docker
Containers in docker:
- lxc --> libcontainer --> runC
OCI&OCF
OCI
Open Container-initiative
- Led by the Linux foundation, it was founded in June 2015
- It aims to develop an open industrial standard around container format and runtime
- contains two specifications
the Runtime Specification(runtime-spec)
the Image Specification(image-spec)
OCF
Open Container Format
-runC is a CLI tool for spawning and running containers according to the OCI specification
- Containers are started as a child process of runC and can be embedded into various other systems without having to run a daemon
- runC is built on libcontainer, the same container technology powering millions of Docker Engine installations
docker provides a site dedicated to container images: https://hub.docker.com/.
docker image and image warehouse
The name of the image warehouse is registry. In docker, the name of the warehouse is named after the name of the application.
The image is static, while the container is dynamic. The container has its life cycle. The relationship between the image and the container is similar to that between the program and the process. The image is similar to the program file in the file system, while the container is similar to the state in which a program runs, that is, the process. Therefore, containers can be deleted. After a container is deleted, its image will not be deleted.
Installation of docker
[root@localhost ~]# cd /etc/yum.repos.d/ [root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo [root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo [root@localhost ~]# yum -y install docker-ce
docker acceleration
The configuration file of docker CE is / etc/docker/daemon.json, which does not exist by default. We need to create and configure it manually, and the acceleration of docker is realized by configuring this file.
docker can be accelerated in many ways:
docker cn
Accelerator of China University of science and technology
Alicloud accelerator (you need to register an account through alicloud Developer Platform and use your own accelerator for free)
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# docker info
···
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://docker.mirrors.ustc.edu.cn/
Live Restore Enabled: false
docker common commands
Docker view docker basic information and command list
[root@localhost ~]# docker
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default
context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Build with BuildKit (Docker Inc., v0.6.3-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
scan* Docker Scan (Docker Inc., v0.9.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
docker info view docker information
[root@localhost ~]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0) ······
Docker version view docker version information
[root@localhost ~]# docker version Client: Docker Engine - Community Version: 20.10.11 API version: 1.41 Go version: go1.16.9 Git commit: dea9396 Built: Thu Nov 18 00:36:58 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.11 API version: 1.41 (minimum version 1.12) Go version: go1.16.9 Git commit: 847da18 Built: Thu Nov 18 00:35:20 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.12 GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc: Version: 1.0.2 GitCommit: v1.0.2-0-g52b36a2 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker search search image Mirror warehouse.
[root@localhost ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 15893 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con... 2098 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of... 819 [OK] jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho... 285 ······
docker pull pull image
[root@localhost ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx eff15d958d66: Pull complete 1e5351450a59: Pull complete 2df63e6ce2be: Pull complete 9171c7ae368c: Pull complete 020f975acd28: Pull complete 266f639b35ad: Pull complete Digest: sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest
docker images view installed images
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest ea335eea17ab 2 weeks ago 141MB
docker run runs a container, automatically pulls images, automatically creates containers, and automatically runs
docker run [options] image [command] options: -a stdin: Specifies the standard input / output content type, optional stdin/stdout/stderr -i: Run the container in interactive mode, usually with-t Simultaneous use -t: Reassign a pseudo input terminal to the container -P: Random port mapping: the internal port of the container is randomly mapped to the port of the host -p: Specify port mapping, for example: host port:Container port --name: Specify a name for the container --dns: Specifies the container to use DNS The server -v: Bind a volume [root@localhost ~]# docker run -itd --name nginx1 nginx 0fbb5c053e4be1f8bf06b2ad544c8e22de9009d2949bd5381d3c3ac9188a3377
docker create creates a new container and does not run
[root@localhost ~]# docker create --name nginx2 nginx b80f60f520bf46cea6fd5d0c6c0df97dc28a69a60996148fa508c182a8806140
docker ps lists running containers docker ps -a this lists all containers
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0fbb5c053e4b nginx "/docker-entrypoint...." About an hour ago Up About an hour 80/tcp nginx1 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b80f60f520bf nginx "/docker-entrypoint...." 15 minutes ago Created nginx2 0fbb5c053e4b nginx "/docker-entrypoint...." About an hour ago Up About an hour 80/tcp nginx1
docker start opens one or more closed containers
[root@localhost ~]# docker start b80f60f520bf b80f60f520bf [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b80f60f520bf nginx "/docker-entrypoint...." 16 minutes ago Up 5 seconds 80/tcp nginx2 0fbb5c053e4b nginx "/docker-entrypoint...." About an hour ago Up About an hour 80/tcp nginx1
docker stop stop container
[root@localhost ~]# docker stop 0fbb5c053e4b 0fbb5c053e4b [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b80f60f520bf nginx "/docker-entrypoint...." 18 minutes ago Up 2 minutes 80/tcp nginx2
docker kill kill container
[root@localhost ~]# docker kill b80f60f520bf b80f60f520bf [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]#
docker attach to a running container
[root@localhost ~]# docker attach nginx1
docker exec enters the container
[root@localhost ~]# docker exec -it /bin/bash nginx1 Error: No such container: /bin/bash [root@localhost ~]# docker exec -it nginx1 /bin/bash root@0fbb5c053e4b:/# ls bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var boot docker-entrypoint.d etc lib media opt root sbin sys usr
docker logs view container logs
[root@localhost ~]# docker logs nginx1 /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh ······
docker rm delete container
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b80f60f520bf nginx "/docker-entrypoint...." About an hour ago Exited (137) 10 minutes ago nginx2 0fbb5c053e4b nginx "/docker-entrypoint...." 2 hours ago Exited (0) 44 minutes ago nginx1 9bf5e5ab90f6 nginx "/docker-entrypoint...." 2 hours ago Exited (0) 2 hours ago angry_booth [root@localhost ~]# docker rm 9bf5e5ab90f6 9bf5e5ab90f6 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b80f60f520bf nginx "/docker-entrypoint...." About an hour ago Exited (137) 10 minutes ago nginx2 0fbb5c053e4b nginx "/docker-entrypoint...." 2 hours ago Exited (0) 45 minutes ago nginx1
docker rmi
[root@localhost ~]# docker rmi -f nginx Untagged: nginx:latest Untagged: nginx@sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> ea335eea17ab 2 weeks ago 141MB [root@localhost ~]#