preface
Docker is an open source tool that makes it easy to create and manage Linux containers. Containers are like lightweight virtual machines and can be started or stopped in milliseconds. Docker helps system administrators and programmers develop applications in containers and scales to thousands of nodes.
This is a whale. It’s carrying a lot of containers. We can think of the host as the whale, and the isolated containers as containers, each containing its own application.
portal
Docker differs from traditional virtual
- Architecture of traditional virtualization technologies:
DockerArchitecture of technology:
The main differences between containers and virtual machines (VMS) are:
- Containers provide a basis forprocessThe isolation that virtual machines provideresources(
CPU, memory and hard disk)Is completely isolated. - A virtual machine might take a minute to start, while a container takes a second or less.
- Occupied by a VMMemory spaceCan achieveA few
GThe container may only needHundreds of megabytes. - Containers use the kernel of the host operating system, while virtual machines use a separate kernel.
The basic composition of Docker platform
Docker platform is basically composed of three parts:
- The client: User usage
DockerTools provided (CLIAs well asAPIEtc.) to construct,Upload the imageAnd give orderscreateandStart the container. - The Docker hostFrom:
Docker registryOn the downloadThe mirrorandStart theandhostingThe container. - Docker registry:
DockerMirror warehouse forSave the imageAnd provide image upload and download.
Docker container state machine
A container may be in one of the following states at some point:
Created: created (by docker ps -a) but not started (by docker ps) Running: The container is in normal operation. Paused: The container process was paused. Restarting: The process of the container is being restarted. Exited: The stopped state in the figure above, which indicates that the container was previously running but is now stopped (as opposed to the created state, which is a newly created container that has not yet been running). You can run the start command to re-enter the running state. Destroyed: The container was deleted from the host and no longer exists.
The installation of a Docker
RedHat/CentOS must be later than 6.6 or 7.x to install docker. You are advised to use docker on RedHat/CentOS 7 because the RedHat/CentOS 7 kernel is upgraded to kernel 3.10 and supports LXC containers better.
View the Linux kernel version (kernel version must be 3.10 or later) :
cat /proc/version
uname -a
lsb_release -a
Unable to execute command setup
yum install -y redhat-lsb
Copy the codeUpdate yum install source:
yum install docker -y
Copy the codeCheck docker version:
docker -v
Copy the codeOnce the installation is complete, use the following command to start the Docker service and set it to boot:
service docker start
chkconfig docker on
Copy the codeDownload the official CentOS Docker image:
docker pull centos
Copy the codeCheck whether the CentOS image is successfully pulled to the local host:
View the list of local mirrors
docker images
# delete mirror
docker rmi <image id>
# delete images (multiple images with the same image ID)
docker rmi repository:tag
Copy the codeAfter downloading the image, you should see:
[root@iZ2ze74fkxrls31tr2ia2fZ ~]# docker images centosREPOSITORY TAG IMAGE ID CREATED SIZE Docker. IO /centos latest 3FA822599e10 3weeks ago 203.5 MBCopy the codeIf you see the above output, you can use the docker. IO /centos image, or Repository, which has a Tag named latest. There is also a mirror ID named 3FA822599e10 (it is possible that the mirror ID you see is different from the one here, which is normal because this number is randomly generated). In addition, we can see that the image is only 203.5MB, which is very small, not as large as the virtual machine image file.
Rename TAG to centos:
# docker tag IMAGE_ID REPOSITORY:
docker tag 3fa822599e10 docker.io/centos:centos
Copy the codeStart CentOS containers:
docker run -i -t -v /root/software/:/mnt/software/ 3fa822599e10 /bin/bash
Copy the codeDocker run < related parameters > < image ID> < initial command >
-i: said toInteractive modeRun the container-t: indicates that the container will enter its command line after being started-v: indicates the local directorymountTo a container, format: -v < host directory >:< container directory >
More parameters:
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
-d, --detach=falseSpecifies whether the container runs in the foreground or background. The default isfalse
-i, --interactive=falseEnable STDIN for console interaction -t, --tty=falseAssign a TTY device that can support terminal login. Default isfalse
-u, --user=""Specifies the user of the container-a, --attach=[] Login container (must be docker run-d-w, --workdir=""Specify the working directory -c of the container, --cpu-shares=0 Sets the CPU weight of the container, which is used in CPU sharing scenarios-e, --env=[] Specifies the environment variable that can be used in the container -m, --memory=""Specifies the container's memory limit -p, --publish-all=falseSpecify exposed port -p, --publish=[] Specifies exposed port -h, --hostname=""-v, --volume=[] Mount storage volumes to a directory in the container --volumes-from=[] Mount volumes from other containers to a directory in the container --cap-add=[] Add permissions. For details, see: http://linux.die.net/man/7/capabilities - news - drop = [] remove permissions, permissions list as bellow: http://linux.die.net/man/7/capabilities -- cidfile =""After running the container, write the container PID value to the specified file, a typical monitoring system usage -- cPUSet =""--device=[] Add host devices to the container, equivalent to device passthrough -- DNS =[] DNS server of the specified container --dns-search=[] DNS search domain name of the specified container. Write to the container's /etc/resolv.conf file --entrypoint=""--env-file=[] Specifies the environment variable file, the file format is one environment variable per line --expose=[] specifies the container exposed port, that is, to modify the image exposed port --link=[] specifies the association