Docker overview
Docker is an open source tool for running applications in Linux. It is a lightweight virtual machine. It was born in 2013. Its original initiator is dotCloud company. Its design purpose is "Build, Ship and Run Any App,Anywhere", that is, through the management of the life cycle of application packaging, release, deployment and operation, it can achieve "one-time packaging" at the application component level, "Run everywhere"
The difference between Docker and traditional virtualization
| characteristic | Docker container | virtual machine |
|---|---|---|
| Computing power loss | Almost none | The loss is about 50% |
| performance | Near primary | Weaker than primary |
| Single machine quantity supported by the system | Hundreds of | Dozens |
| Isolation | Resource limitation (process isolation) | Complete isolation |
| Disk occupancy | MB | GB |
Docker principle
cgroup (resource control) and namespace (namespace) are two components, which control and manage six namespaces
6 namespaces:
- User: the user and user group of the operation process
- net: network equipment and port
- pid: process number
- uts: host name and main sentence field
- ipc: memory space used for communication between applications
- Mount: file system and mount point
Docker three components
- Image: a collection of resources, including applications, related dependent packages and running environments, which is equivalent to the template of the container
- Container: a run-time state based on a mirror image. Each container is isolated from each other
- Warehouse: store image images
Docker network mode
- HOST mode: the docker container does not have its own network card and IP, but uses the IP and port of the HOST, and shares a network namespace with the HOST. Its greatest advantage is that the network performance is relatively good, but because it uses the IP address of the HOST directly, its isolation is not good and its security is relatively low
- Container mode: the container does not create its own network card and IP, but shares the IP and port range with a specified container. It does not share the IP address with the host. Compared with the host mode, the security is higher. The processes of the two containers can communicate through the lo:0 network card device
- None mode: in this mode, the container has only lo loopback network card, and the network function is turned off
- Bridge mode: this mode will set the IP address for each container, connect the container to a docker virtual network, communicate with the host through the docker0 bridge and the nat table configuration of iptables, and allocate an IP from the docker0 subnet to the container
Dockerfile
- Each instruction in Dockerfile creates a new mirror layer
- The mirror layer will be cached and reused (the former layer will be cached for the later layer)
- When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image layer cache will become invalid
- After a layer's image cache is invalidated, all its image layer caches will be invalidated. The image layer is immutable. If a file is added in one layer and then deleted in the next layer, the file will still be included in the image
Layering of Docker image
The docker image is built based on AUFS (which can combine the contents of multiple files)
Docker installation and deployment
##Install dependent packages
[root@docker ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
##Set alicloud image source
[root@docker ~]# cd /etc/yum.repos.d/
[root@docker yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
##Install docker CE Community Edition
[root@docker yum.repos.d]# yum install -y docker-ce
[root@docker yum.repos.d]# systemctl start docker
[root@docker yum.repos.d]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
##Here, we do not need the image warehouse for the time being, but set the image acceleration. The image acceleration can be obtained free of charge at Alibaba
[root@docker yum.repos.d]# mkdir -p /etc/docker
[root@docker yum.repos.d]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://r4f0p1ia.mirror.aliyuncs.com"]
> }
> EOF
[root@docker yum.repos.d]# systemctl daemon-reload
[root@docker yum.repos.d]# systemctl restart docker
##network optimization
[root@docker yum.repos.d]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@docker yum.repos.d]# systemctl restart network
[root@docker yum.repos.d]# systemctl restart docker
##Modify profile
[root@docker yum.repos.d]# cd /etc/docker/
[root@docker docker]# ls
daemon.json key.json
[root@docker docker]# vim daemon.json ##Add the following
{
"graph": "/data/docker", ##Data directory
"storage-driver": "overlay2", ##Storage engine
"insecure-registries": ["registry.access.redhat.com","quary.io"] ##Private warehouse
"regustry-mirrors": ["https://r4f0p1ia.mirror.aliyuncs.com"] ## Image acceleration
"bip": "172.7.5.1/24", ##docker network
"exec-opts": ["native.cgroupdriver-systemd"], ##Additional parameters at startup
"live-restore": true
}
Docker command
Manage mirroring
