A data volume is a special directory used by containers, located within the container. The directory of the host machine can be mounted on the data volume, and the modification operation on the data volume can be seen immediately, and updating the data will not affect the image, so as to realize the migration of data between the host machine and the container. The use of data volumes is similar to the mount operation on directories under Linux.

docker pull centos:7

#宿主机目录/var/www 挂载到容器中的/data1。
#注意：宿主机本地目录的路径必须是使用绝对路径。如果路径不存在，Docker会自动创建相应的路径。
docker run -v /var/www:/data1 --name web1 -it centos:7 /bin/bash			
#-v 选项可以在容器内创建数据卷
ls
echo "this is web1" > /data1/abc.txt
exit

#返回宿主机进行查看
cat  /var/www/abc.txt

1.2 Data volume container

If you need to share some data between containers, the easiest way is to use a data volume container. The data volume container is an ordinary container that provides data volumes for other containers to mount and use.

#创建一个容器作为数据卷容器
docker run --name web2 -v /data1 -v /data2 -it centos:7 /bin/bash
echo "this is web2" > /data1/abc.txt
echo "THIS IS WEB2" > /data2/ABC.txt

#使用 --volumes-from 来挂载 web2 容器中的数据卷到新的容器
docker run -it --volumes-from web2 --name web3 centos:7 /bin/bash
cat /data1/abc.txt
cat /data2/ABC.txt

1.3 Port mapping

When starting the container, if the corresponding port is not specified, the service inside the container cannot be accessed through the network outside the container. The port mapping mechanism provides services in the container to external network access. In essence, it maps the port of the host to the container, so that the external network can access the service in the container by accessing the port of the host.

docker run -d --name test1 -P nginx					#随机映射端口（从32768开始）

docker run -d --name test2 -p 43000:80 nginx		#指定映射端口

docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                   NAMES
9d3c04f57a68   nginx     "/docker-entrypoint.…"   4 seconds ago    Up 3 seconds    0.0.0.0:43000->80/tcp   test2
b04895f870e5   nginx     "/docker-entrypoint.…"   17 seconds ago   Up 15 seconds   0.0.0.0:49170->80/tcp   test1

1.4 Container interconnection (using centos image)

Container interconnection is to establish a dedicated network communication tunnel between containers through container names. To put it simply, a tunnel will be established between the source container and the receiving container, and the receiving container can see the information specified by the source container.

#创建并运行源容器取名web1
docker run -itd -P --name web1 centos:7 /bin/bash	
	
#创建并运行接收容器取名web2，使用--link选项指定连接容器以实现容器互联
docker run -itd -P --name web2 --link web1:web1 centos:7 /bin/bash			#--link 容器名:连接的别名

#进web2 容器， ping web1
docker exec -it web2 bash
ping web1

2. Creation of Docker image (three modes)

There are three ways to create a mirror, namely creating based on an existing mirror, creating based on a local template, and creating based on a Dockerfile.

2.1 Create based on an existing image

(1) First start a mirror and make changes in the container

docker create -it centos:7 /bin/bash

(2) Then submit the modified container as a new image, and you need to use the ID number of the container to create a new image

docker commit -m "new" -a "centos" 000550eb36da centos:test

Common options:

-m description information;

-a author information;

-p Stop the container from running during build.

2.2 Create based on local template

The image can be generated by importing the operating system template file, the template can be downloaded from the OPENVZ open source project, the download address is http://openvz.org/Download/template/precreated

wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz

#导入为镜像
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test

2.3 Created based on Dockerfile

2.3.1 Union File System (UnionFS)

UnionFS (Union File System): Union File System (UnionFS) is a layered, lightweight and high-performance file system that supports modifications to the file system as a single submission to superimpose layer by layer, while different The directory is mounted under the same virtual file system. AUFS, OverlayFS, and Devicemapper are all types of UnionFS.

The Union filesystem is the basis for Docker images. Images can be inherited through layers. Based on the base image (without a parent image), various specific application images can be made.

Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose the file systems of all layers, so that the final file system will contain all underlying files and directories.

2.3.2 Image loading principle

Docker's image is actually composed of layer-by-layer file systems , and this layer of file systems is UnionFS.

