1. Knowledge about docker
Containerization is becoming more and more popular because containers are:
●Flexible: Even the most complex applications can be containerized.
● Lightweight: The container utilizes and shares the host kernel.
● Interchangeable: Updates and upgrades can be deployed instantly.
● Portable: Can be built locally, deployed to the cloud, and run anywhere.
●Extensible: Container replicas can be increased and automatically distributed.
●Stackable: Services can be stacked vertically and instantly.
1.1 The concept of docker
Docker is an open source application container engine, developed based on the go language and following the apache2.0 protocol to open source. Docker allows developers to package their applications and dependencies into a lightweight, portable container, and then publish to any popular linux server, and virtualization is also possible. The container is completely using the sandbox mechanism, there will be no interface between each other (iphone-like app), and the container overhead is extremely low.
Containers support 2 important technologies in the kernel:
The essence of docker is a process of the host machine. Docker implements resource isolation through namespace, resource limitation through cgroup, and efficient file operation through copy-on-write technology (similar to virtual machine disks, such as allocating 500g It does not actually take up 500g of the physical disk, and only copy a copy of the data when it needs to be modified).
1.2 Three important concepts of docker
(1) image mirroring
A docker image is a read-only template. For example, an image can contain a complete centos, which only installs apache or other applications of the user. The image can be used to create a docker container. In addition, docker provides a very simple mechanism to create an image or Update the existing image, users can even directly download a ready-made image from others to use directly
The basis for creating a container is an executable compressed package, a read-only template that contains all the resources to run an application
(2) container container
Docker uses containers to run applications. Containers are running instances created from images. They can be started, started, stopped, and deleted. Each container is isolated from each other to ensure a safe platform. Containers can be regarded as simple version of the Linux environment (including root user authority, mirror space, user space and network space, etc.) and the applications running in it
Based on the running instance created by the image, the containers are isolated from each other
(3) repository warehouse
The warehouse is the vicissitudes of centralized storage of image files. The registry is the master-slave server of the warehouse. In fact, there are multiple warehouses stored on the reference registration server, and each warehouse contains multiple mirrors. Each mirror has a different tag (tag) Warehouse There are two types: public reference and private warehouse. The largest public warehouse is docker hub, which stores a large number of images for users to download. Domestic docker pool, where the concept of warehouse is similar to Git, registry can be understood as github baby sitting program.
A place for centralized storage of images, which can be divided into public warehouses and private key warehouses
1.3 The main purpose of docker
The official is Bulid, ship, run any app/any where, compile, load, run, any app/anywhere can run. It is to realize the life cycle management of application packaging, deployment, and operation as long as it is in the glibc environment, it can run. In the operation and maintenance generation environment: dockerization.
1. No need to worry about the operating environment of the server when publishing services. All servers are automatically assigned docker, automatically deployed, automatically installed, and automatically run
2 No need to worry about disk problems, cpu problems, system problems of other service engines anymore
3 Better utilization of resources
4 Automatic migration, mirroring can be made, and migration can be migrated using a custom mirroring to avoid problems
5 Management is faster and more convenient
1.4 The difference between docker and virtual machine
The docker virtual machine
kernel uses the operating system kernel of the shared host and has an independent operating system kernel.
Startup speed Fast startup speed, second-level speed Slow startup speed, minute-level
performance close to cloud native, almost no loss Virtual access to the host through the hypervisor will take up more resources, and the maximum loss will be nearly 50%. The
capacity of a single machine is hundreds, thousands, or dozens.
Isolation namespace (namespace) isolates resources, and cgroup resource restrictions completely isolate
Isolation kind of namesapce (namespace)
UTS: hostname and domain name
IPC: Semaphores, Message Queues, and Shared Content
PID: process number
NETWORK: network devices, ports, network stack
MOUNT: mount point (file system)
USER: users and user groups
Features of cgroups
The api of cgroup is implemented as a pseudo file system, and the user's program can realize the component management of cgroup through the file system
The component management operation unit of cgroup can be fine-grained to the thread level. In addition, users can create and destroy cgroups, so as to realize the allocation and reuse of resources
All resource management functions are implemented in the form of subsystems, and the unified interface subtask is in the same cgroup control group as its parent task at the beginning of creation.
The four major functions of cgroup
Resource limit: the total amount of resources used by the task can be limited
Priority allocation: through the number of allocated cpu time slices and the size of disk IO bandwidth, it is actually equivalent to controlling the task running priority
Resource statistics: You can count the resource usage of the system, such as cpu duration, memory usage, etc.