##View docker version [root@docker yum.repos.d]# docker -v Docker version 20.10.8, build 3967b7d ##Download the image from the official docker hub [root@docker docker]# docker pull hello-world:latest latest: Pulling from library/hello-world b8dfde127a29: Pull complete Digest: sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1 Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest ##View mirror [root@docker docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 5 months ago 13.3kB ##Run mirror [root@docker docker]# docker run hello-world ##Search image [root@docker ~]# docker search nginx ##View image information [root@docker ~]# Docker inspect d1165f222234 (container ID) ##Label the image [root@docker ~]# docker tag hello-world:latest hello-world:whd [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 6 months ago 13.3kB hello-world whd d1165f221234 6 months ago 13.3kB centos 7 8652b9f0cb4c 9 months ago 204MB ##Delete image, docker rmi image name / label [root@docker ~]# docker rmi hello-world:whd Untagged: hello-world:whd [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 6 months ago 13.3kB centos 7 8652b9f0cb4c 9 months ago 204MB ##Export image as file [root@docker ~]# docker save -o hello-world hello-world:latest [root@docker ~]# ls anaconda-ks.cfg hello-world initial-setup-ks.cfg Public template video picture document download music desktop [root@docker ~]# scp hello-world root@192.168.118.88:/opt ##Incoming to another server [root@node2 opt]# docker load < hello-world ##Import mirror f22b99068db9: Loading layer [==================================================>] 15.36kB/15.36kB Loaded image: hello-world:latest [root@node2 opt]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 6 months ago 13.3kB
Container operation
[root@docker ~]# docker run hello-world ##Run a mirror as a container [root@docker ~]# docker ps -a ##View all container status CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f5d09aed4e48 hello-world "/hello" 11 seconds ago Exited (0) 10 seconds ago festive_wiles [root@docker ~]# docker rm f5d09aed4e48 ##Delete containers. Only those that are not running can be deleted. Add - f to force the deletion of running containers f5d09aed4e48 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ##Create container [root@docker ~]# docker create -it nginx:latest /bin/bash 978de36e212ce0611030e85f3c45dac885bed07989dcbefcee7ba4d79b482d8e [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 978de36e212c nginx:latest "/docker-entrypoint...." 7 seconds ago Created dazzling_pascal [root@docker ~]# docker start 978de36e212c ##Start container based on container ID 978de36e212c [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 978de36e212c nginx:latest "/docker-entrypoint...." 23 seconds ago Up 3 seconds 80/tcp dazzling_pascal ##Create container at once [root@docker ~]# docker run centos:7 /usr/bin/bash -c ls / [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 720bc6dc8403 centos:7 "/usr/bin/bash -c ls..." 13 seconds ago Exited (0) 12 seconds ago romantic_khorana 978de36e212c nginx:latest "/docker-entrypoint...." 14 minutes ago Up 13 minutes 80/tcp dazzling_pascal ##Stop container [root@docker ~]# docker stop 978de36e212c 978de36e212c [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 720bc6dc8403 centos:7 "/usr/bin/bash -c ls..." 3 minutes ago Exited (0) 3 minutes ago romantic_khorana 978de36e212c nginx:latest "/docker-entrypoint...." 18 minutes ago Exited (137) 6 seconds ago dazzling_pascal ##Continuous background operation [root@docker ~]# docker run -d centos:7 /usr/bin/bash -c "while true;do echo hello;done" 4f3e6ae802c124acd0ae2927f00f51aba0d95aaaf315fac5ac1be1d0dc3e4694 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4f3e6ae802c1 centos:7 "/usr/bin/bash -c 'w..." 6 seconds ago Up 5 seconds musing_chaplygin 720bc6dc8403 centos:7 "/usr/bin/bash -c ls..." 9 minutes ago Exited (0) 8 minutes ago romantic_khorana 978de36e212c nginx:latest "/docker-entrypoint...." 23 minutes ago Exited (137) 5 minutes ago dazzling_pascal ##Enter container [root@docker ~]# docker exec -it 4f3e6ae802c1 /bin/bash #The container must be open [root@4f3e6ae802c1 /]# exit #To exit the container, you can also use ctrl+d ##Export container [root@docker ~]# docker export 720bc6dc8403 > centos7_01 [root@docker ~]# ls anaconda-ks.cfg centos7_01 hello-world initial-setup-ks.cfg Public template video picture document download music desktop [root@docker ~]# docker import centos7_01 centos:7 ##To import a container to generate an image, delete the original image first sha256:b8fd67de266efab02246838b6fa0579f9d7371a0a22b757a242de1dd9e276c03 [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos 7 b8fd67de266e 8 seconds ago 204MB nginx latest 822b7ec2aaf2 3 hours ago 133MB hello-world latest d1165f221234 6 months ago 13.3kB
Network management
