In the process of using Docker, users often need to be able to view the data generated by the application in the container, or need to back up the data in the container, or even share data between multiple containers, which inevitably involves the data management operation of the container.
There are two main ways to manage data in containers:
- Data Volumes
- Data Volume Dontainers
1. Data volume (data sharing between container and host)
A data volume is a special directory used by containers, located within the container. The directory of the host machine can be mounted on the data volume, and the modification operation on the data volume can be seen immediately, and updating the data will not affect the image, so as to realize the migration of data between the host machine and the container. The use of data volumes is similar to the mount operation on directories under Linux.
To persist the data in the container, you can mount the host directory into the container.
Generally, it is only recommended to mount when the container is created, and it is not recommended to mount after starting the container. Because if you start the container and then mount it, you need to modify the configuration file, and the mount may not be successful.
docker run -v 数据卷 #在容器内创建数据卷
docker run -v 宿主机目录:数据卷 #将宿主机目录挂载到容器中
#注意:宿主机本地目录的路径必须是使用绝对路径。如果路径不存在,Docker会自动创建相应的路径。
#挂载后的目录默认可读可写
#如果希望挂载后的目录为只读目录,可以在挂载时加:ro参数
docker run -v 宿主机目录:数据卷:ro #将宿主机目录挂载到容器中,只可读
[root@yuji ~]# ls /var/share #创建数据卷前,该目录不存在
ls: 无法访问/var/share: 没有那个文件或目录
#将宿主机目录/var/share挂载到容器中的/data1。
#注意:宿主机本地目录的路径必须是使用绝对路径。如果路径不存在,Docker会自动创建相应的路径。
#-v选项可以在容器内创建数据卷
[root@yuji ~]# docker run -v /var/share:/data1 --name web1 -itd centos:7 /bin/bash
670bf71814364638c4b21a1fb13bcf95c6a2125cd379a5717061d41f9673b0fe
[root@yuji ~]# ls /var/share -d #自动创建了该目录
/var/share
#进入容器
[root@yuji ~]# docker exec -it web1 bash
[root@670bf7181436 /]# ls #容器中自动创建了/data1目录
anaconda-post.log data1 etc lib media opt root sbin sys usr
bin dev home lib64 mnt proc run srv tmp var
[root@670bf7181436 /]# echo "this is web1"> /data1/abc.txt #向数据卷中写入数据
[root@670bf7181436 /]# exit #退出容器
exit
#返回宿主机进行查看
[root@yuji ~]# cd /var/share
[root@yuji share]# ls
abc.txt
[root@yuji share]# cat abc.txt #可以看到容器中写入的数据,数据同步成功
this is web1
#在宿主机目录中写入数据,之后进容器中查看
[root@yuji share]# cp /etc/passwd ./
[root@yuji share]# ls
abc.txt passwd
[root@yuji share]# docker exec -it web1 bash #进入容器
[root@670bf7181436 /]# ls /data1
abc.txt passwd #完成了数据同步
2. Data volume container (data sharing between containers)
If you need to share some data between containers, the easiest way is to use a data volume container. The data volume container is an ordinary container that provides data volumes for other containers to mount and use.
#创建数据卷容器web2。创建/data1和/data2两个数据卷。
docker run --name web2 -v /data1 -v /data2 -itd centos:7
docker exec -it web2 bash #进入web2容器
echo "this is web2" > /data1/aaa.txt #向数据卷/data1中写入数据
echo "this is yuji" > /data2/bbb.txt #向数据卷/data2中写入数据
#使用--volumes-from 来挂载web2容器中的数据卷到新的容器web3
docker run -itd --volumes-from web2 --name web3 centos:7
docker exec -it web3 bash #进入web3容器
cat /data1/aaa.txt #查看/data1中的数据是否和web2一致
cat /data2/bbb.txt #查看/data2中的数据是否和web2一致
3. Container interconnection (using centos image)
Container interconnection is to establish a dedicated network communication tunnel between containers through container names. To put it simply, a tunnel will be established between the source container and the receiving container, and the receiving container can see the information specified by the source container.
Example 1: Connect containers
#创建并运行源容器取名c1
docker run -itd -P --name c1 centos:7 /bin/bash
#创建并运行接收容器取名c2,使用--1ink选项指定连接容器c1以实现容器互联。
docker run -itd -P --name c2 --link c1:C1 centos:7 /bin/bash
##--link 容器名:连接的别名
#进c2容器,ping c1,通过容器名称或者别名都可以通信
docker exec -it c2 bash
ping c1 #ping c1容器名称
ping C1 #ping c1容器的别名
PING C1 (172.17.0.5) 56(84) bytes of data.
