What is Docker
In short:
- Docker in IT software refers to container technology, which is used to support the creation and use of docker containers
- With Docker, containers can be used as lightweight, modular virtual machines At the same time, you will also gain a high degree of flexibility, so as to realize the efficient creation, deployment and replication of containers, and smoothly migrate them from one environment to another, which will help you optimize your applications for the cloud
- Docker uses Google's Go language Development and implementation, based on Linux kernel cgroup,namespace , and OverlayFS Class Union FS And other technologies to encapsulate and isolate the process Virtualization technology at the operating system level . Because the isolated process is independent of the host and other isolated processes, it is also called a container.
Differences from traditional virtualization
Compared with traditional virtualization
- Containers do not need to simulate the hardware layer. Traditional virtualization must have a virtualized operating system layer
- Share the kernel of the same host
Install Docker
For Docker, you need to know the following in advance
Docker creates containers through images, which are stored in the warehouse
The container contains its own contents and settings, and port mapping is required for external interaction
##Installation dependency yum install -y container-selinux-2.77-1.el7.noarch.rpm containerd.io-1.4.4-3.1.el7.x86_64.rpm ##Install docker CE yum install -y docker-ce-19.03.15-3.el7.x86_64.rpm docker-ce-cli-19.03.15-3.el7.x86_64.rpm ##Enable service systemctl start docker.service ##View Docker information docker info
This step is specially listed here for explanation
[root@Server1 docker-ce]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.15 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 991MiB Name: Server1 ID: BTTL:NBTO:2QFW:6AI3:6MAG:7XRR:MMZV:7RMH:W4WA:Z7JC:WIAQ:U5TX Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
You can see that there are two lines of warning messages at the end
WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
This is because the implementation of Docker service needs the help of network bridge, and these two settings may not be turned on by default
[root@Server1 sysctl.d]# sysctl -a | grep bridge-nf-call-iptables net.bridge.bridge-nf-call-iptables = 0 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" [root@Server1 docker-ce]# sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-iptables = 0 [root@Server1 docker-ce]# sysctl -a | grep bridge-nf-call-ip6tables net.bridge.bridge-nf-call-ip6tables = 0 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" [root@Server1 docker-ce]# sysctl net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-ip6tables = 0
Change the setting of sysctl by modifying its configuration
Usually we don't change sysctl directly The content of conf is to add a new configuration file to its configuration directory for easy management
[root@Server1 docker-ce]# cd /etc/sysctl.d/ [root@Server1 sysctl.d]# ls 99-sysctl.conf [root@Server1 sysctl.d]# vim docker.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 ##Refresh the configuration to see it take effect [root@Server1 sysctl.d]# sysctl --system * Applying /usr/lib/sysctl.d/00-system.conf ... net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ... kernel.yama.ptrace_scope = 0 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.sysrq = 16 kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.d/docker.conf ... net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 * Applying /etc/sysctl.conf ... ##Check the information again and the warning disappears [root@Server1 sysctl.d]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.15 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 991MiB Name: Server1 ID: BTTL:NBTO:2QFW:6AI3:6MAG:7XRR:MMZV:7RMH:W4WA:Z7JC:WIAQ:U5TX Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false
Simple introduction
##Search the official warehouse for images for simple contacts [root@Server1 sysctl.d]# docker search yakexi007 NAME DESCRIPTION STARS OFFICIAL AUTOMATED yakexi007/game2048 0 yakexi007/mario 0 yakexi007/nginx 0 ##Download the image of 2048 games [root@Server1 sysctl.d]# docker pull yakexi007/game2048 Using default tag: latest latest: Pulling from yakexi007/game2048 534e72e7cedc: Pull complete f62e2f6dfeef: Pull complete fe7db6293242: Pull complete 3f120f6a2bf8: Pull complete 4ba4e6930ea5: Pull complete Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 Status: Downloaded newer image for yakexi007/game2048:latest docker.io/yakexi007/game2048:latest ##View local image list [root@Server1 sysctl.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB ##Building containers by mirroring [root@Server1 sysctl.d]# docker run -d --name 2048 -p 80:80 yakexi007/game2048 2f6310c4fba15bf9c95ec50918c5ff2bc18d4309dd5fe8cec198470af4b21710
About the parameters of this command
-d Background run container,And return to the container ID --name Specify container name -p Specify port mapping,Format as host(host)port:Container port Last is the specified image
Check after completion
##Check the port usage. You can see that docker proxy appears on port 80 [root@Server1 sysctl.d]# netstat -antlp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3215/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3404/master tcp 0 0 172.25.5.1:22 172.25.5.250:45152 ESTABLISHED 3499/sshd: root@pts tcp6 0 0 :::80 :::* LISTEN 4520/docker-proxy tcp6 0 0 :::22 :::* LISTEN 3215/sshd tcp6 0 0 ::1:25 :::* LISTEN 3404/master ##List containers in operation [root@Server1 sysctl.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f6310c4fba1 yakexi007/game2048 "/bin/sh -c 'sed -i ..." 20 seconds ago Up 20 seconds 0.0.0.0:80->80/tcp, 443/tcp 2048 ##List all containers, including those that are not running [root@Server1 sysctl.d]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f6310c4fba1 yakexi007/game2048 "/bin/sh -c 'sed -i ..." 24 seconds ago Up 23 seconds 0.0.0.0:80->80/tcp, 443/tcp 2048