between containers, --lxc-conf=[] specifies the configuration file of the container. --name= is used only when --exec-driver= LXC is specified""Specify the container name, which can be used for subsequent container management. The links feature uses the name --net="bridge"Container network Settings: Container :NAME_or_ID >// Use the network of other containers. The None container uses its own network (similar to --net=bridge), but does not configure --privileged=falseSpecifies whether the container is a privileged container that has all capabilities --restart="no"Specifies the restart policy after the container is stopped: no: the container is not restarted when it exits. On-failure: the container is restarted when it exits due to a failure (return value is non-zero). Always: the container is restarted when it exitsfalseDocker run is not supported-dStarted container) --sig-proxy=trueThe setting is accepted and processed by the agent, but SIGCHLD, SIGSTOP, and SIGKILL cannot be brokeredCopy the codeDocker common commands
We can roughly classify Docker commands as follows:
# mirror operation:
build Build an image from a Dockerfile
commit Create a new image from a container's changes images List images load Load an image from a tar archive or STDIN pull Pull an image or a repository from a registry push Push an image or a repository to a registry rmi Remove one or more images search Search the Docker Hub for Images tag tag an image into a repository save save one or more images to a tar archive history Displays the history of an image inspect The container and the lifecycle operations applied in it: Kill kill one or more running containers inspect Return low-level information on a container, Image or Task Pause Pause all processes within one or more containers ps List containers RM Delete one or more containers rename rename a Stats Displays real-time resource consumption information about the container. Stop Stops a running container top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until a container stops, then print its exit code attach Attach to a running container exec Run a command in a running container port List port Mappings or a specific mapping for the container logs cp Copy files/folders between a container and the local filesystem diff Inspect changes on a container's filesystem
export Export a container's filesystem as a tar archive import Import the contents from a tarball to create a filesystem image Docker registry Login Log in to a Docker registry. Logout Log out from a Docker Registry. Volume Manage Docker volumes ## Docker networks ## Swarm Docker swarm service Manage Docker services node Manage Docker swarm nodes Version Show the Docker version information Events Continuously returns Docker event info displays system-wide information about the Docker hostCopy the code# View the running container
docker ps
# View all containers
docker ps -a
# Exit containerPress Ctrl+D to exit the current container.# Exit without stopping the container:Combination key: Ctrl+P+Q# start containerDocker start Specifies the container name or ID# Enter containerDocker Attach Container name or ID# stop containerDocker stop container name or ID# pause the containerDocker Pause Container name or ID# continue containerDocker Name or ID of the unpause container# delete containerDocker Rm Container name or IDDelete all containers -- use with caution
docker stop $(docker ps -q) & docker rm $(docker ps -aq)
# Save the container and generate the imageDocker commit Container ID Image nameCopy the file from host to container
docker cp /home/soft centos:/webapp
Copy the codeDocker run differs from Start
Docker run is only used for the first run, putting the image into the container, and then starting the container again with the command docker start.
Docker Run is a two-step operation: put the image into the container (Docker create), and then start the container to become a runtime container (Docker start).
Docker start is used to restart an existing image. In other words, to use this command, we must know the ID of the container, or the name of the container, we can use docker PS to find the container information.
Since the container ID is a random code and the container name is a seemingly meaningless name, we can use the command:
docker rename jovial_cori centos
Copy the codeGive the container a name. Later, when we start or stop the container again, we can use this name directly:
docker [stop] [start] new_name
Copy the codeTo display all containers, including those that are not started, use the command:
docker ps -a
Copy the codeThe Docker configuration
Change the storage directory:
Copy the docker storage directory
rsync -aXS /var/lib/docker/. /home/docker
# change the docker store file directory
ln -s /home/docker /var/lib/docker
Copy the codeTo view specific information about the startup container:
docker inspect <container_id>
Copy the codeTo get all the container names and their IP addresses, run a single command:
docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)
Copy the codeDocker Image accelerator
Register an Aliyun account:
dev.aliyun.com/search.html
Ali Cloud will automatically assign the address of a mirror accelerator to users. After logging in, enter “Management Center” – > “Accelerator”, which has the address of the mirror accelerator assigned to you and the instructions of each environment.
Mirror accelerator address example: https://xxxxx.mirror.aliyuncs.com
How to configure the mirror accelerator
For users with Docker client versions larger than 1.10.0, you can modify the daemon configuration file /etc/dock/daemon. json to use the accelerator ** :
{
"registry-mirrors": ["<your accelerate address>"]}Copy the codeRestart Docker Daemon:
sudo systemctl daemon-reload
sudo systemctl restart docker
Copy the codeWelcome to pay attention to the technical public number: Zero one Technology Stack
This account will continue to share learning materials and articles on back-end technologies, including virtual machine basics, multithreaded programming, high-performance frameworks, asynchronous, caching and messaging middleware, distributed and microservices, architecture learning and progression.