Docker summary

Docker summary

---

foreword

Docker is a container for deploying applications and better allowing applications to migrate

---

1. What is Docker?

• Docker is an open source application container engine
• Born in early 2013, based on the Go language implementation, produced by dotCloud (later renamed as Docker Inc)
• Docker allows developers to package their applications and dependencies into a lightweight, portable container, and then distribute it to any popular Linux machine.
• Containers are completely isolated from each other using the sandbox mechanism
• Container performance overhead is extremely low
• Docker has been divided into CE (Community Edition: Community Edition) and EE (Enterprise Edition Enterprise Edition) since version 17.03

Summary: Docker is a container technology that solves the problem of container environment migration

2. Install Docker

Docker can run on MAC, Windows, Centos, UBUNU and other operating systems. Here, Docker is installed based on Centos 7. Official website: https://www.docker.com

• The yum package is updated to the latest
  yum update

• Install the required software package, yum-util is to provide yum-config-manager function, the other two are devicemapper driver dependent
  yum install -y yum-utils device-mapper-persistent-data lvm2

• Set yum source
  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo (there is a space between repo and the address below) (if this yum source is downloading Docker If it fails, you can replace it with Ali’s yum source: yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo)

• 
  Install Docker, press y yum install -y docker-ce when the input interface appears

• Check the Docker version to see if the installation is successful
  docker -v
  

3. Docker architecture

• Image (Image): Docker image (Image), which is equivalent to a root file system. For example, the official image Ubuntu: 16.04 contains a complete root file system of the minimum system of Ubuntu 16.04.
• Container: The relationship between the image and the container is just like the classes and objects in object-oriented programming. The image is a static definition, and the container is the entity that the image runs on. Containers can be created, started, stopped, deleted, paused, etc.
• Warehouse: (Repository): The warehouse can be regarded as a code control center, used to save the image

4. Docker command

4.1. Process related commands

• Start the docker service
  systemctl start docker

• Stop docker service
  systemctl stop docker

• Restart the docker service
  systemctl restart docker

• View docker service status
  systemctl status docker

• Set boot to start docker service
  systemctl enable docker

4.2. Mirror related commands

• View mirrors: View all local mirrors
  docker images
  docker images -q #View the id of the mirror used

• Search mirrors, find the required mirrors from the network
  docker search mirror name
  docker search redis # find redis mirror

• Pull image: Download the image from the Docker warehouse to the local. The image name is name: version number, if the version number is not specified, it is the latest version lastest. If you don't know the image version, you can go to the docker hub to search for the corresponding image.
  docker pull image name
  docker pull redis #Download the latest version of redis
  docker pull redis:5.0 #Download the 5.0 version of redis

• Delete mirror: delete local mirror
  docker rmi mirror id #delete local mirror
  docker images -q #view all mirror list
  docker rmi docker images -q #delete all local mirrors

4.3. Container related commands

View container, create container, enter container, start container, stop container, delete container, view container information

• View container
  docker ps #View running containers
  docker ps -a #View all containers

• Create and start the container
  docker run parameters
  Parameter description:
  -i: keep the container running. Usually used with -t. After adding the two parameters of it, the container will automatically enter the container after it is created, and the container will automatically close after exiting the container.
  -t: Reassign a pseudo-input terminal for the container, usually used together with -i.
  -d: Run the container in daemon (background) mode. To create a container to run in the background, you need to use docker exec to enter the container. After exiting, the container does not shut down.
  -it: The container created is generally called an interactive container, and the container created by -id is generally called a guardian container
  –name: Name the created container
  docker run -it --name=c1 centos:7 /bin/bash #Create Interactive container
  docker run -id --name=c2 centos:7 #Create a guardian container
  Note: The interactive container will automatically close after exiting, and the guardian container will execute in the background

• Enter the container
  docker exec -it c2 /bin/bash #Enter the container

• Stop the container
  docker stop container-name

• Start the container
  docker start container name

• Delete container: If the container is running, the deletion fails. You need to stop the container to delete
  the docker rm container name

• View container information
  docker inspect container name

The data requested by the url network used here.

5. The data volume of the Docker container

5.1. The concept of data volume

think for a while:

1. After the Docker container is deleted, is the data generated in the container still there?
   
2. Can a Docker container and an external machine exchange files directly?
   
3. Do you want to exchange data between containers?
   

Data volume concept:

4. A data volume is a directory or file on the host
5. When the container directory and the data volume directory are bound, the modification of the other party will be synchronized immediately
6. A data volume can be mounted by multiple containers at the same time
7. A container can also be mounted with multiple data volumes

The role of the data volume:

8. Persistence of container data
9. Communication between external machines and containers
10. Data exchange between containers

5.2. Configure data volume

When creating and starting a container, use the -v parameter to set the data volume
docker run ... -v host directory (file): the directory (file) in the container...
Notes:

1. The container directory must be an absolute path
2. If the directory does not exist, it will be created automatically
3. Multiple data volumes can be mounted

Demonstrate data volume persistence:
Create c1 to mount /root/data to /root/data_container

docker run -it --name=c1 -v /root/data:/root/data_container centos:7 /bin/bash

Delete the container c1 and find that the host directory /root/data is still there

docker rm c1

restore c1 again

docker run -it --name=c1 -v /root/data:/root/data_container centos:7 /bin/bash

Demonstrate that a container mounts multiple data volumes:

docker run -it --name=c2 \
-v /root/data2:/root/data2_contatiner \
-v /root/data3:/root/data3_container \
centos:7

