Docker installation and basic operations of image containers

1. Docker overview

1. The concept of Docker

• Docker is an open source application container engine, developed based on the go language and following the apache2.0 protocol open source

• Docker is an open source tool for running applications in Linux containers, a lightweight "virtual machine"

• Docker's container technology makes it easy to create a lightweight, portable, self-sufficient container for any application on a single host

Docker's logo is designed as a blue whale, dragging many containers

Whales can be seen as hosts, and containers can be understood as isolated containers, each of which contains its own application

Docker's design purpose: Build, Ship and Run Any App, Anywhere,

That is, through the management of the life cycle of application components such as encapsulation, release, deployment, and operation, the goal of "encapsulate once and run everywhere" at the application component level is achieved. The components here can be either an application, a set of services, or even a complete operating system

2. Advantages of containers

Containerization is gaining popularity because containers are:

Flexible: Even the most complex applications can be containerized.
Lightweight: Containers utilize and share the host kernel.
Interchangeable: Updates and upgrades can be deployed on the fly.
Portable: Can be built locally, deployed to the cloud, and run anywhere.
Scalable: Container replicas can be increased and automatically distributed.
Stackable: Servings can be stacked vertically and instantly.

3. The difference between container and virtual machine

The container runs natively on linux and shares the host's kernel with other containers. It runs an independent process and does not occupy the memory of any other executable files. It is very lightweight.

A virtual machine runs a completed operating system and requires virtual access to host resources through a hypervisor, which requires more resources in comparison.

4. The container supports two important technologies in the kernel

The essence of docker is a process of the host machine. Docker implements resource isolation through namespace, resource limitation through cgroup, and efficient file operation through copy-on-write technology (similar to virtual machine disks, such as allocating 500g It does not actually take up 500g of the physical disk).

5. Docker core concept

1) Mirroring
Docker images are the basis for creating containers, similar to virtual machine snapshots, which can be understood as a read-only template for the Docker container engine.

Start a container with an image, an executable package that includes everything needed to run an application including code, runtime, libraries, environment variables, and configuration files.

2) Container
Docker's container is a running instance created from an image, which can be started, stopped and deleted. Each container created is isolated and invisible to each other to ensure the security of the platform.

The container can be regarded as a simple version of the Linux environment (including root user rights, mirror space, user space and network space, etc.) and the applications running in it.

3) Warehouse
The Docker warehouse is used to centrally store images. After creating your own image, you can use the push command to upload it to a public warehouse (Public) or a private warehouse (Private). The next time you want to use this image on another machine, just get it from the repository.

Docker images, containers, logs, etc. are all stored in the /var/lib/docker directory by default.

Two, Docker installation

1. Docker installation steps

目前 Docker 只能支持 64 位系统。
 
systemctl stop firewalld.service
setenforce 0
 
#安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
--------------------------------------------------------------------------------------------
yum-utils：提供了 yum-config-manager 工具。
device mapper： 是Linux内核中支持逻辑卷管理的通用设备映射机制，
                它为实现用于存储资源管理的块设备驱动提供了一个高度模块化的内核架构。
device mapper存储驱动程序需要 device-mapper-persistent-data 和 lvm2。
--------------------------------------------------------------------------------------------
 
#设置阿里云镜像源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
 
#安装 Docker-CE并设置为开机自动启动
yum install -y docker-ce
 
systemctl start docker.service
systemctl enable docker.service
 
#查看 docker 版本信息
docker version　

2. Example operation: install docker

2.1 Turn off the firewall

2.2 Install dependent packages

2.3 Set up Alibaba Cloud image source and install Docker-CE and set it to start automatically when booting (use online source installation)

2.4 View docker version information

3. Docker image operation

1. Search mirror

格式：docker search 关键字
docker search nginx

2. Obtain the image

格式：docker pull 仓库名称[:标签]
#如果下载镜像时不指定标签，则默认会下载仓库中最新版本的镜像，即选择标签为 latest 标签。
docker pull nginx

3. Mirror accelerated download

Browser access https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors to get mirror accelerator configuration

mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://1fam3t0i.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker

4. View image information

After the image is downloaded, it is stored in /var/lib/docker
4.1 View the information of the downloaded image file

cat /var/lib/docker/image/overlay2/repositories.json

4.2 View all images downloaded locally

docker images
 
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest ae2feff98a0c 9 days ago 133MB
--------------------------------------------------------------------------------------------
REPOSITORY：镜像属于的仓库；
TAG：镜像的标签信息，标记同一个仓库中的不同镜像；
IMAGE ID：镜像的唯一ID 号，唯一标识一个镜像；
CREATED：镜像创建时间；
VIRTUAL SIZE：镜像大小；
---------------------------------------------------------------------------------------

5. According to the unique identification ID number of the image, obtain the detailed information of the image

格式：docker inspect 镜像ID号
docker inspect ae2feff98a0c

6. Add a new label to the local image

格式：docker tag 名称:[标签] 新名称:[新标签]
docker tag nginx:latest nginx:web
 
docker images | grep nginx

7. Delete the mirror image

格式：
docker rmi 仓库名称:标签  #当一个镜像有多个标签时，只是删除其中指定的标签
或者
docker rmi 镜像ID号    #会彻底删除该镜像
 
注意：如果该镜像已经被容器使用，正确的做法是先删除依赖该镜像的所有容器，再去删除镜像。
 
docker rmi nginx:web

8. Save image: save the image as a local file

格式：docker save -o 存储文件名 存储的镜像
docker save -o nginx nginx:latest   #存出镜像命名为nginx存在当前目录下
ls -lh

9. Load image: import the image file into the image library

格式：
docker load < 存出的文件
或者
docker load -i 存出的文件
 
docker load < nginx

10. Upload image

By default, it is uploaded to the official public warehouse of docker hub, and an account to use the public warehouse needs to be registered. https://hub.docker.com
can use the docker login command to enter the user name, password and email to complete registration and login.
Before uploading the image, you need to add a new label to the local image, and then use the docker push command to upload.

docker tag nginx:web ly08/nginx:web #添加新的标签
docker login    #登录公共仓库
Username：
password：
docker push ly08/nginx:web  #上传镜像

4. Docker container operation

1. Container creation: the process of loading the image into the container

The newly created container is in the stopped state by default and does not run any programs. A process needs to be initiated in it to start the container

The docker create command can create containers based on images.

