Use of Docker containers
Preface
——————————————————————————————————————
This article is based on installing docker on the Linux centos7 system, using terminal simulation Software xshell, if you need an installation tutorial, you can visit my previous blog
to download VMware, install and create a virtual machine.
VMware installs Centos7. The ultimate step-by-step detailed graphic process. The
previous section contains
a zero-based introduction to Docker - 1. Docker installation and mirroring. use
1.Start the container
Without further ado, let’s get to the topic.
I will temporarily divide the startup of docker container into three ways:
- Foreground startup
First of all, I now have two images (the startup of docker containers is based on mirroring).
Let’s take tomcat as an example. Start tomcat in the foreground and enter the command
docker run tomcat:8.5.20
The results are as follows. You will find that all tomcat startup logs are copied and printed on our console, and the cursor does not exit.
We press CTRL + C to move the cursor out, and check the status of the container and find that the container has exited.
Everyone knows that our docker as a container provides services, so it is unlikely to need to be started in the foreground, and the user experience is not very good. We don't care much about log content like this at startup. At most, we will go to the background to check some logs during service use. This method of startup is not recommended here. Moreover, the foreground is blocked when starting in this way, and the cursor does not exit. After the cursor exits, the container also exits.
- Restart
Restart is to start the stopped container again. The command is as follows
docker start container id
First we need to know the ID of the container. Check the following
. Okay, let's restart the container
. If the restart is successful, the ID of the started container will be returned by default. Let's check the status of the container.
In fact, the restart here is also a background startup. We start this in the background. I will talk about it in detail next. You still can’t access the tomcat started here on your local machine because it is an internal container. How to access it from the outside will be explained in detail later.
- Background startup (main use)
Let's start tomcat in the background now. You will find that its startup log will not be output directly on the console. Enter the command here. -d is the command parameter for our background operation.
docker run -d tomcat:8.5.20
In addition, the run method has many parameters, and you can also add commands after it. For example, our ubuntu will be started here and the output hello docker will be entered.
docker run ubuntu:16.04 /bin/echo “hello docker”
Of course, if you add -d here, you will not be able to see the output of hello docker, because it starts the output in the background. As for the parameters that can be followed by the run method, we will explain several commonly used and specific parameters later. You can check it with the command:
docker run --help
There are many commands, and they all
have explanations. You have probably already understood how to start a container. Let’s take a closer look at the container startup process. With just a run command, what operations do we perform on the docker engine in the background?
1. Check whether the specified image exists locally. If not, download it from the public warehouse
2. Create and start a container using the specified image
3. Allocate a file system and mount a read-write layer outside the read-only image layer
4 . Bridge a virtual interface from the bridge interface configured on the host host to the container (networking)
5. Configure an IP address from the address pool to the container
6. Execute the user-specified application (such as echo "hello docker")
7. After execution, the container is terminated
Ubuntu provides an image of the entire system, which is automatically closed after running. Because there is no specific continuous process, images such as tomcat that provide specific services will always run in the background. So how to prevent ubuntu from automatically closing after startup? Well, how to make the internal container tomcat service provided on our virtual machine be accessed externally, we will explain one by one later.
2. View the container
In fact, we have already used the command to view the container above. Here is a detailed explanation. Directly issue the
ps command to view the docker container information. However, by default, this command can only view the container that is starting. Add the -a parameter at the end. Can view all created containers
docker ps #View starting containers
docker ps -a #View all containers
As shown below, docker ps -a
and docker ps.
In addition, we can view the container ID separately and add the -q parameter.
docker ps -q #View the ID of the container being started
docker ps -aq #View the IDs of all containers
As shown below, we can also view the log of the container with docker ps -q
and docker ps -aq . The commands are as follows.
docker logs container id
Let’s check the log of tomcat that was started before.
In fact, the container has many attributes. The ps command only views some of the main attributes. We have a command to view the detailed attributes of docker.
docker inspect container id
Let’s take the tomcat container as an example.
There are a lot of attributes here. There are too many values. I can’t even take screenshots several times. So I’ll leave it like this for the time being. There are creation time, startup status, startup time, etc. There are also some less commonly used ones. There are too many. If you are interested, you can check out the information yourself.
3. Stopping and deleting containers
Because stopping and deleting here are relatively simple and the content is relatively small, they are explained together.
First, to stop the container, directly issue the command
docker stop container id
Here I stop the tomcat I just started
and then delete the container and run the command
docker rm container id…
Multiple container IDs can be used here, as shown in the figure.