64 bytes from C1 (172.17.0.5): icmp_seq=1 ttl=64 time=0.105 ms
64 bytes from C1 (172.17.0.5): icmp_seq=2 ttl=64 time=0.066 ms
#可以看到c1容器的IP地址为172.17.0.5
#进入c1容器,查看c1的IP地址
docker exec -it c1 bash
yum install -y net-tools #下载网络工具
ifconfig #查看IP为172.17.0.5,和c2中显示的一致
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.5 netmask 255.255.0.0 broadcast 172.17.255.255
Fourth, the creation of Docker image
There are three ways to create a mirror, namely [Create based on an existing mirror], [Create based on a local template] and [Create based on a Dockerfile]
4.1 Create based on an existing image
(1)首先启动一个镜像,在容器里做修改
docker run -it centos:7 /bin/bash #启动容器
yum install -y epel-release #安装epel源
yum install -y nginx #安装nginx
yum install net-tools #安装tools工具
nginx #启动服务
netstat -natp |grep 80 #查看端口是否开启
docker ps -a #查看容器ID
(2)然后将修改后的容器提交为新的镜像,需要使用该容器的ID号创建新镜像
docker commit -m "new nginx" -a "yuji" c7f4bc905c29 nginx:centos
#常用选项:
-m 指定说明信息;
-a 指定作者信息;
-p 生成过程中停止容器的运行。
c7f4bc905c29 原容器ID。
nginx:centos 生成新的镜像名称。
docker images #查看生成的新镜像
docker run -itd nginx:centos bash #使用新的镜像创建容器
docker ps -a #查看容器状态
docker exec -it ae8e40e434fe bash #进入容器
nginx #启动nginx服务
netstat -natp |grep 80 #查看80端口是否开启
4.2 Create based on local template
The image can be generated by importing the template file of the operating system. The template can be downloaded from the OPENVZ open source project. The download address is:
openvz.org/ Download/template/precreated
#模板里面就是使用docker export 命令导出的容器文件
#下载模板
wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz
#导入为镜像,两种方法
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test #方法一
docker import debian-7.0-x86-minimal.tar.gz -- debian:test #方法二
#查看镜像
docker images
#使用导入的镜像创建容器
docker run -itd debian:test bash
docker ps -a4.3 Created based on Dockerfile
4.3.1 Union File System (UnionFS)
UnionFS (Union File System): Union File System (UnionFS) is a layered, lightweight and high-performance file system, which supports the modification of the file system as a single submission to superimpose layer by layer, while different The directory is mounted under the same virtual file system. AUFS, overlayFS, and Devicemapper are all types of UnionFS.
The Union filesystem is the basis for Docker images. Images can be inherited by layering. Based on the base image (without parent image), various specific application images can be made.
Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose the file systems of each layer, so that the final file system will contain all the underlying files and directories .
The layers we see when we download are the joint file system.
4.3.2 Image loading principle
Docker's image is actually composed of layer-by-layer file systems, and this layer of file systems is UnionFS.
Bootfs mainly includes bootloader and kernel. The bootloader is mainly used to guide and load the kernel. When Linux starts, it will load the bootfs file system.
The bottom layer of the Docker image is bootfs, which is the same as our typical Linux/Unix system, including the boot loader and kernel. When the boot loading is complete, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel. At this time, the system will also uninstall the bootfs.
rootfs, on top of bootfs. It contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. Rootfs is a variety of different operating system distributions, such as Ubuntu, Centos, etc.
- Bootfs is the kernel bootloader (bootloading the kernel) and the kernel.
- rootfs is a read-only layer where n multiple basic images (providing the basic operating environment) and application images are superimposed.
- The running container instance will add a readable and writable layer on top of the rootfs.
4.3.3 Why is the size of centos in Docker only 200M?
Because for a streamlined OS, the rootfs can be very small, and only needs to include the most basic commands, tools, and program libraries. Because the underlying layer directly uses the kernel of the host machine, you only need to provide the rootfs. It can be seen that for different Linux distributions, the bootfs is basically the same, but the rootfs will be different, so different distributions can share the bootfs.
Most images are generic, but if an image is created specifically based on a certain version, it may have problems running in other versions of the operating system.
4.3.4 Dockerfile
The Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required for the container to run, it also contains some configuration parameters prepared for the run (such as anonymous volumes, environment variables, users, etc. ). Images do not contain any dynamic data, and their contents are not changed after they are built.
The customization of the image is actually to customize the configuration and files added by each layer. If we can write the commands for modifying installation, construction, and operation of each layer into a script, and use this script to build and customize the image, then the problems of transparency and volume of image construction will be solved. This script is the Dockerfile.
