1. Basic management and concepts of docker
1. Concept
docker: open source application container engine. Developed based on go language. An open source lightweight "virtual machine" running on a Linux system
Docker's container technology can be used to easily create a lightweight, portable, self-sufficient container for any application on a single host.
Docker's host is a Linux system. Containers can be understood as mutually isolated containers (components, applications APP), each container is an independent application
2. The design purpose of docker:
build,ship and run,anywhere
build: The packaged program only needs to be deployed before it can be used. One package
ship and run: Once packaged, the program can be run in any environment.
anywhere: any host
Package once, run anywhere.
Encapsulation - Release - Deployment - Run - Maintenance - Destruction
Application lifecycle can be managed in a comprehensive way
3. Why docker is popular:
- Flexible: Containerization can also be implemented in complex programs
- Lightweight: a small, incomplete, minimally packaged program that shares a kernel with the host
- Interchangeability: can be upgraded and updated at any time.
- Portable: It can be built locally and deployed on the cloud platform. Run anywhere
- Extensible: Automatically distribute container copies.
- Stackable: Different versions of the same container can be created on a host, or multiple containers of the same version can be created.
Linux namespace: namespace. It is a kernel feature that allows a group of system resources to be isolated. Processes in a namespace can have independent resources in the system.
4. Six isolations of namespace
- UTS (namespace), system call parameter: CLONE_NEWUTS. Isolation content: Isolate the host and domain name, create a process in the UTS namespace, and the process can see its own host name and domain name, separated from other processes
- Parameters of the IPC system call: CLONE_NEWIPC. Isolation content: Isolate semaphores, message queues, and common memory. In the IPC namespace, processes can have an independent inter-process communication resource.
- PID system call parameter: CLONE_NEWPID. Isolation content: Each process has its own independent process number space.
- network system call parameters: CLONE_NEWNET isolation content: network stack, and port. Each process has its own independent network process
- mount system call parameters: CLONE_NEWNS. Isolation content: Mount point. In the mount namespace, each process or device has its own file system mount point and does not interfere with each other.
- user system call parameter: CLONE_NEWUSER. Isolate different users and user groups
Based on these six isolation items, resource isolation between containers and between containers and hosts is achieved.
https://hub.docker.com/
5. Core components of docker:
Image: the basis of docker and the smallest unit of docker, similar to the ISO file of a virtual machine. An image is an executable package that contains all the content to run the program (code, configuration files, environment variables)
The docker image can also be understood as a compressed package, but it is not an unzipped file. It is a script for environment deployment and even contains a complete operating system.
Containers: Docker containers are instances that run based on images and can be started, stopped, and deleted. Each container is isolated from each other and invisible to each other.
Warehouse: Saves images. All images are pulled from the warehouse. There can be public warehouses or private warehouses. Images are pulled from the warehouse, and the images are also stored in the warehouse.
Downloaded to local: image, container, log /var/log/docker host
6. The difference between docker and virtual machines:
characteristic:
| docker |
virtual machine |
|
| Startup speed |
Second level |
Minute level |
| Computing power loss |
almost none |
50% loss |
| performance |
Close to native system |
Weaker than original system |
| System support |
Thousands |
Looking at hardware systems (dozens) |
| Isolation |
Resource isolation |
complete isolation |
| safety |
Poor security |
Strong security |
2. Docker installation and deployment:
Install Docker
Currently Docker only supports 64-bit systems.
systemctl stop firewalld.service
setenforce 0
#Install dependency packages
yum install -y yum-utils device-mapper-persistent-data lvm2
--------------------------------------------------------------------------------------------
yum-utils: Provides the yum-config-manager tool.
device mapper: is a universal device mapping mechanism in the Linux kernel that supports logical volume management.
It provides a highly modular kernel architecture for implementing block device drivers for storage resource management.
The device mapper storage driver requires device-mapper-persistent-data and lvm2.
--------------------------------------------------------------------------------------------
#Set Alibaba Cloud mirror source
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#Install Docker-CE and set it to start automatically at boot
yum install -y docker-ce docker-ce-cli containerd.io
docker-ce (Docker Community Edition): This is the community edition of Docker.
