Docker commands; Docker process-related commands; Docker image-related commands; Docker container data volumes; Docker application deployment cases; Dockerfile; Docker private warehouse construction; notes
Table of contents
Docker process related commands
Docker container related commands
Configure data volume container
Docker deployment MySQL5.6 example
Mirror upload private warehouse
Pull mirror from private warehouse
Initial Docker
Docker is an open source application container engine
Born in early 2013, based on the Go language implementation, produced by dotCloud (later renamed Docker Inc)
Docker allows developers to package their applications and dependencies into a lightweight, portable container, and then distribute it to any popular Linux machine.
Containers are completely isolated from each other using the sandbox mechanism
Container performance overhead is extremely low.
Docker has been divided into CE (Community Edition: Community Edition) and EE (Enterprise Edition: Enterprise Edition) since version 17.03.
The code we write will touch several environments: development environment, test environment and production environment:
Install Docker
Docker can run on MAC, Windows, CentOS, UBUNTU and other operating systems. This course installs Docker based on CentOS 7.
Official website: https://www.docker.com
# 1、yum 包更新到最新
yum update
# 2、安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的
yum install -y yum-utils device-mapper-persistent-data lvm2
# 3、 设置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 4、 安装docker,出现输入的界面都按 y
yum install -y docker-ce
# 5、 查看docker版本,验证是否验证成功
docker -v
Docker architecture
Image: A Docker image is equivalent to a root file system. For example, the official image ubuntu:16.04 contains a complete set of root file system of Ubuntu16.04 minimal system.
Container: The relationship between image and container is like classes and objects in object-oriented programming. Mirror is a static definition, and container is an entity when mirroring is running. Containers can be created, started, stopped, deleted, paused, etc.
Repository: The repository can be regarded as a code control center for storing images.
By default, the docker image will be downloaded from the docker hub (https://hub.docker.com/) in the future, which is too slow. Generally, mirror accelerators are configured:
USTC: USTC Mirror Accelerator (https://docker.mirrors.ustc.edu.cn)
Docker command
Docker process related commands
Start the docker service:
systemctl start docker
Stop the docker service:
systemctl stop docker
Restart the docker service:
systemctl restart docker
View docker service status:
systemctl status docker
Set up to start the docker service:
systemctl enable docker
Docker image related commands
View Mirror: View all local mirrors
docker images
docker images –q # 查看所用镜像的id
Search mirror: Find the desired mirror from the network
docker search 镜像名称
Pull image: download the image from the Docker warehouse to the local, the format of the image name is name:version number, if the version number is not specified, it is the latest version.
If you don't know the image version, you can go to the docker hub to search for the corresponding image.
docker pull 镜像名称
Delete mirror: delete local mirror
docker rmi 镜像id # 删除指定本地镜像
docker rmi `docker images -q` # 删除所有本地镜像
Docker container related commands
view container
docker ps # 查看正在运行的容器
docker ps –a # 查看所有容器
Create and start the container
docker run 参数
参数说明:
-i:保持容器运行。通常与 -t 同时使用。加入it这两个参数后,容器创建后自动进入容器中,退出容器后,容器自动关闭。
-t:为容器重新分配一个伪输入终端,通常与 -i 同时使用。
-d:以守护(后台)模式运行容器。创建一个容器在后台运行,需要使用docker exec 进入容器。退出后,容器不会关闭。
-it 创建的容器一般称为交互式容器,-id 创建的容器一般称为守护式容器
--name:为创建的容器命名。
into the container
docker exec 参数 # 退出容器,容器不会关闭
stop container
docker stop 容器名称
Start the container
docker start 容器名称
Delete container: If the container is running, the deletion fails, and the container needs to be stopped to delete
docker rm 容器名称
View container information
docker inspect 容器名称
Docker container data volume
data volume
A data volume is a directory or file on the host
When the container directory and the data volume directory are bound, the modification of the other party will be synchronized immediately
A data volume can be mounted by multiple containers at the same time
A container can also be mounted with multiple data volumes
The role of the data volume:
Container Data Persistence
External machine and container indirect communication
Data exchange between containers
Configure data volume
When creating a startup container, use the –v parameter to set the data volume
docker run –it --name=c3 –v /volume centos:7 /bin/bash
docker run ... –v 宿主机目录(文件):容器内目录(文件) ...
