docker Profile
Docker is an open source application container engine that lets developers can package their applications and dependencies into a portable mirror, and then publish to any of the popular Linux or Windows machine can be virtualized. The container is full use of the sandbox mechanism will not have any interface with each other.
Docker architecture
Docker using a client - server (C / S) architecture model, using remote API to create and manage Docker containers. Docker Docker container created by the mirror. Relationship between the container and the mirror similar to object-oriented programming and object class.
Docker using C / S architecture Docker as a server daemon accepts requests from clients, and processes these requests (created, operation, dispensing container). The client and server can either run on a machine, but also to communicate through the socket or RESTful API.
Docker daemon host typically in a host background, waiting to receive a message from the client. Docker client was to provide users with a series of executable commands, users achieve with Docker daemon to interact with these commands.
docker application scenarios
Automating the packaging and deployment of applications (the packaged application deployment automation)
Creation of Lightweight, Private PAAS Environments (to create a lightweight, private PAAS environment)
Automated Testing and the Continuous Integration / Deployment (automated testing and continuous integration / deployment )
deploying and Scaling Web Apps, databases and backend services (deployment and expansion webapp, databases and back-office services
due to its lightweight virtualization LXC-based features, docker KVM compared to the most obvious feature is start fast, resource consumption small. Therefore, for the construction of a standardized operating environment isolation, lightweight PaaS (such as dokku), build automation and continuous integration testing environment, as well as all applications can scale-out (in particular the need to quickly start and stop to deal with peaks and valleys of the web application).
Installation docker
Experimental environment: rhel7.3
host name: server1
ip: 172.25.26.1
Docker Package Download
[root@server1 docker]# ls
container-selinux-2.21-1.el7.noarch.rpm
docker-ce-18.06.1.ce-3.el7.x86_64.rpm
libsemanage-2.5-8.el7.x86_64.rpm
libsemanage-python-2.5-8.el7.x86_64.rpm
pigz-2.3.4-1.el7.x86_64.rpm
policycoreutils-2.5-17.1.el7.x86_64.rpm
policycoreutils-python-2.5-17.1.el7.x86_64.rpm
[root@server1 docker]# yum install -y *
Download the required packages using yum install.
[root@server1 docker]# systemctl start docker.service
[root@server1 docker]# docker info
Open docker, view the status.
The basic application docker
Import 2048 game
first need to get the mirror 2048 game, after importing.
[root@server1 images]# docker load -i game2048.tar
011b303988d2: Loading layer 5.05MB/5.05MB
36e9226e74f8: Loading layer 51.46MB/51.46MB
192e9fad2abc: Loading layer 3.584kB/3.584kB
6d7504772167: Loading layer 4.608kB/4.608kB
88fca8ae768a: Loading layer 629.8kB/629.8kB
Import image
[root@server1 images]# docker run -d -p 80:80 --name v1 game2048
151ba499cfa839828a5be9c690051e29ee6ed1331127dac7ce6c4fac8b71c10e
Create a container, -p specify the mapping port, vessel name v1.
Ip direct input in the browser can be visited.
Import ubuntu
[root@server1 images]# docker load -i ubuntu.tar
56abdd66ba31: Loading layer 196.8MB/196.8MB
9468150a390c: Loading layer 208.9kB/208.9kB
11083b444c90: Loading layer 4.608kB/4.608kB
5f70bf18a086: Loading layer 1.024kB/1.024kB
Import mirror.
[root@server1 images]# docker run -it --name v2 ubuntu
Create a container.
Can be seen, the container and the hosts really use is a core, into the container can use ctrl + pq the container into the background.
[root@server1 images]# docker attach v2
Connect again, if necessary use the exit to exit to exit.
In this case, the real host can also view card information container.
[root@server1 images]# iptables -t nat -nL
At this time, the physical machine to a container made dnat.
[root@server1 images]# docker ps
Use docker ps can see the container is running, the -a option to view it in all containers.
Use the tab key to view the additional usage of docker.
[root@server1 images]# docker stop v1
[root@server1 images]# docker start v1
Opening and closing containers.
[root@server1 images]# docker rm -f v2
Forcibly remove the container.
[root@server1 images]# docker history ubuntu
View mirror configuration process.
Here v2 created in the container in a number of documents, these images are not saved to the original image, in order to save the file you must create a new image.
[root@server1 images]# docker commit -m "add file" v2 ubuntu:v1
Create a new image submitted, -m settings tab, set version v1, above TAG below it shows the version.
View Mirror building, we found the v1 version of ubuntu mirror just more than a layer of the original version, which is set up in front of the label "add file" section, each time you save will add a layer of the original, based on the number of layers no more than 127 layers.
After you create a container to view, save the file down, to note that, using this method to create a mirror image of us do not know what to do internal changes.
[root@server1 images]# docker rmi ubuntu:v1
Remove the mirror, when you remove a mirror to make sure that no container to use it.
dockerfile use.
