Docker--Introduction and Practice

1. What is container technology?

Docker is an open source application container engine. The prerequisite for understanding Docker is to understand what container technology is. Speaking of container technology, here we have to contact the virtualization technology in virtual machines that we often use. The two are similar in function and purpose. They both package a series of programs and establish an independent operating environment. It is what we call a sandbox, but the two are completely different in terms of implementation links and characteristics.

1.1 Virtualization technology

Virtualization technology refers to the virtualization of multiple complete virtual machine system images on the same computer through a hypervisor (an intermediate software layer that runs between the basic physical server and the operating system, allowing multiple operating systems and applications to share hardware). Each virtual machine has its own operating system and hardware resources.

Although virtualization technology can provide system administrators with great flexibility in the process of building operating system instances on demand, hypervisor virtualization technology has problems with performance and resource usage efficiency, which greatly increases the consumption of application development, and Container technology was born to solve this problem.

1.2 Container technology

Container technology directly packages the relevant program code, function libraries, and environment configuration files required by an application to establish a sandbox execution environment, thereby effectively dividing the resources of a single operating system into isolated groups for better By balancing conflicting resource usage requirements between independent groups, the sandboxed execution environment created is called a container.

1.3 Container engine

Docker is not the only container engine. In addition to docker, there are coreos, etc. Among many container engines, Docker is almost the representative of container engines. The following is an introduction to the most typical container technology Docker.

2. What is Docker

2.1 Introduction to Docker

Docker is an open source application container engine. Developers can package their applications and dependency packages into a portable container, and then publish it to any popular Linux machine or Windows machine. It can also be virtualized. The container completely uses sandbox. The container mechanism does not have any interfaces with each other, and the container performance overhead is extremely low.

2.2 Basic concepts of Docker

Image:

To put it simply, a mirror is an object-oriented class, equivalent to a template. Essentially, an image is equivalent to a file system. The Docker image is a special file system that provides the programs, libraries, resources, configurations, etc. required for the container to run. At the same time, the image does not contain any dynamic data, and its content will not be changed after it is built.

Container:

Corresponding to the above image, a container is an instance created by a class, an entity created based on a certain image as a template. The essence of a container is a process, but unlike a process that runs directly on the system, a container process has its own independent namespace. Therefore, the container can have its own root file system, network configuration, and memory space, thereby creating an isolated environment, just like a system independent of the Host system.

Warehouse (Registry):

After the image is built, it can be easily run on the current host. However, if we need to use this image on other servers, we need a centralized service for storing and distributing images. The warehouse (Docker Registry) is such a service. . The warehouse stores different versions of each category of images, and the required destination image can be obtained through the warehouse.

Client/Server:

Docker uses a client/server architecture. The Docker client interacts with the user by accepting commands, and the Docker client interacts with the Docker server. The Docker server is responsible for building, running, and distributing Docker images, as well as the creation of corresponding image containers. The most typical Docker client is the docker command line program.

Tiered storage:

The image needs to contain the complete root file system of the operating system, and Docker designs it as a hierarchical storage architecture. When the image is built, it will be built layer by layer. At the same time, when modifying or deleting, the corresponding operation layer will be added to the top of the image. . This storage structure facilitates the reuse of images and makes code construction simpler. We can implement our own images by adding and modifying configurations to the original images.

2.3 Docker advantages

• Utilize system resources more efficiently. The docker container directly interacts with the kernel, with almost no performance loss, and the performance is better than virtualization through the hypervisor layer and the kernel layer.

• Faster boot time. Traditional virtual machine technology often takes several minutes to start application services, but Docker container applications run directly in the host kernel without starting a complete operating system, so they can start in seconds or even milliseconds.

• Implement automated testing and continuous integration and deployment. Using Docker, you can achieve continuous integration, continuous delivery, and deployment by customizing application images. Developers can build the image through Dockerfile and perform integration testing with the continuous integration system, while operation and maintenance personnel can directly and quickly deploy the image. At the same time, combined with the continuous deployment system, it can be deployed automatically.

• compatibility. There is no need to consider the impact of the operating system and dependent environments. Various dependent environments can be installed and reflected in docker, rather than relying on the operating system environment.