Precautions:
1. The directory must be an absolute path
2. If the directory does not exist, it will be created automatically
3. Multiple data volumes can be mounted
data volume container
Multiple containers for data exchange
1. Multiple containers mount the same data volume
2. Data volume container
Configure data volume container
Create and start the c3 data volume container, use the –v parameter to set the data volume
docker run –it --name=c3 –v /volume centos:7 /bin/bash
Create and start the c1 c2 container, use the –-volumes-from parameter to set the data volume
docker run –it --name=c1 --volumes-from c3 centos:7 /bin/bash
docker run –it --name=c2 --volumes-from c3 centos:7 /bin/bash
Data volume concept
A directory or file on the host
Data volume role
Container Data Persistence
Client and container data exchange
Data exchange between containers
data volume container
Create a container, mount a directory, and have other containers inherit from it ( --volumes-from ).
Implement data volume configuration in a simple way
Docker application deployment
Docker container link
Network services inside containers cannot communicate directly with external machines
The external machine and the host can communicate directly
Host and container can communicate directly
When the network service in the container needs to be accessed by an external machine, the port providing the service in the container can be mapped to the port of the host machine. The external machine accesses the port of the host machine, thereby indirectly accessing the service of the container.
This operation is called: port mapping
Container establishment link command:
docker run -id -p 3307:3306 ...
Docker deployment MySQL5.6 example
Search mysql mirror
docker search mysql
Pull mysql image
docker pull mysql:5.6
Create a container, set port mapping, directory mapping
# 在/root目录下创建mysql目录用于存储mysql数据信息
mkdir ~/mysql
cd ~/mysql
docker run -id \
-p 3307:3306 \
--name=c_mysql \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/logs:/logs \
-v $PWD/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
mysql:5.6
Parameter Description:
- **-p 3307:3306**:将容器的 3306 端口映射到宿主机的 3307 端口。
- **-v $PWD/conf:/etc/mysql/conf.d**:将主机当前目录下的 conf/my.cnf 挂载到容器的 /etc/mysql/my.cnf。配置目录
- **-v $PWD/logs:/logs**:将主机当前目录下的 logs 目录挂载到容器的 /logs。日志目录
- **-v $PWD/data:/var/lib/mysql** :将主机当前目录下的data目录挂载到容器的 /var/lib/mysql 。数据目录
- **-e MYSQL_ROOT_PASSWORD=123456:**初始化 root 用户的密码。
Enter the container and operate mysql
docker exec –it c_mysql /bin/bash
Open port 3307 in the host (self-examination of the opening method)
Use an external machine to connect to mysql in the container
Dockerfile
Docker image principle
What is the essence of a Docker image?
Why is a centos image in Docker only 200MB, but how many gigabytes is the iso file of a centos operating system?
Why does a tomcat image in Docker have 500MB, while a tomcat installation package is only more than 70MB?
Operating system components:
Process Scheduling Subsystem
Process Communication Subsystem
memory management subsystem
Device Management Subsystem
file management subsystem
Network Communication Subsystem
Job Control Subsystem
The Linux file system consists of two parts: bootfs and rootfs
bootfs: contains bootloader (boot loader) and kernel (kernel)
rootfs: root file system, which contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system
For different linux distributions, the bootfs is basically the same, but the rootfs is different, such as ubuntu, centos, etc.
The Docker image is superimposed by a special file system
The bottom is bootfs, and use the host's bootfs
The second layer is the root file system rootfs, called base image
Then you can superimpose other mirror files on top
The Unified File System (Union File System) technology can integrate different layers into a file system, providing a unified perspective for these layers, thus hiding the existence of multiple layers. From the user's point of view, there is only one file system.
A mirror can be placed on top of another mirror. The image below is called the parent image, and the bottommost image becomes the base image.
When starting a container from an image, Docker mounts a read-write filesystem at the top as the container
What is the essence of a Docker image?
is a hierarchical file system
Why is a centos image in Docker only 200MB, but how many gigabytes is the iso file of a centos operating system?
