Preface
So the blogger here has some columns full of useful information!
The first is a summary of the blogger's high-quality blogs. The blogs in this column are all written by the blogger with the most care. They are full of useful information. I hope it will be helpful to everyone.
Then there is the column that the blogger spends the most time on recently, "Docker from Realization to Practice to Underlying Principles". I hope everyone will pay more attention to it!
Chapter 4-Mirror Warehouse
concepts and architecture
The Docker Registry is responsible for storing, managing, and distributing images, and provides login authentication capabilities to establish an index for the warehouse.
The mirror warehouse manages multiple Repositories, and the Repositories are distinguished by naming. Each Repository contains one or more images, which are distinguished by image names and tags. The overall view is as follows.
Registry: From which mirror warehouse to pull the image, a mirror warehouse is usually determined by DNS or IP address, such ashub.docker.com
There can be multiple Repositories in a Registry. Repository can be divided into "top-level warehouse" and "user warehouse"; the user warehouse name format is "user name/warehouse name". Each warehouse can contain multiple Tags (tags), and each tag Corresponds to a mirror
Repository: A mirror warehouse image name (name) + tag (tag) consisting of all iterative versions of a specific .docker image: such as nginx:latest
Authentication capabilities: Provide user registration, login, and logout capabilities
Index: Provides index information of the image to facilitate retrieval.
A container image contains two parts. One is metadata, which is actually a description file built by dockerfile. This description file will tell you how many layers the container image has, what is in each layer, and its checksum. Record it, and where the final executable file is is in the stored data, which is in blobs one by one. It is these blobs that really occupy space.
Classification and working mechanism of mirror warehouse
Divided according to whether it is open to the outside world
- Public warehouses: Like Alibaba Cloud and Dockerhub, these warehouses are placed on the public network, allowing images to be downloaded without logging in, and providing services to a wide range of users.
- Private warehouses: These warehouses are not open to the public and are usually located on a private network and can only be accessed and used by employees within the company.
By supplier and target group
- Sponsor Registry: This is a third-party registry for customers and Docker Community Edition users.
- Mirror Registry: This is a third-party registry that can only be accessed by registered users. For example, it can only be used after registering with Alibaba Cloud.
- Vendor Registry: A registry service provided by vendors that publish Docker images. For example, Google and Redhat provide such image repositories.
- Private Registry: This is a registry provided by an internal entity, without firewalls and additional layers of security, for internal use only.
Warehouse use
Mirror warehouse usage process
- Log in to the warehouse through docker login
- Docker pull pulls the required image
- After making the image through dockerfile or commit, upload it to the warehouse through docker push.
Repository pull mechanism
When starting a container, the docker daemon will try to obtain the relevant image locally. When the local image does not exist, it will download the image from the Registry and save it locally.
Commonly used mirror warehouses
docker hub
- https://hub.docker.com
Dockerhub is the largest mirror warehouse in the world. Basically, you can find everything you want here.
Then we can search for the image we want.
Then there are two types, one is a certified image and the other is a community image. It is generally recommended to use certified ones, which are more reliable.
Mirror warehouse command
Order | alias | Function |
---|---|---|
docker login | Log in to the warehouse | |
docker pull | docker image pull | pull image |
docker push | docker image push | push warehouse |
docker serach | Find a warehouse | |
docekr logout | Log out of warehouse |
How to learn a command.
The first method.
docker [命令名称] --help
[root@ALiCentos7:~]$ docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a registry.
If no server is specified, the default is defined by the daemon.
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
[root@ALiCentos7:~]$
The second way.
User manual on the website.
- https://docs.docker.com/
docker login
Log in to a Docker image warehouse. If the image warehouse address is not specified, it defaults to the official warehouse Docker Hub.
docker login [OPTIONS] [SERVER]
-u :登陆的用户名
-p :登陆的密码
docker login -u 用户名 -p 密码
Before that, we need to register an account on the docker official website.
docker pull
Pull or update the specified image from the image warehouse.
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
-a : 拉取所有 tagged 镜像
--disable-content-trust : 忽略镜像的校验,默认开启
docker pull nginx:1.25.2
Of course, you can also download using this ID.
docker pull nginx@sha256:48a84a0728cab8ac558f48796f901f6d31d287101bc8b317683678125e0d2d35
That's it.
docker push
docker push [OPTIONS] NAME[:TAG]
-a : 推送所有 tagged 镜像
--disable-content-trust : 忽略镜像的校验, 默认开启
Push the local image to the image warehouse.
In fact, the understanding of these concepts is very similar to Git.
We have downloaded a warehouse in the previous section, can we push it directly?
