docker data management - image creation - dockerfile narrative and examples

1. Docker data management

There are two main ways to manage data in Docker containers: Data Volumes and DataVolumes Containers

1. Data volume

• A data volume is a special directory used by containers, located within the container. The directory of the host machine can be mounted on the data volume, and the modification operation on the data volume can be seen immediately, and updating the data will not affect the image, so as to realize the migration of data between the host machine and the container. The use of data volumes is similar to the mount operation on directories under Linux

[root@nginx1 /]# docker pull centos:7

#宿主机目录/var/www 挂载到容器中的/data1.
#注意:宿主机本地目录的路径必须是使用绝对路径。如果路径不存在，Docker会自动创建相应的路径
#-v选项可以在容器内创建数据卷
[root@nginx1 /]# docker run -v /var/www:/data1 --name q1 -it centos:7 /bin/bash

[root@8bb657af6fad /]# ls        #就可以看到data1的目录了
[root@8bb657af6fad data1]# echo "this is web1" > /data1/abc.txt
[root@8bb657af6fad data1]# pwd
/data1
[root@8bb657af6fad data1]# cat abc.txt 
this is web1

#返回宿主机进行查看
[root@nginx1 /]# cat /var/www/abc.txt 
this is web1

2. Data volume container

• If you need to share some data between containers, the easiest way is to use a data volume container. The data volume container is an ordinary container that provides data volumes for other containers to mount and use

#创建一个容器作为数据卷容器
[root@nginx1 /]# docker run --name q2 -v /data1 -v /data2 -it centos:7 /bin/bash
[root@20e8a0e4971a /]# echo "TEIS IS WEB2" > /data2/ABC.txt
[root@20e8a0e4971a /]# echo "this is web2" > /data1/abc.txt

#使用--volumes-from来挂载q2容器中的数据卷到新的容器
[root@nginx1 /]# docker run -it --volumes-from q2 --name web3 centos:7 /bin/bash

[root@c065d5aff916 /]# cat /data1/abc.txt 
this is web2
[root@c065d5aff916 /]# cat /data2/ABC.txt 
TEIS IS WEB2

2. Container interconnection (using centos image)

• Container interconnection is to establish a dedicated network communication tunnel between containers through container names. To put it simply, a tunnel will be established between the source container and the receiving container, and the receiving container can see the information specified by the source container

#创建并运行源容器取名web1
[root@localhost ~]# docker run -itd -P --name web1 centos:7 /bin/bash

#创建并运行接收容器取名web2，使用--1ink选项指定连接容器以实现容器互联
 #--link容器名:连接的别名
 [root@localhost ~]# docker run -itd -P --name web2 --link web1:web1 centos:7 /bin/bash

#进web2容器，ping web1
[root@localhost ~]# docker exec -it web2 bash
[root@01b098e3885b /]# ping web1

#使用 inspect 可以查看容器的详细信息，用grep 查看容器互联状态，-C(大写)查看上下几行的内容
[root@localhost ~]# docker inspect 01b098e3885b |grep -C 3 "Link"
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": [ 
                "/web1:/web2/web1"   #容器互联状态
            ],
            "OomScoreAdj": 0,

3. Creation of Docker image

• There are three ways to create a mirror, which are based on an existing mirror, based on a local template, and based on a Dockerfile.

1. Create based on an existing image

#1.首先启动一个镜像，在容器里做修改
[root@localhost ~]# docker create -it centos:7 /bin/bash

[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED          STATUS          PORTS     NAMES
98a751bdbbe6   centos:7   "/bin/bash"   2 minutes ago    Created                   admiring_nash


#2.然后将修改后的容器提交为新的镜像，需要使用该容器的ID号创建新镜像
#常用选项:
-m说明信息;
-a作者信息;
-p生成过程中停止容器的运行

[root@localhost ~]# docker commit -m "new" -a "centos" 98a751bdbbe6 centos:test

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED             SIZE
centos       test      a87adee0ecdd   52 seconds ago      204MB

2. Create based on local template

通过导入操作系统模板文件可以生成镜像，模板可以从OPENVZ开源项目下载，下 载地址为
http://openvz.org/Download/template/precreated

wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz

#导入为镜像
[root@localhost ~]# cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
debian       test      75ee072a1992   28 seconds ago   215MB

3. Created based on Dockerfile

1. Union File System (UnionFS)

• UnionFS (Union File System): The Union File System (UnionFS) is a layered, lightweight and high-performance file system, which supports the modification of the file system as a single submission to superimpose layer by layer, while different The directory is mounted under the same virtual file system. AUFS, OberlayFS and Devicemapper are a kind of UnionFS

• The Union filesystem is the basis for Docker images. Images can be inherited by layering. Based on the base image (no parent image), various specific application images can be made

• Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen, joint loading will superimpose the file systems of each layer, so that the final file system will contain all the underlying files and directories