Docker Community Edition is free and is intended for developers, small teams, and individuals. It contains Docker Engine,
This is an open source container runtime for building and running containers.
docker-ce-cli (Docker Command Line Interface): This is Docker’s command line tool.
It allows users to interact with Docker Engine and perform container-related operations.
With the Docker CLI, users can build, run, manage, and publish containers.
containerd.io: It is responsible for managing the life cycle of containers, including container creation, running, suspension, continuation and destruction.
systemctl start docker.service
systemctl enable docker.service
docker-ce: community version of docker, free. For developers, small teams and individual use
docker-ce-cli: Provides command line tools for docker
contarnerd.io: load management container life cycle, create, run, stop, continue, destroy
Docker can only support 64-bit systems
Start docker and start automatically after booting
The installed Docker system has two programs, Docker server and Docker client. The Docker server is a service process.
Responsible for managing all containers.
The Docker client acts as the remote controller of the Docker server.
Can be used to control Docker's server process.
In most cases, the Docker server and client run on the same machine.
Docker operation commands
View docker version information
docker version
docker information view
docker info
overlay2: driver for the file system used by docker
overlayFS: overlay file system: joint file system, used to adapt to the host's file system, which can be automatically adapted.
LowerDir: the bottom directory. Is the root file system of one or more image files
UpperDir: Writable layer. Write operations can be performed within the container while the container is running. Implement container writability
MergeDir: merge directories. lowerdir and upperdir are combined. It is the file system of the container, and what the user sees is this merged view.
WorkDir: working directory. To handle file system changes, overlayfs uses workdir to track file system changes when writing operations are performed within the container.
3. Docker image operation:
docker search image name
docker search nginx
docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 19311 [OK]
NAME: Lists the name of the Docker image, here is "nginx".
DESCRIPTION: Displays a brief description of the image. Here, is the official build of Nginx.
STARS: Shows the star rating of the image on Docker Hub. Here, there are 19311 stars indicating that this image is quite popular.
OFFICIAL: Indicates whether the image is an official build. Here, "[OK]" means it's an official build.
AUTOMATED: Shows whether the image was automatically built. No specific information is shown here.
1. Get the image
Format: docker pull image name[:label]
If you do not specify a tag when downloading the image, the latest version of the image in the warehouse will be downloaded by default, that is, the latest tag will be selected.
docker pull nginx
2. Mirror accelerated download
Visit https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors with your browser to obtain the mirror accelerator configuration.
3. View image information
The image is downloaded and stored in /var/lib/docker.
Docker-related local resources are stored in the /var/lib/docker/ directory, where the containers directory stores container information.
The image directory stores image information, and the overlay2 directory stores specific image underlying files.
If an image has multiple tags, when deleting, only the tags will be deleted. If there is only one tag, the image itself will be deleted.
If the image is already used by a container, stop the container first, then delete the container, and finally delete the image.
View downloaded image file information
cat /var/lib/docker/image/overlay2/repositories.json
View all images downloaded locally
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest ae2feff98a0c 9 days ago 133MB
REPOSITORY: The warehouse to which the image belongs;
TAG: Image tag information, marking different images in the same warehouse;
IMAGE ID: The unique ID number of the image, uniquely identifies an image;
CREATED: Image creation time;
VIRTUAL SIZE: Image size;
Obtain image details based on the image's unique ID number
Format: docker inspect image ID number
docker inspect ae2feff98a0c
OverlayFS (Overlay File System) is a federated file system commonly used in container technologies such as Docker.
It allows multiple file systems to be layered together to create a unified file system view.
In OverlayFS, there are several important concepts: LowerDir, UpperDir, MergedDir and WorkDir.
