[Container] Docker data management

1. Docker data management

There are two main ways to manage data in Docker containers: Data Volumes and DataVolumes Containers.

1.1 Data volume

A data volume is a special directory used by containers and is located within the container. The host's directory can be mounted to the data volume. Modifications to the data volume are immediately visible, and updated data will not affect the mirror, thus enabling data migration between the host and the container. The use of data volumes is similar to the mount operation of directories under Linux.

docker pull centos:7

#宿主机目录/var/www 挂载到容器中的/data1。
注意：宿主机本地目录的路径必须是使用绝对路径。如果路径不存在，Docker会自动创建相应的路径。
docker run -v /var/www:/data1 --name web1 -it centos:7 /bin/bash			#-v 选项可以在容器内创建数据卷
ls
echo "this is web1" > /data1/abc.txt
exit

#返回宿主机进行查看
cat  /var/www/abc.txt

2. Data volume container

如果需要在容器之间共享一些数据，最简单的方法就是使用数据卷容器。数据卷容器是一个普通的容器，专门提供数据卷给其他容器挂载使用。
#创建一个容器作为数据卷容器
docker run --name web2 -v /data1 -v /data2 -it centos:7 /bin/bash
echo "this is web2" > /data1/abc.txt
echo "THIS IS WEB2" > /data2/ABC.txt

#使用 --volumes-from 来挂载 web2 容器中的数据卷到新的容器
docker run -it --volumes-from web2 --name web3 centos:7 /bin/bash
cat /data1/abc.txt
cat /data2/ABC.txt

2. Port mapping

When starting a container, if you do not specify the corresponding port, the services in the container cannot be accessed through the network outside the container. The port mapping mechanism provides services in the container for external network access. In essence, it maps the host's port to the container, so that the external network can access the services in the container by accessing the host's port.

docker run -d --name test1 -P nginx					#随机映射端口（从32768开始）

docker run -d --name test2 -p 43000:80 nginx		#指定映射端口

docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                   NAMES
9d3c04f57a68   nginx     "/docker-entrypoint.…"   4 seconds ago    Up 3 seconds    0.0.0.0:43000->80/tcp   test2
b04895f870e5   nginx     "/docker-entrypoint.…"   17 seconds ago   Up 15 seconds   0.0.0.0:49170->80/tcp   test1

浏览器访问：http://192.168.80.10:43000	、http://192.168.80.10:49170

3. Container interconnection (using centos image)

Container interconnection is to establish a dedicated network communication tunnel between containers through the name of the container. To put it simply, a tunnel is established between the source container and the receiving container, and the receiving container can see the information specified by the source container.

#创建并运行源容器取名web1
docker run -itd -P --name web1 centos:7 /bin/bash	
	
#创建并运行接收容器取名web2，使用--link选项指定连接容器以实现容器互联
docker run -itd -P --name web2 --link web1:web1 centos:7 /bin/bash			#--link 容器名:连接的别名

#进web2 容器， ping web1
docker exec -it web2 bash
ping web1

4. Creation of Docker image

1. Create based on existing image

（1）首先启动一个镜像，在容器里做修改
docker create -it centos:7 /bin/bash

docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED         STATUS    PORTS     NAMES
000550eb36da   centos:7   "/bin/bash"   3 seconds ago   Created             gracious_bassi

（2）然后将修改后的容器提交为新的镜像，需要使用该容器的 ID 号创建新镜像
docker commit -m "new" -a "centos" 000550eb36da centos:test
#常用选项：
-m 说明信息；
-a 作者信息；
-p 生成过程中停止容器的运行。

docker images

2. Create based on local template

通过导入操作系统模板文件可以生成镜像，模板可以从 OPENVZ 开源项目下载，下载地址为http://openvz.org/Download/template/precreated

wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz

#导入为镜像
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test

3. Created based on Dockerfile

3.1 Union File System (UnionFS)

UnionFS (Union File System): Union File System (UnionFS) is a hierarchical, lightweight and high-performance file system. It supports modifications to the file system to be superimposed layer by layer as one submission, and can also combine different Directories are mounted to the same virtual file system. AUFS, OverlayFS and Devicemapper are all types of UnionFS.

The Union file system is the basis of Docker images. Images can be inherited through layering. Based on the base image (without a parent image), various specific application images can be produced.

Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose each layer of file systems, so that the final file system will contain all underlying files and directories.

The layers we see when downloading are the joint file systems.

3.2 Image loading principle

Docker's image actually consists of a layer-by-layer file system, and this layer of file system is UnionFS.

bootfs mainly includes bootloader and kernel. The bootloader mainly loads the kernel. The bootfs file system will be loaded when Linux first starts.

The bottom layer of the Docker image is bootfs. This layer is the same as our typical Linux/Unix system, including the boot loader and kernel. When the boot loading is completed, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also uninstall bootfs.

rootfs, on top of bootfs. Contains standard directories and files such as /dev, /proc, /bin, /etc, etc. in a typical Linux system. Rootfs refers to various operating system distributions, such as Ubuntu, Centos, etc.

We can understand that there is nothing in the kernel at the beginning. If you run a command to download debian, a base image will be added to the kernel; then install an emacs, and a layer of image will be superimposed on the base image; and then install another apache will overlay another layer of images on top of the images. In the end they look like a file system i.e. the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, each layer of rootfs at this time is read-only, and we cannot operate it at this time. When we create a container, that is, instantiate a Docker image, the system will allocate an empty layer of read-write rootfs on top of one or more layers of read-only rootfs.

3.3 Why is the size of centos in Docker only 200M?

Because for a streamlined OS, the rootfs can be very small and only needs to contain the most basic commands, tools and libraries. Because the bottom layer directly uses the host's kernel, you only need to provide the rootfs yourself. It can be seen that for different Linux distributions, bootfs is basically the same, but rootfs will be different, so different distributions can share bootfs.

Dockerfile

1. Docker image is a special file system. In addition to providing programs, libraries, resources, configuration and other files required for container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc. ). The image does not contain any dynamic data, and its content will not be changed after it is built.

2. Mirror customization is actually customizing the configuration and files added to each layer. If we can write the commands for modifying, installing, building, and operating each layer into a script, and use this script to build and customize the image, then the issues of transparency and volume of image construction will be solved. This script is the Dockerfile.

3. Dockerfile is a text file that contains instructions (Instructions). Each instruction builds a layer, so the content of each instruction describes how the layer should be built. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on the Dockerfile and regenerate the image, eliminating the trouble of typing commands.

4. In addition to manually generating Docker images, you can use Dockerfile to automatically generate images. Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux. The Docker program will read the instructions in the Dockerfile to generate the specified image.

5. The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions, and execution instructions when the container starts. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports comments starting with "#".

Layering of Docker image structure

An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image. Any file changes made in the running container will be written to this read-write layer. If you delete a container, its top read-write layer is deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of the image and the container layer of the read-write layer.

(1) Each instruction in the Dockerfile will create a new image layer;
(2) The image layer will be cached and reused;
(3) When the instructions of the Dockerfile are modified, the copied files change, or the variables specified when building the image are different, the corresponding image layer cache will become invalid;
(4) A certain If the image cache of one layer is invalid, the cache of the image layer after it will be invalid;
(5) The image layer is immutable. If a file is added to a certain layer, then it will be added to the next layer. If you delete it, the file will still be included in the image, but the file will not be visible in the Docker container.

5. Commonly used instructions for Dockerfile operations:

(1) FROM image

Specify the base image on which the new image is based. The first instruction must be a FROM instruction. Each time a mirror is created, a FROM instruction is required.

(2) MAINTAINER name

Describe the maintainer information of the new image

(3) RUN command

Execute the command on the based image and submit it to the new image

(4) ENTRYPOINT ["Program to be run", "Parameter 1", "Parameter 2"]

sets the first command to be run when the container starts and its parameters.
You can overwrite the contents of the ENTRYPOINT instruction in the image by using the command docker run --entrypoint.