Task control: cgroup can perform operations such as suspending and resuming tasks
In general, cgroup is to control the upper limit of resources that containers can use
2.docker's yum installation and source code compilation and installation
2.1 yum source installation docker
# Uninstall the remaining docker package
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker -engine
#It is recommended to use the domestic Ali image as the download source
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#Installation required docker installation package
yum install -y yum-utils device-mapper-persistent-data lvm2
#Install the community version of docker
yum install docker-ce
#Check whether docker is successfully installed
docker -v
#Set to start automatically at boot
systemctl start docker.service
systemctl enable docker.service
---------------------------------------- -------------------------------------------------- --The
installed Docker system has two programs, the Docker server and the Docker client. The Docker server is a service process responsible for managing all containers. The Docker client acts as a remote controller of the Docker server, which can be used to control the Docker server process. In most cases, the Docker server and client run on the same machine.
-------------------------------------------------- ------------------------------------------
2.2 Compile and install docker from source
tar zxvf docker-19.03.9.tgz
mv docker/* /usr/bin
#Add docker system startup service
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description =Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/ bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
#Start open
systemctl start docker
#Check status
systemctl status docker
#View docker version information
docker version
#docker information view
docker info
3. Docker image operation
(1) Search image
format: docker search keyword
docker search nginx
(2) Obtaining the image
format: docker pull warehouse name[:label]
#If no label is specified when downloading the image, the latest version of the image in the warehouse will be downloaded by default, that is, the selected label is the latest label.
docker pull nginx
(3) Mirror Accelerated Download
#Acquire to register an Alibaba Cloud account, and Alibaba Cloud will access https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors through different personal docker image source
browsers according to user information to obtain Mirror accelerator configuration
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{ "registry-mirrors": ["https://288honvl.mirror.aliyuncs.com"] } EOF # The tee command reads standard input and writes the program's output to standard output, simultaneously copying it to the specified file or files. Flags -a Add output to the end of File instead of overwriting. -i Ignore interrupts. systemctl daemon-reload systemctl restart docker
(4) View image information
After the image is downloaded, it is stored in /var/lib/docker.
Docker-related local resources are stored in the /var/lib/docker/ directory, where the containers directory stores container information, the image directory stores image information, and the overlay2 directory stores specific image underlying files.
#View downloaded image file information
cat /var/lib/docker/image/overlay2/repositories.json
#View all images downloaded locally
docker images
------------------ -------------------------------------------------- ------------------------
REPOSITORY: The warehouse to which the image belongs;
TAG: The label information of the image, marking different images in the same warehouse;
IMAGE ID: The unique ID number of the mirror, which uniquely identifies a mirror;
CREATED: mirror creation time;
VIRTUAL SIZE: mirror size;
--------------------------- -------------------------------------------------- ---------------
#According to the unique ID number of the image, get the detailed information of the image
format: docker inspect image ID number
docker inspect ae2feff98a0c
●lowerdir is the image layer, and the directory or file is read-only. In fact, it is rootfs. The image layer can be divided into many layers, so the corresponding lowerdir can have multiple directories. The upperdir is the
container layer above the lowerdir. This layer can Readable and writable, it will be created when a container is started, and all changes to the container data will occur in this layer
MergedDir is the presentation layer, which is the mount point of the container
(5) Add a new tag to the local image
format: docker tag name: [tag] new name: [new tag]
docker tag nginx:latest nginx:1.21.5
docker images | grep nginx
(6) Delete image
format:
docker rmi warehouse name: label #When an image has multiple labels, just delete the specified label
or
docker rmi image ID number #The image will be completely deleted
Note: If the image has been used by the container , the correct way is to delete all containers that depend on the image first, and then delete the image.
docker rmi nginx:1.21.5
(7) Save the image: save the image as a local file
format: docker save -o storage file name stored image
docker save -o nginx nginx:1.21.5 #Save the image named nginx and save it in the current directory
ls -lh
#Load image: Import the image file into the image library
Format:
docker load < saved file
or
docker load -i saved file
docker load < nginx
(8) Upload image
By default, it is uploaded to the official public warehouse of docker hub, and an account to use the public warehouse needs to be registered. https://hub.docker.com
can use the docker login command to enter the user name, password and email to complete registration and login.
Before uploading the image, you need to add a new label to the local image, and then use the docker push command to upload
#When adding a new tag, you must add your own dockerhub docker
tag nginx:1.21.5 yunayun/nginx:latest
docker login #Log in to the public warehouse
Username: xxxxxxxxx
Password: xxx
docker push yunayun/nginx:latest #Upload image
4. Docker container operation
(1) Container creation
Container creation: It is the process of loading the image into the container.