When we need to customize our own additional requirements, we only need to add or modify instructions on Docketlle and regenerate the image, saving the trouble of typing commands. It is to describe how the layer should be constructed. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on the Dockerfile and regenerate the image, saving the trouble of typing commands.
In addition to manually generating Docker images, bockerfiles can be used to automatically generate images. A Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux, and the Docker program will read the instructions in the Dockerfile to generate a specified image.
The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions, and execution instructions when the container starts. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports the use of comments starting with "#".
4.3.5 Layering of Docker image structure
An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image, and any file changes made in the running container will be written to this read-write layer. If the container is deleted, its top read-write layer is also deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of the image and the container layer of the readable and writable layer.
(1) Each instruction in the Dockerfile will create a new image layer;
(2) The image layer will be cached and reused;
(3) When the instructions of the Dockerfile are modified, the copied file changes, or the variables specified when building the image are different, the corresponding image layer cache will become invalid;
(4) If the mirror cache of a certain layer is invalid, the cache of the mirror layer after it will be invalid;
(5) The image layer is immutable. If you add a file in a layer and then delete it in the next layer, the file will still be included in the image, but the file will not be visible in the Docker container.
bootfs: bootfs loader + kernel, containers share the kernel, so they all have the same bootfs.
Rootfs read-only layer: Rootfs can have multiple layers, and it looks like a whole to the outside.
When using a mirror to run a container instance, a readable and writable layer is mounted on the rootfs read-only layer.
2. Instructions of Dockerfile operation command
Introduction to Dockerfile:
Dockerfile is actually the source code we use to build the Docker image. Of course, this is not the so-called programming source code, but a combination of commands. As long as you understand its logic and syntax format, you can write Dockerfile.
To put it simply, the role of Dockerfile: it allows users to customize the Docker image. Because the needs in the working environment are various, it is difficult for the mirroring on the network to meet the actual needs.
Dockerfile common commands:
2.1 FROM image
Specifies the base image on which the new image is based. The first instruction must be a FROM instruction, and a FROM instruction is required for each image created.
2.2 Name of MAINTAINER
Indicates the maintainer information for the new image
2.3 RUN command
Execute commands on the base mirror and commit to the new mirror.
Try to reduce the number of run commands.
- When the command is long, you can use \ to break the line;
- Multiple commands can be combined into one command using ; or && to reduce the number of mirroring layers.
2.4 ENTRYPOINT
ENTRYPOINT ["要运行的程序","参数1","参数2"]
Set the command and its parameters to be run first when the container starts.
docker run --entrypointThe content of the ENTRYPOINT directive in the image can be overridden by using the command
两种格式:
exec格式(数值格式):ENTRYPOINT [“命令”,“选项”,“参数”]
shell格式:ENTRYPOINT 命令 选项 参数The first four commands create a rough mirror image.
2.5 CMD
CMD ["要运行的程序","参数1","参数2"]
The command or script executed by default when starting the container , Dockerfile can only have one CMD command. If multiple commands are specified, only the last command is executed.
If a command is specified during docker run or there is an ENTRYPOINT in the image, then CMD will be overwritten.
CMD can provide default parameters for the ENTRYPOINT command.
两种格式:
exec形式:CMD [“要运行的程序”,“参数1”, “参数2”]
shell形式: CMD 命令 参数1 参数2The coexistence of ENTRYPOINT and CMD: ENTRYPOIN specifies a command, and CMD passes parameters
The priority of the container runtime:
docker run --entrypoint > Dockerfile ENTRYPOINT > docker run命令> Dockerfile CMD
The difference between ENTRYPOINT and CMD:
- ENTRYPOINT sets the first command to run when the container is started; CMD is the command executed by default when the container is started. If multiple CMD commands are specified, only the last command will be executed.
- If a command is specified during docker run or there is ENTRYPOINT in the image, CMD will be overwritten, and the command in CMD will be passed to ENTRYPOINT as a parameter.
- CMD can pass parameters for ENTRYPOINT.
2.6 EXPOSE port number
Specifies the ports to open when new images are loaded into Docker.
It is used to expose the port, otherwise even if the port mapping is done, the outside cannot find it.
2.7 ENV
ENV 环境变量 变量值
Set the value of an environment variable, which will be used by subsequent RUN.