The advantages of containers compared to virtual machines can be seen more clearly below:

characteristic	container	virtual machine
start up	Second level	Minute level
Hard drive usage	Usually MB	Generally GB
performance	Close to native	weaker than
System support	Single machine supports thousands of containers	Usually dozens

3. Docker configuration under CentOS

Docker is divided into two major versions: CE and EE. CE is the community edition (free, support period is 7 months), EE is the enterprise edition, which emphasizes security, is paid for use, and has a support period of 24 months.

docker installation

To install docker on Centos, you need to configure the docker warehouse first. After successfully configuring the docker warehouse, you can directly use the yum command to install docker.

• Warehouse added

  You need to install the required software packages before adding the warehouse. The yum-config-manager provided by yum-utils below can manage the installation warehouse added by yum, and the device mapper storage driver requires device-mapper-persistent-data and lvm2.

  $ sudo yum install -y yum-utils \
    device-mapper-persistent-data \
    lvm2
  

After installing the required software packages, you can use the yum-config-manager command to set the docker installation warehouse.

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

• docker engine-community installation

  After adding the docker warehouse, you can directly use the yum install command to install docker

  $ sudo yum install docker-ce docker-ce-cli containerd.io
  

• Installation test

  After the installation is successful, you can use the following command to check whether the docker installation is successful. If there is no error output, the installation is successful.

  docker version
  

Docker start

• Although the Docker installation is successful, the server process has not yet been started, so you need to use the command to start the docker server in the background.

  sudo systemctl start docker
  

• After entering the command, you can use the version command to test whether the Docker server daemon is started successfully. After successful startup, in addition to the Client item, the version command will also have an additional Server item, indicating that the Docker server daemon is already running in the background. .

  docker version
  

Docker image testing

• After installing and starting docker, you can obtain and run the simplest image hello-world. This is an image that comes with the docker community. You can directly enter run to run. When docker finds that the image does not exist locally, it will directly go to the docker community to download it, and then run the image. Below you can see the process of docker downloading the image, the process of running the image, and the image will automatically exit after running.

  sudo docker run libray/hello-world
  

  In addition, you can also use the pull command to pull the image first and then run it. library/hello-world is the location of the image file in the warehouse, where library is the group where the image file is located, and hello-world is the name of the image file. Because library is the default group of docker, it can be omitted.

  sudo docker pull libray/hello-world
  

• After the image is obtained, you can use the following command to view the locally existing image.

  sudo docker images
  

Configure domestic mirroring

Because the Docker image warehouse is located abroad and the download speed is relatively slow, a domestic accelerated image warehouse can be configured here.

• Use vim to access daemon.jsonthe file. It may not exist, and vim will automatically create a new one.

  vim /etc/docker/daemon.json
  

• Find the item in the file registry-mirrors, if not, add one yourself, and add the domestic acceleration mirror warehouse we want to add to the list. Here is a NetEase accelerated mirror warehouse.

  "registry-mirrors":["http://hub-mirror.c.163.com"]
  
  

• To restart docker from the command line, you can use the info command to check the registry mirror item below to see if the mirror warehouse is added successfully. The following is the result after the acceleration mirror is added successfully.

  sudo systemctl restart docker
  sudo docker info
  
  

4. Use of Docker containers

Mysql container usage

• First, pull the mysql image. After setting up the domestic image, the speed will be faster. The colon here represents the label of the image, which is the version number. After entering the command, you can see that Docker is pulling the mysql-related image dependencies. The decimal number in front of the image is the image ID, and the library is omitted here.

  docker pull mysql:5.7
  

• Start the Mysql server container. After startup, the ID of the running container will be returned. In the command,

  sudo docker run -p 3306:3306 --name mysql2 -e MYSQL_ROOT_PASSWORD=root -d mysql:5.7
  

Parameter Description:

-p 3306:3306: Indicates that the 3306 port of the container service is mapped to the 3306 port of the host, so that the MySQL server of the container can be directly accessed through the 3306 port of the host.

-e MYSQL_ROOT_PASSWORD=root: -e means setting the environment variable later, and the latter means the root account password of mysql.

--name mysql2: The name of the created container, which cannot be repeated.

-d: Indicates that the container will not be entered after the container is created and run.