• What we see when we download is the joint file system

2. Image loading principle

• Docker's image is actually composed of layer-by-layer file systems, and this layer of file systems is UnionFS
• Bootfs mainly includes bootloader and kernel. The bootloader is mainly to bootload the kernel. When Linux starts, it will load the bootfs file system (bootfs bootloads the host kernel, so all mirrored running containers share the host kernel)
• At the bottom of the Docker image is bootfs, which is the same as our typical Linux/Unix system, including the boot loader and kernel. When the boot loading is complete, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel. At this time, the system will also unload the bootfs.
• rootfs, on top of bootfs. It contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. rootfs is a variety of different operating system distributions, such as Ubuntu, Centos, etc.
• We can understand that there is nothing in the kernel at the beginning, and a command is used to download debian, and a base image will be added to the kernel at this time; and then an emacs will be installed, and an image will be superimposed on the base image; and then another one will be installed Apache will add another layer of image on top of images. In the end they look like a filesystem i.e. the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, at this time, each layer of rootfs is read-only, and we cannot operate it at this time. When we create a container, that is, instantiate the Docker image, the system will allocate an empty read-write rootfs on top of one or more layers of read-only rootfs

3. Why is the size of centos in Docker only 200M

Because for a streamlined OS, the rootfs can be very small, and only needs to include the most basic commands, tools, and program libraries. Because the underlying layer directly uses the kernel of the host machine, you only need to provide the rootfs. It can be seen that for different linux distributions, the bootfs is basically the same, but the rootfs will be different, so different distributions can share bootfs
4. Dockerfile

• The Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required by the container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc. ). The image does not contain any dynamic data, and its content will not be changed after the build
• The customization of the image is actually to customize the configuration and files added by each layer. If we can write each layer of modification, installation, construction, and operation commands into a script and use this script to build and customize the image, then the problems of transparency and volume of image construction will be solved. This script is the Dockerfile
• Dockerfile is a text file, which contains a series of instructions (Instruction), each instruction builds a layer, so the content of each instruction is to describe how the layer should be built. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on the Dockerfile. and regenerate the image, saving the trouble of typing commands
• In addition to manually generating Docker images, you can use Dockerfile to automatically generate images. Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux, and the Docker program will read the instructions in the Dockerfile to generate a specified image
• The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions, and execution instructions when the container starts. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports the use of comments starting with "#"

4. Layering of Docker image structure

• An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image, and any file changes made in the running container will be written to this read-write layer. If the container is deleted, its top read-write layer is also deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of mirroring and the container layer of the readable and writable layer
• (1) Each instruction in the Dockerfile creates a new image layer
• (2) The mirror layer will be cached and reused
• (3) When the instructions of the Dockerfile are modified, the copied file changes, or the variables specified when building the image are different, the corresponding image layer cache will become invalid
• (4) If the mirror cache of a certain layer is invalid, the cache of the mirror layer after it will be invalid
• (5) The image layer is immutable. If you add a file in one layer and then delete it in the next layer, the file will still be included in the image, but the file will not be visible in the Docker container.

5. Commands commonly used in Dockerfile operations

• Detailed command

1. FROM image

• Specifies the base image on which the new image is based. The first instruction must be a FROM instruction, and a FROM instruction is required for each image created

2. MAINTAINER name

• Indicates the maintainer information of the new image (writable or not)

3. RUN command

• Execute commands on the base image and commit to the new image

4.ENTRYPOINT ["program to run", "parameter 1", "parameter 2"]

• Set the first command to run when the container starts and its parameters
• The content of the ENTRYPOINT instruction in the image can be overridden by using the command docker run -–entrypoint

5.CMD ["program to run", "parameter 1", "parameter 2"]

上面的是exec形式， shell形式: CMD  命令  参数1  参数2

• The command or script executed by default when starting the container, Dockerfile can only have one CMD command. If multiple commands are specified, only the last command is executed.
• If a command is specified during dockerrun or there is ENTRYPOINT in the image, cmd will be overwritten.
  CMD can provide default parameters for the ENTRYPOINT command.

ENTRYPOINT ["echo"]
CMD ["test2"]

6. EXPOSE port number

• Specify the port to open when the new image is loaded into Docker

7. ENV environment variable variable value

• Set the value of an environment variable, which will be used by subsequent RUN

8.ADD source file/directory target file/directory

• Copy the source file to the mirror, the source file should be located in the same directory as the Dockerfile, or a URL
  with the following precautions:

**1. **If the source path is a file and the target path ends with /, docker will treat the target path as a directory and copy the source file to this directory

• If the target path does not exist, the target path will be created automatically

**2. **If the source path is a file and the target path ends with /, docker will treat the target path as a file

• If the target path does not exist, a file will be created with the name of the target path, with the same content as the source file
• If the target file is an existing file, it will be overwritten with the source file, of course only the content is covered, and the file name is still the target file name
• If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is better to end the display with / to avoid confusion

**3. **If the source path is a directory and the target path does not exist, docker will automatically create a directory with the target path and copy the files in the source path directory

• If the target path is an existing directory, docker will copy the files in the source path directory to this directory

**4. **If the source file is an archive file (compressed file), docker will automatically decompress it

• URL" download and decompression features cannot be used together. Any compressed file copied by URI will not be automatically decompressed

9.COPY source file/directory target file/directory

• Only copy the files/directories on the local host to the target location, the source files/directories should be in the same directory as the Dockerfile

10. VOLUME ["directory"]

• Create a mount point in the container.

