Container and image
container
Common container States
- running
- stopped
- paused
- created
- deleted
Note: to view the commands used for docker status:
- docker ps: container for viewing running status
- docker ps -a: View containers in all States
- docker ps -qa: view all container ID S
- docker stop $(docker ps -qa): stop all containers
- docker rm $(docker ps -qa): delete all containers
Use of docker run command
Common options:
--Name: specify the container name
-i: interactive operation and - t are used together, which can be used by - it
-t: Allow tty
-E: set the environment variable for container startup, for example, mysql needs to specify - e mysql for container startup_ ROOT_ Password ='12345 ', etc
-d: detach, running in the background
--Network: specify a network
--restart: always,
-p: Port mapping
-v: Specify storage volume
--rm: delete after running. It needs to be used with - it, but it is mutually exclusive with - d
-m: Limit maximum memory usage
--oom kill disable: prohibit oom
--cpus: limit the CPU capacity used
[root@centos7-node1 ~]# docker run --name redis -d redis:4-alpine
Use of docker exec
Common options:
-d: background operation
-e: specify environment variable
-it: interactive mode
-u: Specify users
-w: Specify work path
[root@centos7-node1 ~]# docker container exec redis netstat -tanlp #Execute command on container [root@centos7-node1 ~]# docker exec -it redis /bin/sh /data # redis-cli #Client connection redis 127.0.0.1:6379> set hello my_name_is_wanghui OK 127.0.0.1:6379> get hello "my_name_is_wanghui"
Start stop of container
[root@centos7-node1 ~]# docker stop redis # When no storage volume is specified, data is lost after the container is stopped [root@centos7-node1 ~]# docker start redis
Other practices
[root@centos7-node1 ~]# docker image pull nginx:1.18-alpine [root@centos7-node1 ~]# docker run --name web -it --rm nginx:1.18-alpine /bin/sh #Exit the interactive mode and delete the container automatically [root@centos7-node1 ~]# docker run --name web -d nginx:1.18-alpine [root@centos7-node1 ~]# docker container exec web ifconfig #Get the ip of the creation machine [root@centos7-node1 ~]# elinks -dump 172.17.0.3 #Visit page [root@centos7-node1 ~]# docker logs web -f #View Nginx scroll log [root@centos7-node1 ~]# docker stats web #View the resource usage of the web container at runtime [root@centos7-node1 ~]# docker top web #View the process status of the web container [root@centos7-node1 ~]# docker run --name c2 -it centos:7 [root@f879de456c8d /]# [root@f879de456c8d /]# [root@centos7-node1 ~]# `ctrl+p,ctrl+q` [root@centos7-node1 ~]# docker ps #c2 is running [root@centos7-node1 ~]# docker attach c2 #Enter container
image
brief introduction
The docker image contains the file system and its contents needed to start the container, so it is used to create and start the container
- Adopt layered construction mechanism, the bottom layer is bootfs, followed by rootfs
- bootfs: the file system used for system boot, including bootloader and kernel. After the container is started, it will be unloaded to save memory resources
- rootfs: on top of bootfs, it represents the root file system of the docker container
- In the traditional mode, when the system starts, the kernel will first mount the rootfs in read-only mode, and then mount it again in read-write mode after the completion of integrity comparison
- In docker, rootfs is mounted in read-only mode by kernel, and then an additional writable layer is mounted through joint mount technology
- In the traditional mode, when the system starts, the kernel will first mount the rootfs in read-only mode, and then mount it again in read-write mode after the completion of integrity comparison
How to build docker image
- The lower level image is called the parent image, and the lowest level image is the base image
- The top layer is read-write, and the bottom layer is read-only
Type of graph driver (file system) in which the image is stored
Features: layered overlay, write time replication (COW)
This file system is built on the file system of the underlying operating system to store images. It is recommended that the underlying operating system must use xfs file system
The classification is as follows:
- Aufs: advanced multi tier unified file system
- Overlay2
- DeviceMapper(DM)
Aufs
- For joint mount of Linux file system
- aufs was previously a re implementation of unionFS, developed by Junjiro Okjima in 2006
- docker initially used aufs as the container file system layer, but now it is still supported as one of the storage backend
- The competing product of aufs is overlayfs, which started after kernel 3.18 and was incorporated into linux kernel
- Besides aufs, docker also supports btfs, devicemapper and vfs
- Under ubuntu, the default file system of docker is aufs, while on cnetos7, the device mapper is used
Docker Registry
- When the container is started, the docker daemon will try to obtain the relevant image from the local. When the local image does not exist, it will download the image from the Registry and save it to the local
Classification of docker registry
Registry is used to save the docker image, including the hierarchy and metadata of the scene
Users can build their own Registry or use the official dockerhub
- The classification is as follows:
- Sponsor restore: a third-party registry for customers and the docker community
- Mirror Registry: a third-party registry for customers only
- Vendor Registry: a Registry provided by the vendor that publishes the Docker image
- Private Registry: a Registry provided by private entities through the roommate firewall and additional security layer
Composition of Docker Registry
-
Repostory
- An image warehouse consisting of all iterative versions of a specific docker image
- There can be more than one registry
- Register can be divided into top-level warehouse and user warehouse
- User warehouse name is user name / warehouse name
- Each warehouse can contain multiple tags, and each Tag only corresponds to one image
- Index: maintain user account, image verification and public namespace information, which is equivalent to providing an interface for Registry to support authentication and retrieval
Image making and pushing
Images in docker registry are created by developers or operation and maintenance personnel, and then pushed to "public" or "private" reputation for others to use
Example: deploy to production
Use of DockerHub
- Register DockerHub account
- Create myimg warehouse
- Upload image to myimg warehouse of dockerHub
[root@centos7-node1]# docker pull busybox:latest [root@centos7-node1 ~]# docker run --name b1 -it -d busybox /bin/sh / # mkdir /data/web/html -p / # echo "<h1>this is a test page @busyboxServer</h1>" > /data/web/html/index.html [root@centos7-node1 ~]# docker container commit b1 wanghui122725501/myimg:v0.1 #Package image of another terminal [root@centos7-node1 ~]# docker images #View image REPOSITORY TAG IMAGE ID CREATED SIZE wanghui122725501/myimg v0.1 baf6ad6a846f About a minute ago 1.22MB [root@centos7-node1 ~]# docker run --name mybbox1 -it wanghui122725501/myimg:v0.1 #Run container / # ls /data/web/html/ #This file has been written to the file system [root@centos7-node1 ~]# docker login #Log in to dockerhub [root@centos7-node1 ~]# docker push wanghui122725501/myimg:v0.1 #Push image [root@centos7-node1 ~]# docker container commit -p -a "wanghui@yeecall.com" -c "CMD ['/bin/httpd -f -h /data/web/html']" b1 wanghui122725501/myimg:v0.2 #Run httpd in the foreground [root@centos7-node1 ~]# docker tag wanghui122725501/myimg:v0.2 wanghui122725501/myimg:latest [root@centos7-node1 ~]# docker push wanghui122725501/myimg:v0.2 #Image push -----Another terminal, access b1 container [root@centos7-node1 ~]# docker exec -it b1 sh / # /bin/httpd -f -h /data/web/html/ #Execute httpd [root@centos7-node1 ~]# curl 172.17.0.5 #Executed by another terminal <h1>this is a test page @busyboxServer</h1>