• After the startup is successful, you can use the ps command to view the containers that have been successfully started. Here you can add -athe containers that have been stopped.

  docker ps
  

• Then use the following command to enter the container terminal. You can run the mysql client in the container terminal. Here you can use the exit command to exit the container terminal.

  docker run -it --net host mysql:5.7 "sh"
  或
  docker exec -it mysql2 bash
  mysql -h127.0.0.1 -P3306 -uroot -proot
  

Parameter Description:

-it: Indicates the connection between the host's input and output streams and the container terminal.

"sh": Indicates the terminal where the container is started.

• After exiting the terminal, you can use the prune command to delete stopped containers and unmounted volumes, -fwhich means forced deletion.

  docker container prune -f
  docker volume prune –f
  

5. Mirror creation

1. Dockerfile

The construction of the image requires the use of dockerfile. Dockerfile is a text file used to build the image. The text consists of multiple commands.

Common commands

FROM

Images are generally created on the basis of other images. The FROM command is generally used at the beginning of the dockerfile to specify the basic image. It can be used multiple times to specify multiple base images.

FROM <image>
或者
FORM <image>:<tag>

RUN

It is used to execute the commands given later during the image building (docker build) process. There are two different usage formats.

shell format:

RUN <命令>

Exec format:

RUN ["可执行文件", "参数1", "参数2"]

COPY

The copy command copies files from the source path to the target path. This can set multiple source paths.

shell format:

COPY <源路径1>...  <目标路径>

Exec format:

COPY ["源路径1",...  "<目标路径>"]

You can also use wildcards as the source path.

COPY hom* /mydir/
COPY hom?.txt /mydir/

ENV

Used to set and define environment variables

ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2>...

VOLUME

Define anonymous data volumes. If you forget to mount the data volume when starting the container, it will be automatically mounted to the anonymous volume to prevent important data from being lost due to restarting the container.

VOLUME ["<路径1>", "<路径2>"...]
VOLUME <路径>

CMD

The started container specifies the command to be run by default. Unlike the RUN command, the command is executed when the image is running (docker run). At the same time, if there are multiple CMD instructions in the Dockerfile, only the last one will take effect.

CMD <shell 命令> 
CMD ["<可执行文件或命令>","<param1>","<param2>",...] 
CMD ["<param1>","<param2>",...]			//提供ENTRYPOINT时才能使用

At the same time, the program specified by the CMD instruction can be overwritten by the program to be run specified in the docker run command line parameters, such as the terminal running the image above:

docker run -it --net host mysql:5.7 "sh"

Among them, "sh" is the alternative command.

ENTRYPOINT

Similar to the CMD instruction, but will not be overridden by instructions specified by the command line parameters of docker run. At the same time, if there are multiple ENTRYPOINT instructions in the Dockerfile, only the last one will take effect.

ENTRYPOINT ["<executeable>","<param1>","<param2>",...]

EXPOSE

Declare the port and explain the port to the user to facilitate configuration mapping.

EXPOSE <端口1> [<端口2>...]

2. Create a simple image

• Create a new folder and create a file named dockerfile in the folder.

• Use vi to edit the dockerfile and enter the following command. Top here is the command to display the running process.

  FROM ubuntu
  ENTRYPOINT ["top", "-b"]
  CMD ["-c"]
  
  

• After inputting, save it back to the folder and use the build command to build the image. The ./parameter indicates that the image root directory is in the current directory and -t helloindicates the name of the image.

  docker build ./ -t hello
  
  

• After the creation is successful, you can directly use docker run to run the image you just created. You can see that after the operation is successful, you can see the top command process running on the console.

  docker run -it --rm hello -H
  
  

6. Alibaba Cloud Image Service Practice

The above describes how to build an image locally, but building objects locally is not enough. We often also need a platform to publish and manage the images we build. In this case, we can use the image service provided by Alibaba Cloud.

1. Establish a warehouse

• First visit the Alibaba Cloud official website https://cr.console.aliyun.comand choose to log in. If you don’t have an account, register one.

• After registration is completed, if you want to upload an image, you need to select the region and namespace of the image server for your Alibaba Cloud account.

  The combination of the warehouse and the namespace forms the mirror group mentioned above. Just enter it according to the situation.

• After filling in the warehouse information, the system also requires you to select the code source. Because the image is uploaded directly in CentOs, the code source selected here is the local warehouse.

• After the creation is successful, return to the warehouse list and you can see the status and information of the warehouse you just created.