[root@ALiCentos7:~]$ docker push nginx:1.25.2
The push refers to repository [docker.io/library/nginx]
563c64030925: Layer already exists
6fb960878295: Layer already exists
e161c3f476b5: Layer already exists
8a7e12012e6f: Layer already exists
d0a62f56ef41: Layer already exists
4713cb24eeff: Layer already exists
511780f88f80: Layer already exists
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
[root@ALiCentos7:~]$
We definitely don’t have this permission. How can we push our own warehouse to the nginx organization?
We can push it to our own warehouse.
In fact, it is the same as Github.
First create a warehouse.
However, we still need to change the tag of our local image, and we cannot use someone else’s tag nginx
.
docker tag nginx:1.25.2 yufcbagpack/my-bit-nginx:1.25.2
[root@ALiCentos7:~]$ docker push yufcbagpack/my-bit-nginx:1.25.2
The push refers to repository [docker.io/yufcbagpack/my-bit-nginx]
563c64030925: Mounted from library/nginx
6fb960878295: Mounted from library/nginx
e161c3f476b5: Mounted from library/nginx
8a7e12012e6f: Mounted from library/nginx
d0a62f56ef41: Mounted from library/nginx
4713cb24eeff: Mounted from library/nginx
511780f88f80: Mounted from library/nginx
1.25.2: digest: sha256:48a8xxxxxcab8ac558f48796f901f6dxxxxxx317683678125e0d2d35 size: 1778
[root@ALiCentos7:~]$
This completes the push.
This way we can see it remotely.
docker search
Find the desired image from docker hub.
docker search [OPTIONS] TERM
--no-trunc : 显示完整的镜像描述
-f <过滤条件> : 列出收藏数不小于指定值的镜像
I found a lot related to nginx.
At work, I usually don’t search here. It’s definitely more convenient to go to the official website and search directly. If you find something suitable, just pull it.
docker logout
docker logout [SERVER]
Mirror related commands (part)
Because we will temporarily use some mirroring-related commands later in the study, we will learn a little bit here first.
We will learn more about mirroring-related commands later.
docker images
List local mirrors.
docker images[OPTIONS] [REPOSITORY[:TAG]]
some aliases.
docker image list
docker image ls
some parameters.
-a : 列出本地所有的镜像(含中间映像层,默认情况下,过滤掉中间映像层);
--digests : 显示镜像的摘要信息;
-f : 显示满足条件的镜像;
--format : 指定返回值的模板文件;
--no-trunc : 显示完整的镜像信息;
-q : 只显示镜像 ID。
Here are some examples.
Please see the documentation for specific usage.
At the same time, docker commands can be used in conjunction with shell commands.
docker images | grep nginx
docker image inspect
View details of an image.
docker image inspect nginx:1.25.2
You can also use ID.
docker tag
Mark the local image and classify it into a certain warehouse.
Nginx understand
A web server.
- http://t.csdn.cn/HbaDD
Install Nginx on Centos7
Check if Nginx is present on the system
(base) [yufc@ALiCentos7:~]$ ps -ef | grep nginx
yufc 32437 32299 0 09:26 pts/0 00:00:00 grep --color=auto nginx
(base) [yufc@ALiCentos7:~]$ nginx
bash: nginx: command not found
(base) [yufc@ALiCentos7:~]$
After inspection, there is no such thing. If so, you can choose to uninstall nginx first and then reinstall it.
Uninstall Nginx
If it is installed through the yum source, it is very simple and straightforward yum remove nginx
.
Install Nginx
centos configure nginx source
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
(base) [yufc@ALiCentos7:~]$ sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0el7.ngx.noarch.rpm
[sudo] password for yufc:
Retrieving http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
warning: /var/tmp/rpm-tmp.YwES4G: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:nginx-release-centos-7-0.el7.ngx ################################# [100%]
(base) [yufc@ALiCentos7:~]$
(base) [yufc@ALiCentos7:~]$ ll /etc/yum.repos.d/
total 40
-rw-r--r-- 1 root root 675 Apr 27 23:11 CentOS-Base.repo
-rw-r--r-- 1 root root 998 Dec 11 2018 CentOS-SCLo-scl.repo
-rw-r--r-- 1 root root 971 Oct 29 2018 CentOS-SCLo-scl-rh.repo
-rw-r--r-- 1 root root 2099 Sep 1 19:52 docker-ce.repo
-rw-r--r-- 1 root root 230 Apr 27 23:11 epel.repo
-rw-r--r-- 1 root root 1358 Sep 5 2021 epel.repo.rpmnew
-rw-r--r-- 1 root root 1457 Sep 5 2021 epel-testing.repo
-rw-r--r-- 1 root root 1838 Apr 27 2017 mysql-community.repo
-rw-r--r-- 1 root root 1885 Apr 27 2017 mysql-community-source.repo
-rw-r--r-- 1 root root 113 Jul 15 2014 nginx.repo
(base) [yufc@ALiCentos7:~]$
Configure cache to speed up downloads
yum makecache
download nginx
sudo yum install -y nginx
Download completed
(base) [yufc@ALiCentos7:~]$ nginx -v
nginx version: nginx/1.24.0
(base) [yufc@ALiCentos7:~]$
Start nginx
(base) [yufc@ALiCentos7:~]$ systemctl start nginx
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
(base) [yufc@ALiCentos7:~]$
The default configuration of Nginx on the machine
There is also default.conf
a lot of important information in this.
