Docker study notes (a): Basic command

Only access to personal use, to learn Docker then recommend to read this document: "Docker - from entry to practice."

First, the basic concept

To build and run a Docker containers, you have several steps:

1. Write Dockerfile, and then build a mirror from Dockerfile through the build command
   1. Mirroring is built in layers, tiered storage. This makes the mirror multiplexing, custom becomes easier.
   2. Image does not contain any dynamic data, its contents will not be changed after the construct. So it was friendly operation and maintenance, can achieve a build run everywhere.
2. By run command to start the container. (Hereinafter referred to again mirrored warehouse)
   1. Mirroring the content is static, and the container is dynamic!
   2. Each container run-time, based on the mirror as a base layer, a storage layer to create the current container thereon. This operation can be called as container storage layer to read and write and prepare for the container storage layer .
   3. Container should not write any data to which the storage layer, the storage layer to keep the container free of state.
   4. All file write operations, volume data should be used (Volume), or binding directory host, reading and writing these locations will skip container storage layer to read and write to the host (or network storage) occurs directly, and its performance higher stability.
3. Log on to the Docker with the login command mirroring warehouse (private or public), then push command push to build up a good image.
4. In other machines pull down image, the docker run xxxrun command.

Two, Docker basic commands

1. Obtain Mirror

Fetching an image from the warehouse through the pull command:

# 格式
docker pull [选项] [Docker Registry 地址[:端口号]/]仓库名[:标签]

# e.g. 1：从公共仓库拉 nginx 的镜像
# 下列两条命令效果相同，默认从 library （官方镜像）找镜像，tag 默认为 latest（最新版本）
docker pull library/nginx:latest
docker pull nginx

# e.g. 2：从公共仓库中，拉取个人上传的镜像
docker pull <username>/myblog:latest

# e.g. 3：从私人仓库拉取 ryan 项目下，名为 myblog 的镜像
docker login reg.myharbor.com:4321  # 私人仓库一般都需要先登录，会将登录信息保存到本地
docker pull reg.myharbor.com:4321/ryan/myblog

Write your own Dockerfile, and then build a mirror by Dockerfile (later re-elaborate syntax Dockerfile):

# --tag 可以缩写成 -t，用于指定镜像的 [镜像名:<tag>]，其中 <tag> 可省略。
docker build --tag friendlyhello .  # 使用当前目录下的 Dockerfile 构建镜像，并且`镜像名:tag`为 `friendlyhello:latest`

2. View / Delete Mirror

View mirror list:

docker image ls -a     # 列出当前机器上的所有镜像
docker images -a       # 上一条命令的缩写

docker images -a <image name>  # 查找名为 <image name> 的镜像

Remove the mirror:

docker image rm <image id>
docker image rm <image name>:<tag>  # 删除 <image name> 镜像的一个 tag

docker rmi <xxx>  # `docker image rm <xxx>` 的缩写

docker image ls -f dangling=true  # 列出所有虚悬镜像（即仓库名和 tag 都为 none 的镜像）
docker image prune  # 清除所有未被使用的虚悬镜像（被依赖了的虚悬镜像无法直接清除，见后）

docker image rm $(docker image ls -a -q)  # 删除本机的所有镜像（危险操作）

If a normal mirror, or a container dependent on some dangling mirror, that these dangling mirror can not be directly deleted. You need to delete the image or the upper container.

When you remove the upper Mirror, it was all just dangling dependent on the mirror will be automatically removed. However, after removing the upper container, also with a manually docker image pruncleared by suspending it uses the virtual image.