2.8 ADD
ADD 源文件/目录 目标文件/目录
Copy the source file to the specified path of the image, the source file should be in the same directory as the Dockerfile, or a URL. (URL path, online path)
There are the following precautions:
1、
如果源路径是个文件,且目标路径是以 / 结尾, 则docker会把目标路径当作一个目录,会把源文件拷贝到该目录下。
如果目标路径不存在,则会自动创建目标路径。
2、
如果源路径是个文件,且目标路径是不以/结尾,则docker会把目标路径当作一个文件。
如果目标路径不存在,会以目标路径为名创建一个文件,内容同源文件。
如果目标文件是个存在的文件,会用源文件覆盖它,当然只是内容覆盖,文件名还是目标文件名。
如果目标文件实际是个存在的目录,则会源文件拷贝到该目录下。注意, 这种情况下,最好显示的以/结尾,以避免混淆。
3、
如果源路径是个目录,且目标路径不存在,则docker会自动以目标路径创建一个目录,把源路径目录下的文件拷贝进来。
如果目标路径是个已经存在的目录,则docker 会把源路径目录下的文件拷贝到该目录下。
4、
如果源文件是个归档文件,则docker会自动帮解压。(解压后复制源目录到镜像中的目录)
URL下载和解压特性不能一起使用。任何压缩文件通过URL拷贝,都不会自动解压。
(不支持下载和解压一起使用,下载就不会解压。即只解压本地压缩包,不会解压下载的压缩包)
- Advantages of ADD: If <source file> is a tar compressed file, and the compression format is gzip, bzip2 and xz, it will be automatically copied and decompressed to <target path>.
- Disadvantage of ADD: Tar archives cannot be copied without decompression. Will invalidate the image build cache, which may slow down image builds. Whether to use it or not can be decided according to whether automatic decompression is required.
2.9 COPY
COPY 源文件/目录 目标文件/目录
Only copy the files/directories on the local host to the target location, the source files/directories should be in the same directory as the Dockerfile.
Comparison between ADD and COPY: (Under the same requirements, COPY is officially recommended)
1. Common points:
Both ADD and COPY can copy local files to the image.
2. Difference:
ADD: If it is a compressed file, ADD will automatically decompress it after copying. It also supports URL path to download source files, but the URL download and decompression features cannot be used together, and any compressed files copied by URL will not be automatically decompressed.
COPY: If it is a compressed file, COPY cannot decompress it. And COPY can only copy local files, and does not support URL path copying.
2.10 VOLUME ["directory"]
Create a mount point (i.e. create a data volume) in the container.
2.11 USER username/UID
Specifies the user when running the container. (for switching users)
2.12 WORKDIR path
Specify the working directory for subsequent RUN, CMD, ENTRYPOINT. (for switching directories in the container)
CMD can provide default parameters for the ENTRYPOINT command.
workdir /opt #切换镜像层
run cd /opt #会添加镜像层2.13 ONBUILD command
Specifies the command to run when the generated image is used as a base image.
When the ONBUILD instruction is added to a Dockerfile, the instruction will not have a substantial impact on using the Dockerfile to build an image (such as an A image).
But when writing a new Dockerfile to build a mirror based on the A mirror (such as a B mirror), the ONBUILD command in the Dockerfile that constructs the A mirror will take effect at this time. In the process of building the B mirror, it will first execute The instructions specified by the ONBUILD instruction are executed before other instructions are executed.
(that is, add private goods, this command is not for me, it is for other mirrors)
2.14 AGR
Set the parameters added when compiling the image.
The ARG command can refer to the parameters specified when docker build builds the image, that is, to achieve the effect of referencing parameters.
Environment variables defined with the ENV directive always override the ARG directive of the same name
ARG CONT_IMG_VER #Dockfile中指定变量名
ENV CONT_IMG_VER=v1.0.0
RUN echo $CONT_IMG_VER #AEG和ENV定义的变量名,不要重复,不然最后echo的是ENV定义的值
docker build --build-arg CONT_IMG_VER=v2.0 . #构建镜像时传入变量值
#因为AEG和ENV定义的变量名重复了,ENV指令定义的环境变量始终会覆盖同名的ARG指令,所以最后输出的是ENV定义的值。2.15 Create a mirror image
After writing the Dockerfile, you can use docker buildthe command to create the image.
The basic format is that docker build [选项] 路径this command will read the Dockerfile under the specified path (including subdirectories), and send all the content under the path to the Docker server, and the server will create the image. Therefore, it is generally recommended that the directory where the Dockerfile is placed is an empty directory.
In addition, you can let Docker ignore the directories and files under the path through the .dockerignore file (add a matching pattern to each line).
To specify the label information of the image, you can pass the -t option.
When writing a Dockerfile, there is a strict format to follow:
- The first line must use the FROM command to indicate the name of the image it is based on;
- Then use the MAINTAINER command to describe the user information for maintaining the image;
- Then there are instructions related to mirroring operations, such as RUN instructions/EXPOSE/ADD/ENV/ARG and so on. Every time an instruction is run, a new layer is added to the base image. (Multiple commands can be combined with ; or && into one command to reduce the number of mirror layers)
- Finally, use the CMD or ENTRYPOINT command to specify the command operation to be run when the container is started.