[root@docker ~]# docker network ls ##View network list NETWORK ID NAME DRIVER SCOPE 27c66017f197 bridge bridge local 81e631b13efa host host local f330b96785dc none null local ##Custom network [root@docker ~]# docker network create --subnet=172.18.0.0/16 mynetwork #No network mode is specified. The default is bridge [root@docker ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 27c66017f197 bridge bridge local 81e631b13efa host host local da866d133585 mynetwork bridge local f330b96785dc none null local [root@docker ~]# docker run -itd --name test2 --net mynetwork --ip 172.18.0.100 centos:7 /bin/bash fdd8a497d4daa9f89976da05ed4f25dbb89fe15347930738dcc5bbe803083cb1 ##Add nginx service and set nat port mapping [root@docker ~]# docker run -itd --name nginx_01 --network mynetwork --ip 172.18.0.10 nginx:latest /bin/bash 66b34e794169a7817057b10afce835103136c600220d5e9075a9605664b3de87 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 66b34e794169 nginx:latest "/docker-entrypoint...." 12 seconds ago Up 11 seconds 80/tcp nginx_01 fdd8a497d4da centos:7 "/bin/bash" 25 minutes ago Up 25 minutes test2 [root@docker ~]# docker run -itd -p 333:80 nginx /bin/bash ##Specifies the port mapping fixed IP address 068caa856ec34884b9962b6cc6e8a171f3658dce22184adf0db49bf403ec3caa [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 068caa856ec3 nginx "/docker-entrypoint...." About a minute ago Up About a minute 0.0.0.0:333->80/tcp, :::333->80/tcp awesome_curie 66b34e794169 nginx:latest "/docker-entrypoint...." 5 minutes ago Up 5 minutes 80/tcp nginx_01 fdd8a497d4da centos:7 "/bin/bash" 30 minutes ago Up 30 minutes test2 [root@docker ~]# docker exec 068caa856ec3 nginx #Running services
View in browser
[root@docker ~]# docker run -itd -P nginx /bin/bash ##Use capital P to indicate random port mapping ea84118985ca363917b41da6829d263ae344a8b283f79c476b6271ce7ea3155b [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea84118985ca nginx "/docker-entrypoint...." 49 seconds ago Up 48 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp nice_meitner 068caa856ec3 nginx "/docker-entrypoint...." 5 minutes ago Up 5 minutes 0.0.0.0:333->80/tcp, :::333->80/tcp awesome_curie 66b34e794169 nginx:latest "/docker-entrypoint...." 9 minutes ago Up 9 minutes 80/tcp nginx_01 fdd8a497d4da centos:7 "/bin/bash" 35 minutes ago Up 35 minutes [root@docker ~]# docker exec ea84118985ca nginx
##Specify the container as a privileged container [root@docker ~]# docker run -itd --name centos-systemd --privileged=true centos:7 /sbin/init 55a1a7c675bcc22c5f33b48cba54779482d0106c0183fc19a7417e229644d66c [root@docker ~]# docker exec -it fdd8a497d4da /bin/bash [root@55a1a7c675bc /]# yum install -y httpd [root@55a1a7c675bc /]# systemctl start httpd [root@55a1a7c675bc /]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2021-09-04 11:32:36 UTC; 20s ago ..............................
Docker data volume
- Data volume: realize data sharing between host and container
- Data volume container: realize data sharing between containers
##Host / var/www mounts / data1 and / var/html mounts / data2 in the container
[root@docker ~]# docker run -v /var/www:/data1 -v /var/html:/data2 --name centos_v1 -it centos:7 /bin/bash
[root@8d19fd5f44a2 /]# ls ##View automatically created data1 and data2
anaconda-post.log bin data1 data2 dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
##Create files in two directories of the container
[root@8d19fd5f44a2 /]# cd data1/
[root@8d19fd5f44a2 data1]# touch txt.1
[root@8d19fd5f44a2 data1]# ls
txt.1
[root@8d19fd5f44a2 data1]# cd ../data2/
[root@8d19fd5f44a2 data2]# touch txt.2
[root@8d19fd5f44a2 data2]# ls
txt.2
##Return to host view
[root@8d19fd5f44a2 data2]# exit
[root@docker ~]# cd /var/www/
[root@docker www]# ls
txt.1
[root@docker www]# cd /var/html/
[root@docker html]# ls
txt.2
##Create a data volume container and specify that the volume is from centos_01
[root@docker html]# docker run -it --volumes-from centos_v1 --name db1 centos:7 /bin/bash
[root@aa687b5b14ba /]# cd data1/
[root@aa687b5b14ba data1]# ls
txt.1
##Container interconnection (delete all containers created earlier first)
[root@docker html]# docker run -itd --name centos_01 centos:7 /bin/bash
f7695de3066212eb55b275b23cd97ed0aa83e28016e3bb51f42e8cfc9783c5a7
[root@docker html]# docker run -itd --name centos_02 --link centos_01:centos_01 centos:7 /bin/bash
##--link setting centos_01 and centos_02 interconnection
b7b1a5c49eb00338c0d0a46b05837d0d2310f9a78b85c0df3ca1ce0c2e844bf6
[root@docker html]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7b1a5c49eb0 centos:7 "/bin/bash" 2 minutes ago Up 2 minutes centos_02
f7695de30662 centos:7 "/bin/bash" 6 minutes ago Up 6 minutes centos_01
[root@docker html]# docker inspect --format='{{.NetworkSettings.IPAddress}}' b7b1a5c49eb0
##View centos_02 container IP address
172.17.0.3
[root@docker html]# docker exec -it f7695de30662 /bin/bash #Enter centos_01 container
[root@f7695de30662 /]# yum install -y net-tools #Download the ifconfig tool, or use ipconfig to view the IP address
[root@f7695de30662 /]# ping 172.17.0.3 #
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.111 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.056 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.057 ms