The iso image file of Centos contains bootfs and rootfs, while the centos image of docker reuses the bootfs of the operating system, only rootfs and other image layers
Why does a tomcat image in Docker have 500MB, while a tomcat installation package is only more than 70MB?
Because the image in docker is layered, although tomcat is only more than 70 MB, it needs to rely on the parent image and the base image, and the size of all exposed tomcat images is more than 500 MB
mirror image
How to create a Docker image?
1-container to image
docker commit 容器id 镜像名称:版本号
docker save -o 压缩文件名称 镜像名称:版本号
docker load –i 压缩文件名称
Docker commit is generally used to create a new image from a running container. Custom images should be done using a Dockerfile .
The disadvantages of using this method are: 1. It cannot be explained to the outside world, and it is inconvenient to troubleshoot problems. 2. Poor maintainability and poor readability.
2-Dockerfile make image
A Dockerfile is a script composed of a series of instructions and parameters, and a Dockerfile contains the complete command to build the entire image. via docker
List item build Executes a series of instructions in the Dockerfile to automatically build the image.
The following are the meanings of some commonly used fields in Dockerfile:
Dockerfile is a text file
Contains a line of instructions
Each instruction builds a layer, based on the base image, and finally builds a new image
For developers: can provide a completely consistent development environment for the development team
For testers: You can directly take the image built during development or build a new image through the Dockerfile file to start working
For operation and maintenance personnel: during deployment, seamless migration of applications can be achieved
Dochub URL: https://hub.docker.com
Dockerfile building centos8 image example
The problem of the centos image pulled, no vim, no net-tools (ifconfig).
Next, create a Centos image by writing a Dockerfile, and add vim and net-tools tools on the basis of the official image. First create a new file Dockerfile in the /home/dockfile directory. Then write the file using the above directives.
FROM centos:centos8
MAINTAINER bertwu <@zhangbohan>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim net-tools
EXPOSE 80
CMD /bin/bash
Explain the instructions of the Dockerfile line by line:
FROM centos:centos8 该image文件继承官方的centos8
ENV MYPATH /usr/local:设置环境变量MYPATH
WORKDIR $MYPATH:直接使用上面设置的环境变量,指定/usr/local为工作目录
RUN yum -y install vim net-tools:在/usr/local目录下,运行yum -y install vim和yum -y install net-tools命令安装工具,注意安装后的所有依赖和工具都会打包到image文件中
EXPOSE 80:将容器80端口暴露出来,允许外部连接这个端口
CMD:指定容器启动的时候运行命令
Execute the build command below to generate an image file. If the execution is successful, you can view the newly generated image file through docker images.
docker build . -t mycentos:1.0
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 1.0 e0316e2ed3a5 About a minute ago 409MB
You can use the docker history image id to view the image building process .
Note: If the yum download fails add the following
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
✨The error message above means that downloading metadata from repository 'appstream' failed: Could not prepare internal mirror list because there is no URL in the mirror list.
�Problem analysis:
✨The first possibility is a network connection problem. Check whether you can connect to the external network, you can use ping baidu.com to see if there is any packet loss. If there is packet loss, further check whether the network connection is normal; if there is no packet loss, continue reading below
✨The second situation is that CentOS has stopped maintenance. On December 8, 2020, CentOS officially announced its plan to stop maintaining CentOS Linux, and launched the CentOS Stream project. CentOS Linux 8, as a replica of RHEL 8, has a shortened life cycle. Updates will be stopped on December 31, 2021. End of maintenance (EOL), more information can be found in the official announcement of CentOS. If you need to update CentOS, you need to change the mirror from mirror.centos.org to vault.centos.org
#首先,进入到yum的repos目录
RUN cd /etc/yum.repos.d/
#其次,修改centos文件内容
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
#然后,生成缓存更新(第一次更新,速度稍微有点慢,耐心等待两分钟左右)
RUN yum makecache
#最后,运行yum update并重新安装vim
RUN yum update -y
Dockerfile keywords
keywords |
effect |
Remark |
FROM |
Specify the parent image |
Specifies that the dockerfile is based on which image to build |
MAINTAINER |
author information |
Used to indicate who wrote this dockerfile |
LABEL |
Label |
The label used to mark the dockerfile can use Label instead of Maintainer, which can be viewed in the basic information of docker image |
RUN |
Excuting an order |
The default format for executing a command is /bin/sh: RUN command or RUN ["command", "param1","param2"] |