11. USER username/UID

• Specify the user when running the container

12. WORKDIR path

• Specify the working directory for subsequent RUN, CMD, ENTRYPOINT

13. ONBUILD command

• Specifies the command to run when the generated image is used as a base image
• When adding _ to the ONBUILD instruction in a Dockerfile, the instruction will not have a substantial impact on using the Dockerfile to build a mirror (for example, A mirror)
• But when writing a new Dockerfile to build a mirror based on the A mirror (such as a B mirror), the ONBUILD instruction in the Dockerfile for constructing the A mirror will take effect at this time. In the process of building the B mirror, it will first execute 0NBUILD instruction specified instruction, and then other instructions will be executed

Note: If you use another dockerfile, please read it carefully, otherwise you will pay for it yourself

14.HEALTHCHECK

• health examination

The difference between CMD and entrypoint

They are all commands to be loaded when the container starts.
First, let’s talk about the difference between exec and shell.

• exec: The first task process started when the container is loaded

• shell: The first bash used when the container is loaded (/bin/bash /bin/sh /bin/init)

• If the entrypoint uses shell mode, the CMD command will be ignored.

• If the entrypoint uses the exec mode, the content specified by CMD is appended as the parameter of the command specified by the entrypoint.

• If entrypoint uses exec mode, CMD should also use exec mode.

• cmd is the command loaded by default when the container environment starts

• entrypoint is the first command program/script program init loaded when the container environment starts

The difference between ADD and copy

Both the COPY instruction and the ADD instruction in the Dockerfile can copy or add the resources on the host to the container image, and both are completed during the process of building the image.

• copy can only be used for copying (saving resources)

• While ADD is copying, if the copied object is a compressed package, ADD can also decompress (consume resources)

• The only difference between the COPY command and the ADD command is whether it supports resource acquisition from a remote URL. The COPY command can only read resources from the host where the docker build is executed and copy them to the image. The ADD command also supports reading resources from a remote server through a URL and copying them to the mirror

simply put:

COPY can only read resources from the host and copy them to the mirror

ADD can fetch resources from the remote server through the URL and copy them to the mirror

• It is recommended to use the COPY command if the same function is satisfied. The ADD command is better at reading local tar files and decompressing them

6. Dockerfile case

When writing a Dockerfile, there is a strict format to follow:

• The first line must use the FROM directive to indicate the name of the image it is based on
• Then use the MAINTAINER command to describe the user information for maintaining the image
• Then there are instructions related to mirroring operations, such as the RUN instruction. Every time an instruction is run, a new layer is added to the base image
• Finally, use the CMD command to specify the command operation to be run when the container is started

#建立工作目录
[root@localhost apache]# mkdir /opt/apache
[root@localhost apache]# cd /opt/apache/
[root@localhost apache]# vim Dockerfile

[root@localhost apache]# vim Dockerfil
#基于的基础镜像
FROM centos:7
#维护镜像的用户信息
MAINTAINER this is apache image <bxh>
#镜像操作指令安装apache软件
RUN yum -y update
RUN yum -y install httpd
#开启80端口
EXPOSE 80
#复制网站首页文件
ADD index.html /var/www/html/index.html
#将脚本复制到镜像中                         #方法一
ENTRYPOINT [ "/usr/sbin/apachectl" ]
CMD ["-D", "FOREGROUND"]    #-D 指定为前台运行

——————————————————————————————————————————————————————————————————————————————————-————————
//方法二：
#将执行脚本复制到镜像中
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#启动容器时执行脚本
CMD ["/run.sh"]

//准备执行脚本
vim run.sh
#!/bin/bash
rm -rf /run/httpd/*                        #清理httpd的缓存
exec /usr/sbin/apachectl -D FOREGROUND     #指定为前台运行
#因为Docker容器仅在它的1号进程(PID为1)运行时，会保持运行。如果1号进程退出了，Docker容 器也就退出了
——————————————————————————————————————————————————————————————————————————————————————————————————


#准备网站页面
[root@localhost apache]# echo "this is test web" > index.html

#生成镜像
[root@localhost apache]# docker build -t httpd:centos7 .      #注意别忘了末尾有"."

#新镜像运行容器
[root@localhost apache]# docker run -d -p 1007:80 httpd:centos7 

#外主机测试
http://192.168.113.127:1007

########如果有网络报错提示########
[Warning] IPv4 forwarding is disabled. Networking will not work.
解决方法:
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -P
systemctl restart network
systemct1 restart docker