There is no way to delete a running container using the above command. Let’s restart tomcat and try the above command again. The
prompt says that you cannot delete a running container. , you can add the -f parameter. What does the -f parameter do? Look at the help. It is used to close running containers. You can understand it as forced deletion , which deletes both started and unstarted containers.
Let's use it
docker rm -f containerid…
The deletion here was successful. Many classmates and I may be annoyed by this container ID now. We have to check it and copy it every time. But in fact, we have used the view command of the container ID above, so we can delete the container. To abbreviate,
docker rm -f $(docker ps -aq) #Delete all containers, regardless of status
docker rm -f $(docker ps -q) #Delete all running containers
Whether the container being started or all containers is deleted here mainly depends on what container ID is returned by the subsequent view command. Let's try two containers. One is starting and the other is stopped. As a result, all are deleted
.
4. Container entry and exit
We have learned about the background startup of the container before. How do we enter the container after the container is started in the background? If you need to modify some settings inside the container, such as the port of the tomcat service, you need to know how to enter the container. First, explain , in fact, when starting a container in the foreground, you can access the inside of the container by binding a pseudo terminal to the container input , that is, entering the container. Let's take a look at this command first.
docker run -t -i ubuntu:16.04 /bin/bash
-t → The parameter lets docker allocate a pseudo terminal and bind it to the input of the container
-i → keeps the standard input of the container open, which means maintaining user interaction status
/ bin/bash is an optional parameter for container startup, which is automatically called after the container starts.
Before we started ubuntu, it automatically shut down. This time we bound its input so that it would not shut down automatically. When we entered the command, we
found that we had left the terminal of our virtual machine and came to the container. Enter the terminal. At this time, we enter the command pwd to view the current directory, and use the ls command to view the contents of the directory.
It has been confirmed that we have entered the ubuntu operating system. We pressctrl + pqExit ( the first way for the container to exit ). When you come down, you can see that the container is still running, and you can see that under the COMMAND attribute is the command given when our container starts running.
The above is how to operate the input terminal of the container by binding the terminal. The following is an explanation of the officially provided method.
docker attach container id
Use the attach command to enter the container, let me add here, when I was in class before, the teacher said that this attach command would have problems when connecting multiple container terminals, and it is not recommended to use. I checked the reason, because when multiple windows attach to the same window at the same time , When a container is running, all windows will be displayed synchronously. If one of the windows is blocked, the other windows will also be blocked. The docker attach command can be said to be the most inconvenient method to enter the background docker container.
But you can still learn about the attach command
docker attach container id
You may not believe it. I waited for five minutes and there was no response. I pressed CTRL + C and found that it was in. I vomited blood.
Just go in and exit with the same ctrl + pq
. Now let’s talk about the method of entering the container recommended by the teacher. Use the nsenter tool to enter. , but it is quite troublesome, divided into several steps:
1. Download the linux nsenter tool
wget https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz
. Of course, you can download it and copy it to your In the virtual machine,
please add here (I use the mini version of centos7)
→ Error resolution wget: command not found
→ yum install wget -y
2. Install nsenter
to decompress
tar -xzvf util-linux-2.24.tar.gz
to the decompression directory
cd util-linux-2.24/
./configure --without-ncurses #Generate Makefile to prepare for the next compilation
make nsenter #Start compilation.
Add something here
→ Error resolution no acceptable C compiler found in $PATH
→ yum -y install gcc
sudo cp nsenter /usr/local/bin # After compilation is completed, copy nsenter for easy use.
Finally, nsenter --help checks the successful installation and how to use it.
Let me install this small tool with you.
I suggest that you download it and transfer it to the virtual machine. . . . . . . .
Attached here are two links to install VMware Tools to share files with the host.
Manually install VMware Tools in a Linux virtual machine (official website)
Install VMware Tools on CentOS7 (blog)
Because I used xshell here, I did not use VMware Tools, but used a simpler
[Linux] 1. How does Xshell connect to the virtual machine to upload files?
Okay, this is not important. Let’s continue to install nsenter. After decompression, enter the decompression directory.
After executing the ./configure --without-ncurses command,
next make nsenter # Start compilation.
Compilation is completed, copy and
test
. We will use it to enter the container later. It is entered through the process id, which is the pid. We have the concept before As mentioned in the article, a docker container is actually an isolated process in a virtual machine. Come down and use it.