CMD |
container start command |
Provide the default command when starting the container and use it with ENTRYPOINT. The format is CMD command param1 param2 or CMD ["command" , "param1","param2"] |
ENTRYPOINT |
Entrance |
Generally, it will be used in the production of some containers that are executed and closed |
COPY |
copy files |
Copy files to image during build |
ADD |
add files |
Adding files to the image during build is not limited to the current build context and can come from remote services |
ENV |
environment variable |
When specifying the environment variable for build, the format ENV name=value can be overridden by -e when starting the container |
ARG |
build parameters |
Build parameters are only parameters used during construction. If there is ENV, the value of the same name of ENV always overrides the parameter of arg |
VOLUME |
Define data volumes that can be mounted externally |
Specify the directories of the image of the build to be mounted to the file system when starting the container. Use -v binding format VOLUME ["directory"] when starting the container |
EXPOSE |
exposed port |
Define the port to monitor when the container is running Use -p to bind the exposed port when starting the container Format: EXPOSE 8080 or EXPOSE 8080/udp |
WORKDIR |
Work list |
Specify the working directory inside the container. If it is not created, it will be created automatically. If / is specified, use an absolute address. If it does not start with /, then it is a relative path to the path of the previous workdir. |
USER |
Specify the execution user |
Specify the user when the user executes RUN CMD ENTRYPONT when building or starting |
HEALTHCHECK |
health examination |
The command to specify the health monitoring of the current container is basically useless because many times the application itself has a health monitoring mechanism |
ONBUILD |
trigger |
When there is an image with the ONBUILD keyword as the base image, the ONBUILD command will be executed after the execution of FROM is completed, but it does not affect the current image and is not very useful. |
STOP SIGNAL |
Send a semaphore to the host |
The STOPSIGNAL directive sets the syscall signal that will be sent to the container to exit. |
SHELL |
Specify the shell to execute the script |
Specify the shell used when RUN CMD ENTRYPOINT executes the command |
Docker private repository
Docker's official Docker hub (https://hub.docker.com) is a warehouse for managing public images. We can pull images from it to the local, or push our own images to it. However, sometimes our server cannot access the Internet, or you don't want to put your own image on the public network, then we need to build our own private warehouse to store and manage our own image.
Build a private warehouse
# 1. Pull the private warehouse image
docker pull registry
# 2. Start the private warehouse container
docker run -id --name=registry -p 5000:5000 registry
# 3. Open the browser and enter the address http://private warehouse server ip:5000/v2/_catalog, and see {"repositories":[]}, indicating that the private warehouse was built successfully
# 4. Modify daemon.json if there is no one, create it
vim /etc/docker/daemon.json
# Add a key to the above file, save and exit. This step is used to let docker trust the private warehouse address; pay attention to modify the private warehouse server ip to the real ip of your own private warehouse server
{"insecure-registries":["私有仓库服务器ip:5000"]}
# 5. Restart the docker service
systemctl restart docker
docker start registry
Mirror upload private warehouse
# 1. Mark the image as the image of the private warehouse
docker tag centos:7 私有仓库服务器IP:5000/centos:7
# 2. Upload the marked image
docker push 私有仓库服务器IP:5000/centos:7
Pull mirror from private warehouse
#Pull image
docker pull 私有仓库服务器ip:5000/centos:7
Docker summary
Docker container virtualization compared with traditional virtual machines
Containers are the packaging of software into standardized units for development, delivery, and deployment.
Container images are lightweight, executable, self-contained software packages that contain everything software needs to run: code, runtime environment, system tools, system libraries, and settings.
Containerized software works consistently in any environment.
Containers give software independence from differences in its external environment, helping to reduce conflicts between teams running different software on the same infrastructure.
same:
Containers and virtual machines have similar resource isolation and allocation benefits
different:
The container virtualizes the operating system, and the virtual machine virtualizes the hardware.
Traditional virtual machines can run different operating systems, while containers can only run the same type of operating system