[Introduction] Container deployment is the first step in the actual use and practice of containers. This article combines the author's actual production practice to sort out in detail how Podman and Docker are installed and deployed in different environments (online and offline environments), and how to deploy them in different environments. Finally, how to set up the common functions of Docker for better use, and explained the pitfalls that may be encountered in container deployment. This article is suitable for container beginners. You can follow the steps to complete the deployment, installation and use of containers, laying the foundation for subsequent in-depth study.
1 Introduction to Linux Containers
A Linux container is a series of processes isolated from the rest of the system. All the files needed to run these processes are provided by another image, which means that Linux containers are portable and consistent from development to testing to production. As a result, containers can run much faster than development pipelines that rely on duplicating traditional testing environments. Containers are ubiquitous and easy to use, making them an important part of IT security.
Containers ensure that your applications have the required libraries, dependencies, and files, allowing you to move them freely in production without fear of side effects. In fact, you can think of the contents of the container image as an installation instance of a Linux distribution, because it contains RPM packages, configuration files, and so on.
From its inception, containers quickly became an essential part of the modern data center. Currently popular container engines include Docker and the next generation of Open Container Initiative (OCI) compliant containers.
Docker is an open source application container engine, which is a package of Linux containers. Docker provides a simple container interface, allowing developers to package their applications and dependencies into a portable container, and then publish them on a Linux machine. , but Docker also has two major disadvantages:
-
Docker requires a daemon running on your system;
-
Docker is running the daemon on your system as root.
The existence of these shortcomings may have certain security risks. In order to solve these problems, Podman, a next-generation containerization tool, has emerged.
Podman is an open source container management tool that can be used on most Linux platforms. It is a daemon-free container engine for developing, managing and running any Open Container Initiative (OCI) standard on Linux systems. Containers and container images, providing a Docker-compatible command-line front end. Containers under Podman control can be run by either root or unprivileged users.
After using Podman, Skopeo and Buildah's new generation container architecture tools, the startup and security problems caused by the docker daemon can be solved.
2 The main difference between Podman and docker
docker needs a daemon running on our system, podman does not.
-
The way to start the container is different: the docker cli command interacts with the Docker Engine (engine) through the API to tell it that I want to create a container, and then the docker Engine will call the OCI container runtime (runc) to start a container. This means that the process (process) of the container will not be the child process (child process) of Docker CLI, but the child process of Docker Engine.
-
Podman directly interacts with OCI container runtime (runc) to create containers, so the container process is directly the child process of podman.
-
Docker needs to use the root user to create containers, but podman does not.
3 Podman deployment and common operations
The installation and deployment of Podman is very simple, as follows:
1. Arch Linux & Manjaro Linux
sudo pacman -S podman
2. Fedora,Centos,RHEL
sudo yum -y install podman
3. Gentoo
sudo emerge app-emulation/libpod
4. MacOS
brew cask install podman
Basic common commands:
podman info
podman version
podman images
subjugation of rmi
podman ps
Many commands in Podman CLI are the same as those in Docker CLI. The official example alias docker=podman is given, so people who often use Docker CLI can get started very quickly with Podman.
run a container
List all current containers
View a mirror information
View the log of the container running
View running container resource usage
4 Docker deployment
4.1 Deployment preparations
Docker CE is Community Edition (Community Edition), which is free to use. Here we take CentOS as an example to introduce the Docker deployment process. Before deployment, the following environment is required:
-
CentOS 7 and above operating system
-
The Linux kernel version is not lower than 3.10 (CentOS 7 meets the minimum kernel requirements)
-
The centos-extras warehouse has been enabled (by default, this warehouse is enabled, and you can use yum repolist to check whether it exists. If it is not enabled, you can execute yum-config-manager --enable extras after installing yum-utils to enable it)
-
If you have installed the relevant content of the old version of Docker, you need to uninstall it. The old version of Docker is called docker or docker-engine. The uninstallation command is as follows: (if not specified, follow-up commands are executed as the root user)
If the server can connect to the Internet, you can refer to the online deployment steps to install Docker. If you cannot connect to the Internet, you can refer to the offline deployment steps to install Docker.
4.2 Online deployment steps
Install the necessary packages
First install the following software package: yum-utils to facilitate subsequent configuration of the yum repository
Configure docker-ce stable warehouse
Note that docker-ce.repo also includes nightly and test repositories, which are not enabled by default. You can use sudo yum-con-fig-manager --enable docker-ce-nightly to enable them. Generally, they do not need to be enabled.
Install the latest version of docker-ce
This command installs the latest version of docker-ce by default. If you need to verify the GPG key during the installation process, enter "y" to confirm.
After the execution is complete, Docker has been successfully installed, but it has not been started yet. It is recommended not to start it yet, and start Docker after completing the subsequent "Related Settings after Deployment Completion".
Install the specified version of docker-ce
First use the following command to check which docker-ce versions are in docker-ce.repo.
Part of the string in the second column (after the colon and before the hyphen) is the version number. For example, you can use the following command to install the specified version:
This command will install the specified version of docker-ce. If you need to verify the GPG key during installation, enter "y" to confirm.