First use docker inspect container id to get the container pid (the process id where the container is located).
But because there is too much information and we only need the pid, so use the following command format
to only get the pid under the state attribute of the container
docker inspect -f { {.State.Pid}}
The State and Pid here in the container id are case-sensitive.
Get pid 3090 here, then use nsenter to enter
nsenter --target pid --mount --uts --ipc --net --pid
In fact, everyone noticed that an error was reported here, but it does not affect the use. We have still entered the inside of the container. One thing that needs to be added here is that you cannot exit using CTRL + pq at this time. It seems that the shortcut keys conflict. When CTRL + p is used, the previous command will be displayed. Here we introduce the second method of exiting the container . , exit command , the result is a logout, exit the container.
We start a tomcat in the same way and enter the container. The method is also the same.
I think everyone has the same question mark as me now. It is too troublesome to enter the container with nsenter. You must first check the container. id, then use the container id to find the corresponding container pid, and then use the nsenter command to enter. Here we can simplify it and package such a set of commands into a shell. When we want to enter the container, we can save the time by calling this shell. go to many steps
The contents of the shell are as follows:
#!/bin/bash
CID=$1CPID=$(docker inspect -format “{ {.State.Pid}}” $CID)
nsenter --target “$CPID” --mount --uts --ipc --net --pid
Next, let’s create and use this shell together
cd / #Go to the root directory
mkdir mydocker #Create the folder
cd /mydocker #Enter the folder
vi in.sh #Create our shell
and copy the above content into it, save and exit
chmod 777 in.sh #Give the shell file modification permissions
and finally use it shell enters the container
Here you only need to call the shell and pass the container id in, which is very convenient. Finally, we copy the shell file so that we can use it directly in other directories.
sudo cp in.sh /usr/local/bin
in.sh container id
5. Import and export of containers
We mentioned in the concept chapter before that the difference between images and containers is that the container is the result of adding a read-write layer based on the read-only layer of the image , and the read-write layer is added when the image is used to build the container, so The concepts of containers and images are very close, so we can build and save our own images and containers by exporting the container as a file and then importing the file as an image .
Export the container as a file
docker export container id > export file name.tar
For example, if you obtain the tomcat image officially provided by docker, you use it to start a container, and then you enter the container and change the corresponding service port number from 8080 to 8090, but you don’t want to modify it every time you download it. You can save your own container (image) by exporting it. As
shown in the figure, the export is successful. The larger the image built by the container, the more time-consuming it is. Now let’s import the container as an image file.
Import the container as an image file
cat xxx.tar | docker import - myimage:23.33
There is no need to follow myimage with the version number. The default is lasted.
The import here is successful, and you can find that we have an extra image.
6. Container network (understand)
I don’t have an in-depth understanding of the network part here. It may be necessary to modify the network settings in a large area when the cluster is set up. I will give you my notes first, and I will learn more about it when I have the opportunity. Definitely next time. .
-------Check the network-------
After installing docker, a docker0 network bridge will appear, which is used to connect the container's network to the
local host docker0 veth* → container containers eth0. The container network is available by default. Install
the bridge management tool brctl → yum install bridge-utils, then view the bridge
brctl show
Start the ubuntu container. After entering the container,
apt-get update
apt install net-tools # ifconfig
apt install iputils-ping() # ping
-------Modify the network-------
Modify the file /etc/docker/daemon.json and add the content
"bip": "ip/netmask"
→ "bip": "192.168.100.1/24 ”
[Do not be on the same network segment as the host machine]
7. External access to internal containers
Give the command directly
docker run -d -P tomcat:8.5
docker run -d -p 7777:8080 tomcat:8.5
Here -P and -p are case-sensitive.
The big P is used by docker to randomly assign a port binding by default.
The small p is made by We specify a port ourselves to bind a port of the corresponding container.
The most commonly used one here is of course -p.
We use big P to run tomcat and check the port number, because here is the random port designated by docker by default. We use this port to access it. Next, we delete the previous container and use small p to specify the port to access
here
. Use port 7777 to access again
Finally, I would like to say a few more words, which can be regarded as a complaint. Why do I not use tomcat:8.5 version? The reason is that the comcat 8.5 of Alibaba Cloud mirror has a bug. The things originally under webapp are all under webapp.list, resulting in the failure after startup. To access, you need to correct the directory contents yourself. I hope everyone will pay attention.
See you next time.