Docker data management (dockerfile, etc.)

1. Manage data in docker container

There are two main ways to manage data in Docker containers: Data Volumes and DataVolumes Containers.

1. Data volume

A data volume is a special directory used by containers, located within the container. The directory of the host machine can be mounted on the data volume, and the modification operation on the data volume can be seen immediately, and updating the data will not affect the image, so as to realize the migration of data between the host machine and the container. The use of data volumes is similar to the mount operation on directories under Linux.

Requirement: The host directory /var/www is mounted to /data1 in the container.

docker pull centos: 7
 
注意:宿主机本地目录的路径必须是使用绝对路径。如果路径不存在，Docker会自动创建相应的路径。
docker run -it --name test6 -v /var/www:/data1 centos:7 bash
#-v选项可以在容器内创建数据卷
 
ls
echo "this is test6 file" > /data1/test.txt
exit
 
#返回宿主机进行查看
cd /var/www/
cat test.txt

2. Data volume container

If you need to share some data between containers, the easiest way is to use a data volume container. The data volume container is an ordinary container that provides data volumes for other containers to mount and use.

#创建一个容器作为数据卷容器
docker run -it --name test1 -v /data1 -v /data2 centos:7 bash                               #创建并进入容器
echo "this is test7 file" > /data1/test.txt                          #容器内创建测试文件1
echo "THIS IS TEST7 FILE" > /data2/TEST.txt                          #容器内创建测试文件1
 
#使用--volumes-from来挂载test2容器中的数据卷到新的容器
docker run -it --name test2 --volumes-from test1 centos:7 bash                               #创建并进入容器
cat data1/test.txt                                       #查看测试数据是否同步
cat data2/TEST.txt

2. Container interconnection (using centos image)

Container interconnection is to establish a dedicated network communication tunnel between containers through container names. To put it simply, a tunnel will be established between the source container and the receiving container, and the receiving container can see the information specified by the source container.

#创建并运行源容器取名web1
docker run -itd -P --name web1 centos:7 /bin/bash
#创建并运行接收容器取名web2，使用--link选项指定连接容器以实现容器互联
docker run -itd -P --name web2 --link web1:web1 centos:7 /bin/bash          #--link容器名:连接的别名
 
#进web2容器，ping web1
docker exec -it web2 bash
ping web1

3. Docker image creation

There are three ways to create a mirror, which are based on an existing mirror, based on a local template, and based on a Dockerfile.

1. Create based on an existing image

(1) First start a mirror and make changes in the container

docker create -it centos:7 bash
 
docker ps -a
CONTAINER ID   IMAGE      COMMAND   CREATED          STATUS    PORTS     NAMES
fb555aed6d9c   centos:7   "bash"    17 seconds ago   Created             agitated_germain
 
docker start fb555aed6d9c
yum install net-tools -y            # 可以在容器里面安装net-tools工具
exit

(2) Then submit the modified container as a new image, and you need to use the ID number of the container to create a new image

docker commit -m "new" -a "centos" 000550eb36da centos:test
#常用选项:
-m说明信息:
-a作者信息;
-p生成过程中停止容器的运行
 
docker images

2. Create based on local template

The image can be generated by importing the template file of the operating system. The template can be downloaded from the OPENVZ open source project. The download address is:
https://wiki.openvz.org/Download/template/precrated

wget http://download.openvz.org/template/precreated/debian-7.0-x86 -minimal.tar.gz
#导入为镜像
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test　

Note: docker export import
export container export

Note: export exports containers, not images.

docker export <CONTAINER ID >  > my_container.tar

Import container as image import

cat my_container.tar |docker import - image_name:tag

3. Created based on Dockerfile

1) Union File System (UnionFS)
UnionFS (Union File System): Union File System (UnionFS) is a layered, lightweight and high-performance file system that supports modification of the file system as a submission to a layer Layer superposition, and can mount different directories under the same virtual file system at the same time. AUFS, OberlayFS, and Devicemapper are all types of UnionFS.

The Union filesystem is the basis for Docker images. Images can be inherited by layering. Based on the base image (without parent image), various specific application images can be made.