4. Add a new label to the local image
Format: docker tag name: [tag] new name: [new tag]
docker tag nginx:latest nginx:web
docker images | grep nginx
5. Delete the image
Format:
docker rmi warehouse name: label #When an image has multiple labels, just delete the specified label
or
docker rmi image ID # will completely delete the image
Note: If the image is already used by a container, the correct approach is to first delete all containers that depend on the image, and then delete the image.
docker rmi nginx:web
6. Save the image: Save the image as a local file
Format: docker save -o storage file name stored image
docker save -o nginx nginx:latest #Save the image and name it nginx and store it in the current directory
docker save -o /opt/nginx.tar nginx:latest #Specify the path to save the docker image.
ls -lh
7. Load image: Import the image file into the image library
Format:
docker load < saved file
or
Docker load -i saved files
docker load -i /opt/nginx.tar
8. Upload the image: to the docker Hub official public warehouse
By default, it is uploaded to the Docker Hub official public warehouse, and you need to register an account to use the public warehouse. https://hub.docker.com
You can use the docker login command to enter your username, password, and email to complete registration and login.
Before uploading the image, you need to add a new tag to the local image, and then use the docker push command to upload it.
docker tag nginx:latest koedaa/nginx:web #When adding a new tag, you must add your own dockerhub username in front of it
docker login #Log in to docker hub warehouse
Username:koedaa
password:ecydhrk123
docker push koedaa/nginx:web #Upload image
4. Docker container operation
1. Container creation:
It is the process of loading the image into the container.
The newly created container is stopped by default and does not run any programs. A process needs to be initiated in it to start the container.
Format: docker create [options] image
Common options:
-i: Let the container open standard input to accept user input commands
-t: Let Docker allocate a pseudo terminal tty
-it: Together, it can interact with the container and run an interactive session shell
docker create -it nginx:latest /bin/bash
2. Check the running status of the container
docker ps to view running containers
docker ps -a View all containers, including running and not running ones
3. Start the container
Format: docker start container ID/name
docker start 8b0a7be0ff58
docker ps -a
4. Create and start the container
You can directly execute the docker run command, which is equivalent to executing the docker create command first and then the docker start command.
Note: A container is a terminal that coexists with the shell command/process running in it. The command/process runs the container, and the command/process ends and the container exits.
By default, the docker container will use the first process inside the container, that is, the program with pid=1, as the basis for whether the docker container is running.
If the process with pid = 1 in the docker container hangs, the docker container will exit directly, which means that there must be a foreground process in the Docker container, otherwise the container will be considered to have hung.
When using docker run to create a container, the standard running process of Docker in the background is:
(1) Check whether the specified image exists locally. When the image does not exist, it will be downloaded from the public repository;
(2) Use the image to create and start a container;
(3) Allocate a file system to the container and mount a read-write layer outside the read-only image layer;
(4) Bridge a virtual machine interface to the container from the bridge interface configured on the host host;
(5) Assign an IP address in an address pool to the container;
(6) Execute the application specified by the user. After the execution is completed, the container is terminated.
docker run centos:7 /usr/bin/bash -c ls /
docker ps -a #You will find that a new container is created and starts executing a shell command, then stops.
5. Continue running the container created by docker run in the background
You need to add the -d option after the docker run command to let the Docker container run in the background as a daemon. And the program running by the container cannot be ended.
docker run -itd --name test1 centos:7 /bin/bash #Create a container and continue to run the container
-d: allows the created container to run in the background as a daemon, and the program running in the container will not end.
docker run -itd --name test1 nginx:1.22.0 /bin/bash
1. Can I run it directly without a mirror?
2. What program is running?
1. If there is no mirror, it can be automatically pulled.
2. -d combination gives the container a command to continue running. If there is no instruction in the background and the container has no runnable program, it will exit directly.
-it forms an interactive session
d runs /bin/bash in the background
--name Name the container
nginx:1.22.0: Mirror name and label, if not available locally. Can be downloaded automatically
6. Terminate the container running
Format: docker stop container ID/name
docker stop 2592d3fad0fb
docker ps -a
7. Entry of the container
When you need to enter the container for command operations, you can use the docker exec command to enter the running container.