Bootfs mainly includes bootloader and kernel. The bootloader is mainly used to guide and load the kernel. When Linux starts, it will load the bootfs file system.

At the bottom of the Docker image is bootfs, which is the same as our typical Linux/Unix system, including the boot loader and kernel. When the boot loading is complete, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel. At this time, the system will also uninstall the bootfs.

rootfs , on top of bootfs. It contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. Rootfs is a variety of different operating system distributions, such as Ubuntu, Centos and so on.

We can understand that there is nothing in the kernel at the beginning, and a command is used to download debian, and then a layer of basic image will be added to the kernel; and then an emacs will be installed, and a layer of image will be superimposed on the basic image; and then another one will be installed Apache will superimpose another layer of image on top of images. In the end they look like a filesystem i.e. the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, at this time, each layer of rootfs is read-only, and we cannot operate it at this time. When we create a container, that is, instantiate the Docker image, the system will allocate a layer of empty read-write rootfs on top of one or more layers of read-only rootfs.

2.3.3Dockerfile

The Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required by the container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc. ). Images do not contain any dynamic data, and their contents are not changed after they are built.

The customization of the image is actually to customize the configuration and files added by each layer. If we can write the commands of modification, installation, construction, and operation of each layer into a script, and use this script to build and customize the image, then the problems of transparency and volume of image construction will be solved. This script is the Dockerfile.

Dockerfile is a text file, which contains a series of instructions (Instruction), each instruction builds a layer, so the content of each instruction is to describe how the layer should be built. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on the Dockerfile and regenerate the image, saving the trouble of typing commands.

In addition to manually generating Docker images, you can use Dockerfile to automatically generate images. A Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux, and the Docker program will read the instructions in the Dockerfile to generate a specified image.

The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions, and execution instructions when the container starts. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports the use of comments starting with "#".

2.3.4 Layering of Docker image structure

An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image, and any file changes made in the running container will be written to this read-write layer. If the container is deleted, its top read-write layer is also deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of the image and the container layer of the readable and writable layer.

Each instruction in the Dockerfile creates a new image layer;

The image layer will be cached and reused;

When the instructions of the Dockerfile are modified, the copied file changes, or the variables specified when building the image are different, the corresponding image layer cache will become invalid;

If the mirror cache of a certain layer is invalid, the cache of the mirror layer after it will be invalid;

Image layers are immutable. If you add a file in one layer and then delete it in the next layer, the file will still be included in the image, but the file will not be visible in the Docker container.

2.3.5 Commonly used instructions for Dockerfile operations

(1) FROM image

Specifies the base image on which the new image is based. The first instruction must be a FROM instruction, and a FROM instruction is required for each image created

(2) MAINTAINER name

Indicates the maintainer information for the new image

(3) RUN command

Execute the command on the base mirror and commit to the new mirror cd cp

(4) ENTRYPOINT ["program to run", "parameter 1", "parameter 2"]

Set the command and its parameters to be run first when the container starts. The content of the ENTRYPOINT directive in the image can be overridden by using the command docker run --entrypoint.

ENTRYPOINT ["rm", "-rf", "/*"]

(5) CMD ["program to run", "parameter 1", "parameter 2"]

The above is exec form, shell form: CMD command parameter 1 parameter 2 The command or script executed by default when starting the container, Dockerfile can only have one CMD command. If multiple commands are specified, only the last command is executed. If a command is specified during docker run or there is an ENTRYPOINT in the image, then CMD will be overwritten. CMD can provide default parameters for the ENTRYPOINT command.

(6) EXPOSE port number

Specify the port EXPOSE 8090 to open when the new image is loaded into Docker

(7) ENV environment variable

Variable value Set the value of an environment variable, which will be used by subsequent RUN

linxu PATH=$PATH:/opt

ENV PATH $PATH:/opt

(8) ADD source file/directory target file/directory

Copy the source file to the mirror, the source file should be located in the same directory as the Dockerfile, or a URL with the following precautions:

1. If the source path is a file and the target path ends with /, docker will treat the target path as a directory and copy the source file to this directory. If the target path does not exist, it will be created automatically. /home/ky26/zhaichen.txt /home/ky26/

2. If the source path is a file and the target path does not end with /, docker will treat the target path as a file. If the target path does not exist, a file will be created with the name of the target path, and the content is the same as the source file; if the target file exists, it will be overwritten with the source file, of course, only the content is overwritten, and the file name is still the target file name. If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case it is better to end the display with a / to avoid confusion. AB /home/ky26 /home/ky26

3. If the source path is a directory and the target path does not exist, docker will automatically create a directory with the target path and copy the files in the source path directory. If the target path is an existing directory, docker will copy the files in the source path directory to this directory.

