker or docker-engine. If they are already installed, uninstall their related dependencies first.
yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engineDocker-ce officially recommends setting up the docker repository for installation, which is conducive to future upgrades.
2.2 Repository Installation
1. Install the required packages. yum-utils provides the yum-config-manager utility, and device-mapper-persistent-data and lvm2 are required by the devicemapper storage driver.
Excuting an order:
yum install -yyum-utils \
device-mapper-persistent-data \ lvm22. Set up a stable repository. The official website installation version adopts the official source. It is recommended to use the domestic source Ali source.
Official source: https://download.docker.com/linux/centos/docker-ce.repo
Ali source: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Excuting an order:
yum-config-manager \ --add-repo\ https://download.docker.com/linux/centos/docker-ce.repo3. The installation requires a version of docker-ce. There are currently multiple versions. Install the corresponding stable version according to the actual needs of your project.
This deployment installs version 17.09.1.ce-1.e17.centos.
yum install docker-ce-<VERSION STRING> yum install docker-ce-17.09.1.ce
4. Set boot up
systemctl enable docker5. Start docker and test the hello-world image
systemctl start dockerIf it fails, check /etc/docker/daemon.json and add {"storage-driver":"devicemapper"}
docker run hello-world2.3 Configuring the accelerator
1. The dockerpull image requires an accelerator, and currently free and registration-free sources are available.
Docker official China image acceleration: https://registry.docker-cn.com
Mirror acceleration of the University of Science and Technology of China: https://docker.mirrors.ustc.edu.cn
2.centos7 acceleration configuration
systemctl enable docker
vi /etc/systemd/system/multi-user.target.wants/docker.service
3. Save and exit, restart to load the configuration and start the service
systemctl daemon-reload systemctl restart docker4. The devicemapper is used for storage when centos is deployed. It is not recommended to use the type of loopback storage.
dockerinfo will generate a warning alert.
The centos environment adopts loop-lvm mode by default, and direct-lvm is recommended for the production environment.
For configuration, please refer to: https://blog.csdn.net/bobpen/article/details/68924208
2.4 Security Configuration
1. The docker server needs to configure the TLS security configuration when binding the port.
使用 -H tcp://... 需要配置--tlsverify权限或者使用docker-machine进行宿主管理,会自动创建证书配置TLS
2.5 docker-compose installation
1. docker-compose is a tool responsible for the rapid installation and deployment of docker container clusters. By configuring the docker-compose.yml file, a group of associated application containers is defined as a project. There are two important concepts in compose: ① Service: An application container can contain several container instances of the same image. ②Project: A complete business unit consisting of a set of associated application containers, defined by the docker-compose.yml file.
2. Compose supports python pip installation, you can also download the compiled binary files directly, or you can run them in a docker container. The first two traditional installation methods are suitable for installation and use in the local environment; the docker installation does not damage the system environment and is suitable for cloud computing scenarios.
Binary package installation:
curl -L https://github.com/docker/compose/releases/download/1.17.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-composeThis deployment download version 1.17.1 with docker-ce-17.09.1
pip install:
pip install -U docker-compose3. Use the tutorial
3.1 container container
When building a docker application, the container is the lowest level in the docker hierarchy. The next level up is services. The highest level is the stack, which defines the interaction of all services.
Getting Started Tutorial: https://www.dubby.cn/detail.html?id=8734
3.2 service service
In distributed applications, different parts of the application are called services. In docker, a service is actually a container in an application. "A service runs only one mirror, but it orchestrates how the mirror runs -- using that port, how many replicas (replicas, that is, multiple instances) are needed to meet the needs, etc." Scaling a service is changing the number of containers running for that service. Use docker-compose.ymlk to configure management.
Getting Started Tutorial: https://www.dubby.cn/detail.html?id=8735
3.3 swarm cluster
dokcer swarm: cluster management, subcommands include init, join, join-token, leave, update
dockernode: Node management, subcommands include demo, inspect, ls, promote, rm, ps, update
dockerservice: service management, subcommands include create, inspect, ps, ls, rm, scale, update
dockerstack: Orchestrate a group of related servers for unified management
Getting Started Tutorial: https://www.dubby.cn/detail.html?id=8738
3.4 stack stack
A stack is a combination of related services that can be orchestrated and managed together. Deploy multiple services through a cluster
Getting Started Tutorial: https://www.dubby.cn/detail.html?id=8739
4. Common commands
4.1 Container Lifecycle Management
docker [run|start|stop|restart|kill|rm|pause|unpause]docker run executes a command in a new container
docker start starts one or more stopped containers
docker stop stops a running container
docker restart restarts a running container
docker kill kills a running container
docker rm removes one or more containers
docker pause pauses all processes of a container
docker unpaunse restores all processes of a container
4.2 Container operation and maintenance
docker [ps|inspect|top|attach|events|logs|wait|export|port]dockerps list containers
dockerinspect lists low-level information about a container or image
dockertop shows the processes running in a container
dockerattach attaches a running container
dockerevents get real-time events from services
dockerlog Get the log of a container
dockerwait blocks until a container stops, then prints its exit code
dockerexport exports a container's filesystem as a tar file
dockerport lists the ports mapped by the container
4.3 Container rootfs command
docker [commit|cp|diff]dockercommit creates a new image from a container
dockercp copies a file or directory from a container to a local directory or stdout
dockerdiff shows changes to a container's filesystem
4.4 Mirror warehouse
docker [login|pull|push|search]dockerlogin to log in to the warehouse
dockerpull pull the image
dockerpush push image
dockersearch searches for images
4.5 Local image management
docker [image|rmi|tag|build|history|save|import|load]dockerimages List local images
dockerrmi delete the local image
dockertag tags local images
dockerbuild builds a local image through Dockerfile
dockerhistroy lists the history of the image
dockersave saves the local image as a tar file
dockerimport imports images through tar
dockerload loads the tar image
4.6 Other commands
docker [info|version]5. Data summary
References:
1.Docker official documentation:
https://docs.docker.com
2. Docker17.09 official document Chinese version:
https://legacy.gitbook.com/book/octowhale/docker-doc-cn/details
3. Dubby's docker introductory six-part series:
https://www.dubby.cn/detail.html?id=8733
4. Docker Q&A:
https://blog.lab99.org/post/docker-2016-07-14-faq.html#an-zhuang-pei-zhi-wen-ti-8