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html; # 这里表示了nginx这个服务的首页
index index.html index.htm;
}
#error_page 404 /404.html; # 这个是404的html
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
location / {
root /usr/share/nginx/html; # 这里表示了nginx这个服务的首页
index index.html index.htm;
}
We can go into this directory and take a look.
Container related commands (part)
Because we will temporarily use some container-related commands later in the study, we will learn a little bit here first.
We will learn more about container-related commands later.
docker run
Create a new container and run a command.
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Important parameters
-d : 后台运行容器,并返回容器 ID;
-i : 以交互模式运行容器,通常与 -t 同时使用;
-P : 随机端口映射,容器内部端口随机映射到主机的端口
-p : 指定端口映射
-t : 为容器重新分配一个伪输入终端,通常与 -i 同时使用;
--name="nginx-lb" : 为容器指定一个名称;
-h "mars" : 指定容器的 hostname;
-e username="ritchie" : 设置环境变量;
--cpuset-cpus="0-2" or --cpuset-cpus="0,1,2" : 绑定容器到指定 CPU 运行;
-m : 设置容器使用内存最大值;
--network="bridge" : 指定容器的网络连接类型;
--link=[] : 添加链接到另一个容器;
--volume , -v : 绑定一个卷
--rm : shell 退出的时候自动删除容器
We want to use a centos7 container to run this docker run on this machine.
So first download a centos7 on dockerhub.
If docker run
you don't take any parameters, you will find nothing.
[root@ALiCentos7:~]$ docker run centos:7
[root@ALiCentos7:~]$
Because you did not give commands to interact with this container.
docker ps
You can view all running containers.
docker ps -a
You can view all created containers.
Here we can see that our container was created but exited.
So without parameters, docker run
without parameters, it will run by default /bin/bash
.
-d parameter
Run the container in the background and return the container ID.
If it is running in the background, ^c
it will not stop when we press it.
-t, -i, -it parameters
-t: Reassign a pseudo input terminal to the container, usually used together with -i;
-i: Run the container in interactive mode, usually used together with -t;
-P, -p parameter
Let’s take a look at this command first.
docker run -d -p 80:80 nginx:1.24.0
-
-P: Random port mapping, the container’s internal port is randomly mapped to the host’s port
-
-p: Specify port mapping
This means, start an nginx container! -p
Represents the mapped port.
80:80
Indicates that port 80 of the host is mapped to port 80 of the nginx container.
An error is reported: The port is occupied. Why is this?
It's because our host has already started an nginx.
[root@ALiCentos7:~]$ netstat -nltp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 693/nginx: master p
[root@ALiCentos7:~]$
So instead of using port 80 of the host, we use port 8081.
[root@ALiCentos7:~]$ docker run -d -p 8081:80 nginx:1.24.0
1c737416845472f193c3f402f7de62808e88a8781d0508a001f87ee99de5298e
[root@ALiCentos7:~]$
-P will randomly assign a port to us.
Using -p will do more.
–name parameter and -h parameter
--name="nginx-lb" : 为容器指定一个名称;
-h "mars" : 指定容器的 hostname;
-e username="ritchie" : 设置环境变量;
The name at this time is no longer random.
If we don't specify the host name, hostname
it will be random.
Add environment variables.
–cpuset-cpus and -m parameters
--cpuset-cpus="0-2" or --cpuset-cpus="0,1,2" : 绑定容器到指定 CPU 运行;
-m : 设置容器使用内存最大值;
–link[]
Add a link to another container.
–rm
If this container exits, it will be automatically cleaned up.
docker ps
List containers.
docker ps [OPTIONS]
Alias.
docker container ls
docker container list
docker container ps
parameter.
-a : 显示所有的容器,包括未运行的
-f : 根据条件过滤显示的内容
--format : 指定返回值的模板文件。如json 或者 table
-l : 显示 latest 的容器
-n : 列出最近创建的n 个容器。
-no-trunc : 不截断输出。
-g : 静默模式,只显示容器编号
-s : 显示总的文件大小