Features: Multiple file systems are loaded at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose the file systems of all layers, so that the final file system will contain all the underlying files and directories.

The layers we see when we download are the joint file system.

2) Image loading principle
Docker's image is actually composed of layer-by-layer file systems, and this layer of file systems is UnionFS.

bootfs mainly includes bootloader and kernel, bootloader is mainly to guide and load kernel, and the bootfs file system will be loaded when Linux is just started.

At the bottom of the Docker image is bootfs, which is the same as our typical Linux/Unix system, including the boot loader and kernel.

When the boot loading is complete, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel. At this time, the system will also uninstall the bootfs.

Rootfs, on top of bootfs, contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. rootfs is a variety of different operating system distributions, such as Ubuntu, Centos and so on.

We can understand that there is nothing in the kernel at the beginning, and a command is used to download debian, and then a layer of basic image will be added to the kernel; and then an emacs will be installed, and a layer of image will be superimposed on the basic image; and then another one will be installed Apache will add another layer of image on top of images.

In the end they look like a filesystem i.e. the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, at this time, each layer of rootfs is read-only, and we cannot operate it at this time.

When we create a container, that is, instantiate the Docker image, the system will allocate a layer of empty read-write rootfs on top of one or more layers of read-only rootfs.

3) Why is the size of centos in Docker only 200M?
Because for a streamlined OS, the rootfs can be very small, and only needs to contain the most basic commands, tools and libraries. Need to provide rootfs on it.

It can be seen that for different Linux distributions, the bootfs is basically the same, and the rootfs will be different, so different distributions can share the bootfs.

4) Dockerfile
The Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required for the container to run, it also contains some configuration parameters (such as anonymous volumes, environment variables, etc.) prepared for the runtime. , user, etc.).

Images do not contain any dynamic data, and their contents are not changed after they are built.

The customization of the image is actually to customize the configuration and files added by each layer.

If we can write the commands of modification, installation, construction, and operation of each layer into a script, and use this script to build and customize the image, then the problems of transparency and volume of image construction will be solved. This script is the Dockerfile.

Dockerfile is a text file, which contains a series of instructions (Instruction), each instruction builds a layer, so the content of each instruction is to describe how the layer should be built.

With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on Dockerfile. and regenerate the image, saving the trouble of typing commands.

In addition to manually generating Docker images, you can use Dockerfile to automatically generate images. A Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux, and the Docker program will read the instructions in the Dockerfile to generate a specified image.

The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions, and execution instructions when the container starts. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports the use of comments starting with "#".

5) Layering of the Docker image structure
The image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image, and any file changes made in the running container will be written to this read-write layer. If the container is deleted, its top read-write layer is also deleted, and file changes are lost.

Docker uses storage drivers to manage the content of each layer of the image and the container layer of the readable and writable layer.

(1) Each instruction in the Dockerfile will create a new image layer;

(2) The image layer will be cached and reused;

(3) When the instructions of the Dockerfile are modified, the copied file changes, or the variables specified when building the image are different, the corresponding image layer cache will become invalid;

(4) If the mirror cache of a certain layer is invalid, the cache of the mirror layer after it will be invalid;

(5) The image layer is immutable. If you add a file in one layer and then delete it in the next layer, the file will still be included in the image, but the file will not be visible in the Docker container.

4. Commonly used instructions for Dockerfile operations:

(1) FROM image　
Specifies the image on which the new image is based. The first instruction must be a FROM instruction. Every time a image is created, a FROM instruction is required.

(2) MAINTAINER name
Indicates the maintainer information of the new image

(3) RUN command
Executes the command on the image it is based on and submits it to the new image

(4) ENTRYPOINT ["program to run", "parameter 1", "parameter 2"]
sets the first command to run when the container starts and its parameters.

You can override the content of the ENTRYPOINT directive in the image by using the command docker run --entrypoint

(5) CMD ["program to run", "parameter 1", "parameter 2"]
above is exec form, shell form: CMD command parameter 1 parameter 2

The command or script executed by default when starting the container, Dockerfile can only have one CMD command. If multiple commands are specified, only the last command is executed.

If a command is specified during docker run or there is an ENTRYPOINT in the image, cmd will be overwritten.