The effect of this command is similar to docker run -d, which creates a container that will run in the background of the system.

However, unlike docker run -d, the container created by docker create is not actually started, and the docker start command or docker run command needs to be executed to start the container.

In fact, the docker create command is often used to do the necessary setup before starting the container.

格式：docker create [选项] 镜像
常用选项：
-i：让容器的输入保持打开
-t：让 Docker 分配一个伪终端
 
docker create -it nginx:latest /bin/bash

Notes:

-it is equal to -i and -t. The function of these two parameters is to create a pseudo-terminal for the docker, so that you can enter the interactive mode of the container (that is, directly enter the container)

The role of /bin/bash in the back is to run bash after loading the container. A process must be kept running in docker, otherwise the entire container will kill itself immediately after starting. This /bin/bash means start after starting the container bash

2. View the running status of the container

docker ps -a    #-a 选项可以显示所有的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8b0a7be0ff58 nginx:latest "/docker-entrypoint.…" 57 seconds ago Created inspiring_swanson
 
容器的ID号  加载的镜像 运行的程序 创建时间 当前的状态 端口映射 名称

3. Start the container

格式：docker start 容器的ID/名称
docker start 8b0a7be0ff58
docker ps -a

4. Create and start the container

You can directly execute the docker run command, which is equivalent to executing the docker create command first and then the docker start command.

Note: The container is a terminal that coexists with the shell command running in it. The command runs the container to run, and the command ends the container to exit.

When using docker run to create a container, the standard running process of Docker in the background is:

(1) Check whether the specified image exists locally. When the mirror does not exist, it will be downloaded from the public repository;

(2) Create and start a container using the image;

(3) Assign a file system to the container, and mount a read-write layer outside the read-only image layer;

(4) Bridge a virtual machine interface from the bridge interface configured on the host host to the container;

(5) Assign an IP address in the address pool to the container;

(6) Execute the application program specified by the user, and the container will be terminated after the execution is completed.

docker run centos:7 /usr/bin/bash -c ls /
docker ps -a    #会发现创建了一个新容器并启动执行一条 shell 命令，之后就停止了

5. Continuously run the container created by docker run in the background

You need to add the -d option after the docker run command to make the Docker container run in the background as a daemon. And the program running in the container cannot end.

docker run -d centos:7 /usr/bin/bash -c "while true;do echo hello;done"
 
docker ps -a    #可以看出容器始终处于 UP，运行状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2592d3fad0fb centos:7 "/usr/bin/bash -c 'w…" 2 seconds ago Up 2 seconds peaceful_chatelet
 
docker run -itd --name test1 centos:7 /bin/bash   #给容器重命名，并以守护形式在后台运行

6. Terminate the container running

Format: docker stop/kill container ID/name

stop: Stop the container, you can give the container a waiting time to prevent data loss.

kill: Immediately forcibly stop a container (equivalent to the linux command kill -9), it will not give the container reaction time, which may cause data loss

格式：docker stop 容器的ID/名称
docker stop 2592d3fad0fb
 
docker ps -a

7. Entry of the container

When you need to enter the container for command operations, you can use the docker exec command to enter the running container.

格式：docker exec -it 容器ID/名称 /bin/bash
-i 选项表示让容器的输入保持打开；
-t 选项表示让 Docker 分配一个伪终端。
 
docker start 2592d3fad0fb   #进入容器前，确保容器正在运行
docker exec -it 2592d3fad0fb /bin/bash
ls
exit    #退出容器后，容器仍在运行
docker ps -a

8. Import the file from the host machine into the container

docker ps -a                                               #先获取需要导入到的容器ID，然后重新开一个终端
 
另一个终端上操作
echo "this is test file" >> 123.txt                   #创建测试文件
docker cp 123.txt cef59022a4dd:/opt                 #将测试文件导入到容器内后到容器内的/opt目录下查看

9. Export and import of containers

Users can migrate any Docker container from one machine to another. During the migration process, you can use the docker export command to export the created container as a file, regardless of whether the container is running or stopped. The export file can be transferred to other machines, and the migration of the container can be realized through the corresponding import command.

#导出格式：docker export 容器ID/名称 > 文件名
docker export 2592d3fad0fb > centos7.tar
 
#导入格式：cat 文件名 | docker import – 镜像名称:标签
cat centos7.tar | docker import - centos7:test  #导入后会生成镜像，但不会创建容器

10. Delete the container

格式：docker rm [-f] 容器ID/名称
docker stop 2592d3fad0fb
docker rm 2592d3fad0fb  #删除已经终止状态的容器
 
docker rm -f 2592d3fad0fb   #强制删除正在运行的容器
 
docker ps -a | awk 'NR>=2{print "docker stop "$1}' | bash    #批量停止容器
 
docker ps -a | awk 'NR>=2{print "docker rm "$1}' | bash  #批量删除所有容器
 
docker images | awk 'NR>=2{print "docker rmi "$3}' | bash    #批量删除镜像

10.1 Delete container and force delete container


10.2 Batch stop and delete container