2. Upload image

• After the warehouse is created, return to the CentOs terminal and use the docker login command to log in. In this command, username is the created Alibaba Cloud username, and the command parameter is the mirror address of Alibaba Cloud. Here, the region is selected according to the created warehouse above, where Shenzhen represents the address of the mirror server in Shenzhen. There are also many mirror addresses. Choose one according to the situation, but you must use the same address for the next operation. At the same time, after the login command is entered, the user will be asked to enter a password. After successful entry, a successful login prompt will be displayed.

  docker login --username=ouzj5 registry.cn-shenzhen.aliyuncs.com
  
  

• Before uploading the image, you need to mark the image to be uploaded according to the name of the warehouse you just created. The purpose of the mark is to classify it into a certain warehouse. The image name here is preceded by the address of the corresponding warehouse, the namespace and the name of the warehouse. At the same time, it can also be added as a :taglabel after the image name. Hello-wrold is used as the label here, and the default is latest.

  docker tag registry.cn-shenzhen.aliyuncs.com/ouzj5/repo:hello-world
  
  

• After the mark is successful, you can directly use the push command to upload the built image. The results after successful upload are as follows.

  docker push registry.cn-shenzhen.aliyuncs.com/ouzj5/repo:hello-world
  
  

• After the upload is successful, you can click into the warehouse you just created and select the image version. In the warehouse, you can see that the image of the corresponding tag has been created, and there are various information about the image of the tag.

3. Get the image in the warehouse

• After the upload is successful, you can try to obtain the image you created. First, delete the original image before obtaining it. Here, use the rmi command of docker. Here, it seems that there is no real deletion, just to remove the label. To really delete, you need to add parameters -f. .

  docker rmi registry.cn-shenzhen.aliyuncs.com/ouzj5/repo:hello-world
  
  

• Then use the pull command to pull. The parameters of the command are the parameters of the push above. The command line will display the new image downloaded from Alibaba Cloud.

  docker pull registry.cn-shenzhen.aliyuncs.com/ouzj5/repo:hello-world
  
  

• After the image is successfully pulled, you can use the images command to check whether the image is successfully pulled. You can see the image with the corresponding warehouse tag below.

  docker images
  
  

• Finally, there is a docker command which is the logout operation, which will clear the corresponding login status from the local.

  docker log out registry.cn-shenzhen.aliyuncs.com
  
  

7. Docker hub automatic construction practice

The above describes how to upload the image you have built, but it is very troublesome to log in and upload each version update, so the following practice is how to use github and docker hub to realize automatic construction of applications. In layman's terms, whenever docker hub detects that github has an update (push), it will automatically call the dockerfile on github to build the image and upload it to the warehouse.

1. Create an account and link to the github account

• The platform used here is the foreign docker hub platform, which provides image management services similar to Alibaba Cloud. You also need to register a user account before using it. Its website is https://hub.docker.com/. After successful registration Go to the following page.

• Because what is implemented here is the automatic construction of the warehouse on github, you need to link the docker hub account and the github account. Select the Account Setting option in the menu in the upper right corner, enter the user settings page, and then select the Linked Accounts option.

• After entering the Linked Accounts page, you can see the GitHub link option. You can see that the new account has no link. Here, select the Connect option on github. The next page will ask for the github account password.

• After logging in successfully, you can see that the GitHub item in the Linked Account has changed to the corresponding account.

2. Create an automated build mirror warehouse

• Before setting up automated build, the corresponding dockerfile needs to be given in the github repository.

• Select the Repositories option on the menu to enter the warehouse management page. There is a Create warehouse button in the upper right corner of the page. Click it to start creating the warehouse.

• Enter the mirror warehouse page, fill in the basic information of the warehouse, click Create Warehouse and enter the warehouse page.

• On the warehouse page, select the builds option of the warehouse

• After entering the builds page, you will be asked to select the source of the built warehouse. Here, select the github account you just logged in to.

• After selecting github, you will be asked to fill in the source code warehouse that needs to be automatically built in github. Fill in other basic information and click save and build to save and build.

• After the settings are saved, the build page of the warehouse changes to the following status, proving that the build has started.

• After setting it up, you can try to push to update the code on github. You can see that the build will run again after the push, and the automatic build will be completed.