CMD can provide default parameters for the ENTRYPOINT command

(6) EXPOSE port number
Specify the port to be opened when the new image is loaded into Docker

(7) ENV environment variable variable value
Set the value of an environment variable, which will be used by the subsequent RUN

(8) ADD source file/directory target file/directory
Copy the source file to the image, the source file should be in the same directory as the Dockerfile, or a URL

There are the following precautions:

1. If the source path is a file and the target path ends with /, docker will treat the target path as a directory and copy the source file to the directory

If the target path does not exist, the target path will be created automatically

2. If the source path is a file and the target path ends with /, docker will treat the target path as a file

If the target path does not exist, a file will be created with the name of the target path, and the content is the same as the source file

If the target file is an existing file, it will be overwritten with the source file, of course only the content is covered, and the file name is still the target file name

If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is better to end with / to avoid confusion

3. If the source path is a directory and the target path does not exist, docker will automatically create a monthly record with the target path and copy the files recorded in the source path

If the target path is an existing directory, docker will copy the files in the source path directory to this directory

4. If the source file is an archive file (compressed file), docker will automatically decompress it

The "URL" download and decompression features cannot be used together. Any compressed file copied through the URL will not be automatically decompressed

(9) COPY source file/directory target file/directory
Only copy the file/directory on the local host. Copy to the target location, the source file/directory should be in the same directory as the Dockerfile

(10) VOLUME ["directory"]
creates a mount point in the container

(11) USER username/UID
specifies the user when running the container

(12) WORKDIR path
Specifies the working directory for subsequent RUN, CMD, and ENTRYPOINT

(13) ONBUILD command
• Specifies the command to run when the generated image is used as a base image

• When the ONBUILD instruction is added to a Dockerfile, this instruction will not have a substantial impact on the use of the Dockerfile to build an image (such as an A image)

• However, when writing a new Dockerfile to build a mirror based on mirror A (for example, mirror B), the ONBUILD instruction in the Dockerfile for constructing mirror A will take effect. During the process of building mirror B, The instruction specified by the ONBUILD instruction will be executed first, and then other instructions will be executed

(14 ) HEALTHCHECK
health check

When writing a Dockerfile, there is a strict format to follow:

●The first line must use the FROM command to indicate the name of the image based on

●Then use the MAINTAINER command to describe the user information for maintaining the image

●Then there are instructions related to image operation, such as RUN instruction. Every time an instruction is run, a new layer is added to the base image

● Finally, use the CMD command to specify the command operation to be run when the container is started

Five, Dockerfile case

cd /opt/
#建立工作目录
mkdir /opt/apache
cd apache/
 
vim Dockerfile
#基于的基础镜像
FROM centos:7
#维护镜像的用户信息
MAINTAINER this is apache image <ly>
#镜像操作指令安装Apache软件
RUN yum install -y httpd
#开启80端口
EXPOSE 80
#复制网站首页文件
ADD index.html /var/www/html/
 
##方法一：
-----------------------------------------------------------------------------
#将执行脚本复制到镜像中
ADD run.sh /run.sh
RUN chmod +x /run.sh
#启动时执行脚本
CMD ["/run.sh"]
-----------------------------------------------------------------------------
 
##方法二：
-----------------------------------------------------------------------------
ENTRYPOINT [ "/usr/sbin/apachectl" ]
CMD ["-D","FOREGROUND"]
————————————————
 
##准备执行脚本
vim run.sh
#!/bin/bash
rm -rf /run/httpd/*                         #清理httpd的缓存
/usr/sbin/apachectl -D FOREGROUN            #指定为前台运行
#因为Docker容器仅在它的1号进程(PID为1) 运行时，会保持运行。如果1号进程退出了，Docker容 器也就退出了。
 
//准备网站页面
echo "this is test dockerfile web" > index.html
 
//生成镜像
docker build -t httpd:centos7 .             #注意！！！末尾的“.”不要忘记
 
//新镜像运行容器
docker run -d -p 1314:80 httpd:centos7              #大写P随机端口，小写P指定端口
 
//浏览器访问测试
http://192.168.229.90:1314