Format: docker exec -it container ID/name /bin/bash
The -i option means to keep the container's input open;
The -t option tells Docker to allocate a pseudo terminal.
docker start 2592d3fad0fb #Before entering the container, make sure the container is running
docker exec -it 2592d3fad0fb /bin/bash
ls
exit #After exiting the container, the container is still running
docker ps -a
docker run -it centos:7 bash # Without the -d option, you will create the container and directly enter the container for interaction, but when you exit the container, the container will also stop
8. Copy to container
echo abc123 > ~/test.txt
docker cp ~/test.txt 2592d3fad0fb:/opt/
docker exec -it test1 /bin/bash
9. Copy files from container to host
docker cp 2592d3fad0fb:/opt/test.txt ~/abc123.txt
10. Export and import of containers
Users can migrate any Docker container from one machine to another. During the migration process, you can use the docker export command to export the created container as a container snapshot file, whether the container is running or stopped. The exported files can be transferred to other machines and the container can be migrated through the corresponding import commands.
Export format: docker export container ID/name > file name
docker export 2592d3fad0fb > centos7.tar
docker export -o centos7.tar 2592d3fad0fb
Import format: cat file name | docker import – image name: label
cat centos7.tar | docker import - centos7:test #After importing, the image will be generated, but the container will not be created.
docker import centos7.tar -- centos7:test
The imported image label name cannot be the same as the existing one, and must be distinguished.
The imported container is still an image and must be run or created to become a container.
The imported container image that has been configured can be used directly (we all use the container image that has been set up and configured for development)
Features of docker: Even if an error is reported during the creation process, the container will still be created, but the container will not be available.
Import an image or container image. If it duplicates an existing tag, import the image or container image, and the tag item will become none.
11. Delete the container
Format: docker rm [-f] container ID/name
docker stop 2592d3fad0fb
docker rm 2592d3fad0fb #Delete the terminated container
docker rm -f 2592d3fad0fb #Force deletion of running containers
docker ps -a | awk 'NR>=2{print "docker stop "$1}' | bash #Stop containers in batches
docker ps -a | awk 'NR>=2{print $1}'| xargs docker stop
docker ps -a | awk 'NR>=2{print "docker rm "$1}' | bash #Delete all containers in batches
docker ps -a | awk 'NR>=2{print $1}'| xargs docker rm
docker images | awk 'NR>=2{print "docker rmi "$3}' | bash #Batch delete images
docker images | grep none | awk '{print $3}' | xargs docker rmi #Delete none image
docker rm $(docker ps -a -q) #Batch clean up background stopped containers
5. Summary:
docker: lightweight virtual machine, the host is Linux
The core of docker:
Mirror: only with mirrors can there be containers
container
storehouse
docker command:
docker search search
docker pull nginx:1.22.0 to get the image
docker images View the images in the system
docker rmi -f forcefully deletes the image (deleting the running image will affect the container?)
docker tag nginx:1.22.0 (the existing tag in the image) nginx:test (give him a new tag), the tag is equivalent to a hard link, copying the source image
docker save -o /opt/nginx.tar (usually in xxx.tar format) nginx:1.22.0 (this image must already exist)
docker load -i xxx.tar import image
docker push koedaa/nginx:test
koedaa: dockerhup username followed by the image name and label
docker container: Containers are created based on images
-itd: Indicates running the specified program in the background and creating an interactive shell where the user can output operating commands
docker run -itd --name test1 nginx:1.22.0 /bin/bash
If there is no executable command /bin/bash in the container, the container will exit immediately after the creation is completed.
docker exec -it container name/container id
docker ps only shows running containers
docker ps -a shows all containers, including those that are not running
docker export -o test.tar container name/container id How to export the container
docker import test.tar --nginx:test2 (try not to repeat the label name, it will become none)
Import and export container configuration files:
docker cp container name/container id:/etc/nginx/nginx.conf /opt/
docker cp /opt/nginx.conf container name/container id:/etc/nginx/
docker rm delete container
Running container:
docker rm -f force deletion
docker stop close first
docker rm and then delete