3. Start container

1. docker run: A new container and run commands from the specified image, and then terminates. Standard procedure is as follows:
   • Check whether there are specific local mirror, there is no downloaded from a public warehouse
   • Use a mirror to create and launch container
   • Assign a file system, and a mirror mounted on the outside layer of the read-only and writable layer
   • Host bridge configuration from the host bridge interface to a virtual interface to the container
   • Configuring an ip address from the address pool container
   • Execution of the application specified by the user
   • After completion of the implementation of the container is terminated

# 在 ubuntu 18.04 中输出 Hello World
# --rm 表示，容器终止运行后，自动删除该容器
docker run --rm ubuntu:18.04 /bin/echo 'Hello world'

# 进入容器的 bash 终端
# -i 使容器的 stdin 保持打开，-t 为容器分配一个伪 tty。
# 结合使用上述两个选项 `-it`，效果类似 ssh 远程连接。
docker run -it ubuntu:18.04 /bin/bash

# P.S. 其实只需要 -i 参数，就能和容器进行交互了，敲命令能得到回复。
# -t 添加的伪终端，感觉只是在每个命令行开头加了个 `root@25d5c233769b:/# ` 这样的提示符。

1. docker run -d: The new container running in the background

# 在后台启动一个 nginx 容器，提供静态网站访问功能，或者做代理
# -d 表示在后台运行该容器，--rm 使容器在终止后被自动删除
docker run -d --rm my-nginx:latest

# --restart=always 容器意外退出时，总是自动重启。以保证服务总是可用。
# --name my-blog  为容器取个有意义的名字，可在任何命令中，用该名字替换 container id 使用
docker run --rm -d -restart=always --name my-blog my-nginx:latest

# 前台运行的容器，stdout 会被定向到本机的 stdout，所以能直接看到命令的输出
# 而后台运行的容器，就需要通过下面的命令查看输出了
docker logs <container id / container name>  # 查看指定容器的 logs，更详细的参数请 man
docker logs -f <container id / container name>  # 持续地输出容器的日志（ctrl-c 退出）

1. View a list of container, start / stop container, remove the container

docker container ls -a  # 列出所有容器
docker ps -a  # 上一条命令的缩写

docker container start <container id / container name>   # 启动一个已经终止运行的容器
docker container stop <container id / container name>   # 终止一个正在运行的容器（该容器可能在后台工作，也可能是正被别的 shell 运行）

docker container rm  <container id / container name>    # 删除一个未运行的容器
docker container rm -f <container id / container name>   # 强制删除容器，即使该容器正在运行

docker container prune  # 清理掉所有已终止的容器

docker [start|stop|rm] <xxx>  # 上述命令的缩写，container 可省略

1. Login container:

# 1. 使用 attach 命令登入（不推荐！！）
# 将容器的 stdin/stdout/stderr 与当前终端接驳，容器切换到前台运行。
# 特别注意的是，因为容器切换到了前台运行，退出会导致容器终止！因此才不推荐用此命令。
docker container attach <container id / container name>`  # 可缩写成 `docker attach xxx`

# 2. 使用 exec 命令登入（推荐方式）

4. The image import and export / container

4.1 Mirroring the import and export

Mirroring can be shared by central warehouse, but in some cases, we just want to quickly share the image to a machine. That's where import and export functions of the mirror:

# a. 将指定镜像导出为 tar 文件
# 注意：如果同名则会覆盖（没有警告）
docker save <imagename>:<tag> -o <filename>

# 使用 gzip 进一步压缩
docker save <imagename>:<tag> | gzip > <imagename>-<tag>.tar.gz

# b. 从指定文件加载镜像
docker load -i <imagename>-<tag>.tar.gz  # 不需要先解压

The introduction export command, combined SSH, can be done quickly share mirror:

docker save <镜像名> | bzip2 | pv | ssh <用户名>@<主机名> 'cat | docker load'

# pv：即 Pipe Viewer，意思是通过管道显示数据处理进度的信息。一般需要自行安装。
# yay -S pv 或 sudo apt-get install pv 或 yum install pv

Import and export container 4.2

Although the container layer should not save any dynamic data,
but there are special circumstances (or too much food), we put some necessary things into the container layer, can now make the vessel to operate on another machine.
Or container runs out of the question, we need to guide it out of the cause of the problem.

This time, we need to do import and export of container:

# 将容器的当前快照导出为文件
docker export [container id / container name] > ubuntu.tar

# 从文件将容器快照导入为镜像
# 注意！！！是导入成了镜像！并且为这个镜像指定了 [name:tag]
cat ubuntu.tar | docker import - test/ubuntu:v1.0

reference

• Docker - from entry to practice