4. If the source file is an archive file (compressed file), docker will automatically decompress it. The URL download and decompression features cannot be used together. Any compressed files copied by URL will not be automatically decompressed.

(9) COPY source file/directory target file/directory

Only copy the files/directories on the local host to the target location, the source files/directories should be in the same directory as the Dockerfile

(10) VOLUME ["directory"]

Create a mount point in the container

(11) USER username/UID

Specify the user when running the container

(12) WORKDIR path /home

Specify the working directory for subsequent RUN, CMD, ENTRYPOINT

(13) ONBUILD command

Specifies the command to run when the generated image is used as a base image. When the ONBUILD instruction is added to a Dockerfile, the instruction will not have a substantial impact on using the Dockerfile to build an image (such as an A image). But when writing a new Dockerfile to build a mirror based on the A mirror (such as a B mirror), the ONBUILD command in the Dockerfile that constructs the A mirror will take effect at this time. In the process of building the B mirror, it will first execute The instructions specified by the ONBUILD instruction are executed before other instructions are executed.

OBuild rm - rf /*

Note: If you have other dockerfiles in production, please read them by yourself, otherwise you will pay for the consequences

(14) HEALTHCHECK health check

2.3.6 When writing a Dockerfile, there is a strict format to follow:

The first line must use the FROM command to indicate the name of the image it is based on;

Then use the MAINTAINER command to describe the user information for maintaining the image;

Then there are instructions related to mirroring operations, such as the RUN instruction. Every time an instruction is run, a new layer is added to the base image.

Finally use the CMD directive to specify the command action to run when the container is started.

3. Dockerfile case

#建立工作目录
mkdir  /opt/apache
cd  /opt/apache

vim Dockerfile
#基于的基础镜像
FROM centos:7
#维护镜像的用户信息
MAINTAINER this is apache image <hmj>
#镜像操作指令安装apache软件
RUN yum -y update
RUN yum -y install httpd
#开启 80 端口
EXPOSE 80
#复制网站首页文件
ADD index.html /var/www/html/index.html
//方法一：
#将执行脚本复制到镜像中
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#启动容器时执行脚本
CMD ["/run.sh"]
//方法二：
ENTRYPOINT [ "/usr/sbin/apachectl" ]
CMD ["-D", "FOREGROUND"]


//准备执行脚本
vim run.sh
#!/bin/bash
rm -rf /run/httpd/*							#清理httpd的缓存
/usr/sbin/apachectl -D FOREGROUND			#指定为前台运行
#因为Docker容器仅在它的1号进程（PID为1）运行时，会保持运行。如果1号进程退出了，Docker容器也就退出了。

//准备网站页面
echo "this is test web" > index.html

//生成镜像
docker build -t httpd:centos .   		#注意别忘了末尾有"."

//新镜像运行容器
docker run -d -p 1216:80 httpd:centos

//测试
http://192.168.80.10:1216/


########如果有网络报错提示########
[Warning] IPv4 forwarding is disabled. Networking will not work.

解决方法：
vim /etc/sysctl.conf
net.ipv4.ip_forward=1

sysctl -p
systemctl restart network
systemctl restart docker

Why is the size of centos in Docker only 200M?

Because for a streamlined OS, the rootfs can be very small, and only needs to contain the most basic commands, tools, and program libraries. Because the underlying layer directly uses the kernel of the host machine, you only need to provide the rootfs. It can be seen that for different Linux distributions, the bootfs is basically the same, and the rootfs will be different, so different distributions can share the bootfs.

Docker data management and Dockerfile

1. Docker data management

1.1 Data volume