After the execution is complete, Docker has been successfully installed, but it has not been started yet. It is recommended not to start it yet, and start Docker after completing the subsequent "Related Settings after Deployment Completion".
4.3 Offline deployment steps
After the execution is complete, Docker has been successfully installed, but it has not been started yet. It is recommended not to start it yet, and start Docker after completing the subsequent "Related Settings after Deployment Completion".
Official steps and existing pits
Install version 18.09.1:
According to the official documentation, go to the Docker official website to download the specified version of the rpm package https://download.docker.com/linux/centos/7/x86_64/stable/Packages/, and then use yum to install it.
There will be a problem with this method. In a completely offline environment, directly installing the rpm package downloaded from the docker official website will lack many dependencies. These dependencies need to be manually downloaded to upgrade or install the corresponding rpm package, which is very troublesome. Therefore, the following methods are recommended for offline installation.
Download all rpm packages locally
(1) In an environment with Internet access (such as a personal computer), install a virtual machine with the same operating system as the machine in the offline environment to ensure that the virtual machine can access the Internet. It is best to choose a minimal installation when installing the virtual machine operating system. Assume the operating system is CentOS.
(2) After the installation is complete, configure the yum source of the machine (it is recommended to configure the image of Alibaba Cloud), and first back up /etc/yum.repos.d/.
(3) Then configure CentOS-Base.repo and docker-ce.repo
(4) Download the rpm package related to docker-ce.
Create a repo warehouse
Install createrepo on the above virtual machine that can be connected to the Internet to create a warehouse.
At this time, the repodata warehouse data folder will be generated under /tmp/rpm_download.
Install in an offline environment
Copy the above files to the machine in the offline environment, and configure the local yum source for installation.
Copy the above folder to the machine in the offline environment, assuming the directory is also /tmp/rpm_download
Configure the local yum source of the offline environment machine.
So far, the installation of docker in the offline environment has been completed.
4.4 Related settings after deployment
Configure non-root users to use Docker commands
The Docker daemon listens to a Unix socket (/var/run/docker.sock) by default. This Unix socket belongs to the user root by default. If other users want to use the docker command line to communicate with the daemon, they must use sudo.
It is troublesome for non-root users to use sudo every time. You can create a group named "docker" (by default after installing docker), and then add non-root users to the docker group to directly access the Docker daemon.
Note that if sudo has been used, and then the user is added to the docker group, an error may be reported due to directory permissions. Use the following command to fix it.
Configure Docker to start automatically at boot
To use Systemd to manage services in CentOS 7, execute the following commands.
Configure the default log driver
The default log driver of Docker daemon is json-file, which can output the marked output and standard error of the docker container to the json file, and can also support other log drivers, such as local and journald, through /etc/docker/daemon.json configuration.
You can also specify the log driver used by the container when creating the container, for example:
Configure the Docker daemon to listen on the TCP port
By default, the Docker daemon listens to a local Unix socket and receives requests from local docker clients. If you want to access remotely, tools such as docker-compose and docker-swarm need to communicate with Docker daemon, you can let Docker daemon listen to a local tcp port.
Under the CentOS system, modify the file /usr/lib/systemd/system/docker.service and modify the following content:
Then restart docker.
Use netstat -tnlp | grep 2375 to see that the dockerd process listens to port 2375.
Configuring Image Download Acceleration
By default, Docker will pull images from foreign mirror warehouses. You can use domestic warehouse mirror servers to speed up the pull image and increase the number of concurrent downloads.
Under the CentOS system, modify the docker configuration file /etc/docker/daemon.json.
Then restart docker.
Configure Docker's default network bridge
After the Docker service is started, a docker0 bridge will be created by default. The default network segment it uses is 172.xx.xx.xx. Assuming that the machine where docker is deployed also uses this network segment, there may be conflicts. You can modify the default network segment of docker part.
Under the CentOS system, modify the docker configuration file /etc/docker/daemon.json
Then restart docker.
4.5 Functional Verification
start docker
View docker status information
Run the hello-world container
The first run will download the hello-world image from the remote mirror warehouse, and start a container. When the container is running, it will output a piece of information, and then exit automatically, which can be viewed through docker ps -a.
Docker daemon logs
systemd uses the journalctl command to uniformly manage the startup logs of all Units. Use the following commands to view the Docker daemon logs.
Docker uninstall
5 Chapter Summary
This article introduces the container deployment process and simple container operations, and explains the differences between Docker and the next-generation container tool Podman. At present, the Docker container engine is still widely used by many engineers, but due to its own limitations, Podman that conforms to the OCI standard will gradually become the mainstream of the community in the future, and will be accepted by the majority of developers and operation and maintenance personnel. Technology is constantly evolving, and new tools are emerging. Based on the corresponding new container tool chain, we can build a container environment that is fully compatible with Docker but is more lightweight, flexible, and secure.
References:
Podman official website address: https://podman.io/Podman
https://www.redhat.com/zh/topics/containers/whats-a-linux-container
https://baijiahao.baidu.com/s?id=1653853217702500436&wfr=spider&for=pc
https://www.redhat.com/zh/topics/containers/whats-a-linux-container
https://www.cnblogs.com/shoufu/p/11803010.html