Create a new image can be used dockerfile way
| instruction | effect |
|---|---|
| FROM | Specifies the base image, if there is no local downloaded from a remote repository. |
| MAINTAINER | Set of mirrors, such as user mailboxes, etc. |
| COPY | Copy files from the mirror to build context, supports two forms: COPY src dest and COPY [ "src", "dest"] |
| ADD | Usage and COPY similar, except that the src can be compressed archive file, the file will be automatically extracted to dest, can also automatically download and copy the URL to the mirror |
| ENV | Setting environment variables, variables can be used by a subsequent instruction |
| EXPOSE | If the application services running in the container can be exposed to the service port |
| VOLUME | Data volume stated, generally designated application data is linked at a point |
| WORKDIR | RUN, CMD, ENTRYPOINT, ADD and COPY command sets the current working directory in the mirror is, if the directory does not exist will be created automatically |
| RUN | Run the command in a container and create a new image layer, commonly used software packages to install |
| CMD and ENTRYPOINT | Both instructions are used to set the command to be executed after starting the container, but the CMD line is covered behind the docker run command, ENTRYPOINT not be ignored, will be executed. |
Rhel7 build httpd service within the container.
[root@server1 images]# docker load -i rhel7.tar
e1f5733f050b: Loading layer 147.1MB/147.1MB
Mirror introduced rhel7
Create a directory, write file.
[root@server1 docker]# vim dvd.repo
[dvd]
name=rhel7
baseurl=http://172.25.26.250/rhel7.3
gpgcheck=0
Edit yum file
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
RUN rpmdb --rebuilddb && yum install -y httpd
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
Provided in the vessel and the installation and configuration open source yum httpd.
[root@server1 docker]# docker build -t rhel7:v1 .
Generating image.
[root@server1 docker]# docker run -d --name apache -p 80:80 rhel7:v1
Generating container, this time within the container of the httpd service has been configured.
The browser can access the test page, or you can write a good test page using COPY placed under release directory.
Create a web directory, write a test page on the inside
[root@server1 web]# docker run -d --name apache -p 80:80 -v /tmp/docker/web/:/var/www/html rhel7:v1
Create a container designated 80 port mapping, use -v option to mount the directory in the directory to release the vessel.
Access the test page.
[root@server1 web]# vim index.html
Modify the test page content.
Check with the browser content synchronization change.
Use busybox to do the test
[root@server1 images]# docker load -i busybox.tar
Import mirror.
[root@server1 docker]# vim Dockerfile
FROM busybox
ENV name world ##设置环境变量
ENTRYPOINT echo "hello, $name"
[root@server1 docker]# docker build -t busybox:v1 .
Generating image.
[root@server1 docker]# docker run --rm busybox:v1
hello, world
Generating container, because the container is only output a result of this, there is no practical effect, so the output after using deleted.
Here is the world's environment variables.
[root@server1 docker]# vim Dockerfile
FROM busybox
ENTRYPOINT ["/bin/echo", "hello"]
CMD ["world"]
[root@server1 docker]# docker build -t busybox:v2 .
A regenerated image.
Here you can see the difference between the CMD and ENTRYPOINT, CMD will be covered by the back row of docker run command, ENTRYPOINT not be ignored, will be executed.
Image optimization
First of all, and then within a container to build nginx service.
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make && make install
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
Edit the file.
[root@server1 docker]# docker build -t rhel7:v1 .
Use rhel7 build a new mirror image, build a good service in the mirror.
[root@server1 docker]# docker run -d --name nginx -p 80:80 rhel7:v1
Create and open container, port mapping is set to 80.
Open a browser to access the service to build success.
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make && make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
Set the port 80 is exposed, the data affirm mount point.
[root@server1 docker]# docker build -t rhel7:v2 .
Use creating the mirrored second cache is not above operation is repeated.
After you create a container, we see the emergence of the index.html file in the data directory, you can edit this file to modify publish pages.
[root@server1 _data]# docker inspect nginx
Data mount directory.
View mirror, we can see the size of up to 276M, so to optimize the mirror, after all, a service station not so much space.
[root@server1 docker]# vim Dockerfile
FROM rhel7 as build
COPY dvd.repo /etc/yum.repos.d/dvd.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install && rm -rf /mnt/nginx-1.15.8*
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
Edit dockerfile, to minimize the number of layers of the mirror, remove the intermediate product.
[root@server1 docker]# docker build -t rhel7:v3 .
Generate v3 version of the image.
After reviewing the discovery v3 version of the image it has been reduced to 141M, but although this is still very large, because the underlying bash occupied too much space, there are a lot of things are set up in less than nginx service bash environment, thus leading to a waste of resources.
So to further reduce the environmental bash.
[root@server1 images]# docker load -i distroless.tar
668afdbd4462: Loading layer 18.39MB/18.39MB
Loaded image: gcr.io/distroless/base:latest
Import distroless.tar.
[root@server1 docker]# vim Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG TIME_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@server1 docker]# docker build -t rhel7:v5 .
View v5 version, only 23.2M.