The newly created container is in the stopped state by default and does not run any programs. A process needs to be initiated in it to start the container
Format: docker create [option] image
Commonly used options:
-i: let the container open standard input to accept user input commands
-t: let Docker allocate a pseudo-terminal tty
-it: combine to realize the interaction with the container and run an interactive session shell
docker create -it nginx:latest /bin/bash
(2) Check the container
#Check the running status of the container
docker ps -a #-a option can display all containers
#If you don’t have -a, you can only check the running status of the container
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
The ID number of the container is loaded The name of the current state port mapping at the creation time of the mirroring program
(3) Start the container
Format: docker start container ID/name
docker start 8b0a7be0ff58
docker ps -a
(4) To create and start a container,
you can directly execute the docker run command, which is equivalent to executing the docker create command first, and then executing the docker start command.
Note: The container is a terminal that coexists with the shell command/process running in it. The command/process runs and the container runs, and the command/process ends and the container exits.
By default, the docker container will use the first process inside the container, that is, the program with pid=1, as the basis for whether the docker container is running. If the process with pid=1 in the docker container hangs up, the docker container will exit directly, that is, It is said that there must be a foreground process in the Docker container, otherwise the container is considered to have hung up.
When using docker run to create a container, the standard running process of Docker in the background is:
1) Check whether the specified image exists locally. When the image does not exist, it will be downloaded from the public warehouse;
2) Create and start a container using the image;
3) Assign a file system to the container, and mount a read-write layer outside the read-only image layer;
4) From Bridge a virtual machine interface to the container in the network bridge interface configured by the host host;
5) Assign an IP address in the address pool to the container;
6) Execute the application program specified by the user, and the container will be terminated after execution.
docker run centos:7 /usr/bin/bash -c ls /
docker ps -a
#You will find that a new container is created and a shell command is started, and then it stops
(5) To keep running the container created by docker run in the background,
you need to add the -d option after the docker run command to make the Docker container run in the background as a daemon. And the program running in the container cannot end.
docker run -d centos:7 /usr/bin/bash -c "while true;do echo hello;done"
docker ps -a #It can be seen that the container is always UP and running
docker run -itd --name test1 centos: 7 /bin/bash #Create a container and run the container continuously
(6) Terminate container operation
Format: docker stop container ID/name
docker stop container id
#force stop container
docker kill container id
docker ps -a
(7) Container entry
When you need to enter the container for command operations, you can use the docker exec command to enter the running container.
Format: docker exec -it container ID/name/bin/bash
The -i option means to keep the input of the container open;
the -t option means to let Docker allocate a pseudo-terminal.
docker start container id #Before entering the container, make sure the container is running
docker exec -it container id /bin/bash
ls
exit #After exiting the container, the container is still running
docker ps -a
docker run -it centos:7 bash #Do not add- The d option will directly enter the container for interaction after creating the container, but if you exit the container, the container will also stop
(8) Import and export of container and native files
echo abc123 > /opt/test.txt
docker cp /opt/test.txt container id:/opt/
#Copy files from container to host
docker cp container id:/opt/test .txt /opt/abc123.txt
(9) Backup and replication of containers
Export and Import of Containers
Users can migrate any Docker container from one machine to another. During the migration process, you can use the docker export command to export the created container as a container snapshot file, regardless of whether the container is running or stopped. The export file can be transferred to other machines, and the migration of the container can be realized through the corresponding import command.
#Export format: docker export container ID/name> file name
docker export container id > centos7.tar
docker export -o centos7.tar container id
#Import format: cat file name | docker import – image name: label
cat centos7.tar | docker import - centos7:test #The image will be generated after import, but no container will be created
docker import centos7.tar -- centos7:test
(10) Batch deletion
format of containers and images: docker rm [-f] container ID/name
docker stop container id
docker rm container id #delete terminated container
docker rm -f container id #force delete running container
docker ps -a | awk 'NR>=2{print "docker stop "$1}' | bash #stop containers in batches
docker ps -a | awk 'NR>=2{print $1}'| xargs docker stop
docker ps -a | awk 'NR>=2{print "docker rm "$1}' | bash #Delete all containers in batches
docker ps -a | awk 'NR>=2{print $1}'| xargs docker rm
docker images | awk 'NR>= 2{print "docker rmi "$3}' | bash #delete images in batches
docker images | grep none | awk '{print $3}' | xargs docker rmi #delete none images docker
rm $(docker ps -a -q) #batch Clean up stopped containers in the background