(5) CMD ["Program to be run", "Parameter 1", "Parameter 2"]

The above is the exec form, the shell form: CMD command parameter 1 parameter 2
The command or script that is executed by default when starting the container. Dockerfile can only have one CMD command. If multiple commands are specified, only the last command will be executed.
If a command is specified during docker run or there is ENTRYPOINT in the image, then CMD will be overwritten.
CMD can provide default parameters for the ENTRYPOINT command.

java -jar xxxxxxx.jar

(6) EXPOSE port number

Specify the port to be opened when the new image is loaded into Docker

(7) ENV environment variable variable value

Set the value of an environment variable, which will be used by subsequent RUN
linxu PATH=$PATH:/opt
ENV PATH $PATH:/ opt

(8) ADD source file/directory target file/directory

Copy the source file to the image. The source file must be in the same directory as the Dockerfile, or be a URL
There are the following considerations:
1. If the source path is a file and the target path ends with /, docker will treat the target path as a directory and copy the source file to the directory.
If the target path does not exist, the target path will be automatically created.

2. If the source path is a file and the target path does not end with /, docker will treat the target path as a file.
If the target path does not exist, a file will be created with the name of the target path, and the content will be from the same source file;
If the target file is an existing file, the source file will be created. The file overwrites it, of course only the content is overwritten, the file name is still the target file name.
If the target file actually exists in an existing directory, the source file will be copied to that directory. Note that in this case it is best to end the display with / to avoid confusion.

3. If the source path is a directory and the target path does not exist, docker will automatically create a directory with the target path and copy the files in the source path directory.
If the target path is an existing directory, docker will copy the files in the source path directory to the directory.

4. If the source file is an archive file (compressed file), docker will automatically decompress it.
URL download and decompression features cannot be used together. Any compressed file copied via URL will not be automatically decompressed.

(9) COPY source file/directory target file/directory

Only copy the files/directories on the local host to the target location. The source files/directories must be in the same directory as the Dockerfile.

(10)VOLUME ["Directory"]

Create a mount point in the container

(11) USER username/UID

Specify the user when running the container

(12) WORKDIR path

Specify the working directory for subsequent RUN, CMD, ENTRYPOINT

(13) ONBUILD command

specifies the command to be run when the generated image is used as a base image.
When the ONBUILD instruction is added to a Dockerfile, the instruction will not have a substantial impact on using the Dockerfile to build an image (such as image A).
But when writing a new Dockerfile to build an image based on the A image (for example, the B image), the ONBUILD instruction in the Dockerfile that constructs the A image will take effect. During the B mirroring process, the instructions specified by the ONBUILD instruction will first be executed, and then other instructions will be executed.

Note: If you have other dockerfiles in production, please study and read them by yourself, otherwise you will have to pay for the consequences.

（14）HEALTHCHECK

health examination

When writing a Dockerfile, there is a strict format to follow:

• The first line must use the FROM instruction to indicate the name of the image it is based on;
• Then use the MAINTAINER instruction to describe the user information that maintains the image;
• Then there are instructions related to mirror operations, such as the RUN instruction. Each time a command is run, a new layer is added to the base image.
• Finally, use the CMD instruction to specify the command operation to be run when starting the container.

6. Dockerfile case

#建立工作目录
mkdir  /opt/apache
cd  /opt/apache

vim Dockerfile
#基于的基础镜像
FROM centos:7
#维护镜像的用户信息
MAINTAINER this is apache image <hmj>
#镜像操作指令安装apache软件
RUN yum -y update
RUN yum -y install httpd
#开启 80 端口
EXPOSE 80
#复制网站首页文件
ADD index.html /var/www/html/index.html
//方法一：
#将执行脚本复制到镜像中
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#启动容器时执行脚本
CMD ["/run.sh"]
//方法二：
ENTRYPOINT [ "/usr/sbin/apachectl" ]
CMD ["-D", "FOREGROUND"]


//准备执行脚本
vim run.sh
#!/bin/bash
rm -rf /run/httpd/*							#清理httpd的缓存
/usr/sbin/apachectl -D FOREGROUND			#指定为前台运行
#因为Docker容器仅在它的1号进程（PID为1）运行时，会保持运行。如果1号进程退出了，Docker容器也就退出了。

//准备网站页面
echo "this is test web" > index.html

//生成镜像
docker build -t httpd:centos .   		#注意别忘了末尾有"."

//新镜像运行容器
docker run -d -p 1216:80 httpd:centos

//测试
http://192.168.80.10:1216/


########如果有网络报错提示########
[Warning] IPv4 forwarding is disabled. Networking will not work.

解决方法：
vim /etc/sysctl.conf
net.ipv4.ip_forward=1

sysctl -p
systemctl restart network
systemctl restart docker