Demonstrate that two containers mount the same data volume:

docker run -it --name=c3 -v /root/data:/root/data_container centos:7 /bin/bash
docker run -it --name=c4 -v /root/data:/root/data_container centos:7 /bin/bash

5.3. Configure data volume container

Multi-container data exchange, multiple containers mount the same data volume container to complete data exchange
Insert picture description here:

create and start c3 data volume container, use -v parameter to set data volume

docker run -it --name=c3 -v /volume contos:7 /bin/bash

The host directory is not specified here, and a host directory is generated by default

docker inspect c3 # 查看 c3

Create and start c1 and c2 containers, --volumes-from parameter, set data volume container

docker run -it -name=c1 --volumes-from c3 centos:7 /bin/bash
docker run -it -name=c2 --volumes-from c3 centos:7 /bin/bash

Use the c3 data volume container to create c1 and c2, even if c3 is closed, the interaction between c1 and c2 will not be affected

6. Docker application deployment

6.1. MySQL deployment

analyze:

• Network services inside containers cannot communicate directly with external machines
• The external machine and the host machine can communicate directly
• The host machine and the container can communicate directly
• When the network service in the container needs to be accessed by an external machine, the port providing the service in the container can be mapped to the port of the host machine. The external machine accesses the port of the host machine, thereby indirectly accessing the service of the container.
• This operation is called: port mapping
  

Start deployment:

1. pull image

 docker pull mysql:8.0.25

2. Create a container, set port mapping, directory mapping
   Create a mysql directory under the /root directory to store mysql data information

mkdir ~/mysql
cd ~/mysql

docker run -id \
-p 3307:3306 \
--name=c_mysql \
-v $PWD/conf:/etc/mysql/conf.d \
-v $PWD/logs:logs \
-v $PWD/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123 \
mysql:8.0.25

Parameter description:
-p 3307:3306: Map port 3306 of the container to port 3307 of the host.
-v $PWD/conf:/etc/mysql/conf.d: Mount conf/my.cnf in the host's current directory to
/etc/mysql/my.cnf in the container. Configuration directory
-v $PWD/logs:/logs: Mount the logs directory under the current directory of the host to /logs of the container. Log directory
-v $PWD/data:/var/lib/mysql: Mount the data directory under the current directory of the host to /var/lib/mysql of the container. Data directory
-e
MYSQL_ROOT_PASSWORD=123456: Initialize the password of the root user
3. Enter the container

 docker exec -it c_mysql /bin/bash

4. Enter mysql, operate mysql

mysql -uroot -p123

6.2.Tomcat deployment

Start deployment:

1. Pull the tomcat image

docker pull tomcat:9.0.45

2. Create a container, set port mapping, directory mapping

mkdir /root/tomcat
cd tomcat

docker run -id --name=c_tomcat \
-p 8080:8080 \
-v $PWD:/usr/local/tomcat/webapps \
tomcat:9.0.45

-p 8080:8080: Map port 8080 of the container to port 8080 of the host
-v $PWD:/usr/local/tomcat/webapps: Mount the current directory in the host to the webapps of the container

6.3. Nginx deployment

Start deployment:

1. Pull the nginx mirror

docker pull nginx

2. Create container, set port mapping and directory mapping

#在 root 目录下创建nginx 目录用于存储nginx 数据信息
mkdir /root/nginx
cd /root/nginx
mkdir conf
cd conf

# 在 conf 目录下创建 nginx.conf文件粘贴下面内容


vim nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

#设置端口映射和目录映射

docker run -id --name=c_nginx \
-p 80:80 \
-v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf \
-v $PWD/logs:/var/log/nginx \
-v $PWD/html:/usr/share/nginx/html \
nginx

6.4. Redis deployment

Start deployment:

1. pull image

docker pull redis:5.0

2. Create container, set directory and port mapping

docker run -id --name=c_redis \
-p 6379:6379 \
redis:5.0

3. Use an external machine to connect to redis
   ./redis-cli.exe -h 192.168.43.6 -p 6379 (make sure that the external computer is installed with redis, -h: the ip of your own virtual machine, 6379: the mapped port of the redis host)

7. Docker image principle

think:

• What is the essence of a Docker image?
• Why is a Centos image in Docker only 200MB, but how many G is the iso file of a Centos operating system?
• Why is a tomcat image in Docker only 600MB, while a tomcat installation package is only more than 70MB?

Operating system components:

• Process Scheduling Subsystem
• Process Communication Subsystem
• memory management subsystem
• Device Management Subsystem
• file management subsystem
• Network Communication Subsystem
• Job Control Subsystem

The Linux file system consists of two parts: bootfs and rootfs

• bootfs: Contains bootloader (boot loader) and kernel (kernel)
• rootfs: root file system, including standard directories and files such as /dev, /proc; /bin, /etc in a typical Linux system
• For different Linux distributions, the bootfs is basically the same, but the rootfs is different, such as ubuntu, centos, etc.

docker image principle:

• The Docker image is superimposed by a special file system
• The bottom layer is bootfs, and use the host's bootfs
• The second layer is rootfs, called base image
• Then you can superimpose other mirror files on top
• The Unified File System (Union File System) technology can integrate different layers into a file system, providing a unified perspective for these components, thus hiding the existence of multiple layers, and only one file system exists from the user's point of view
• A mirror can be placed on top of another mirror. The mirror below is called the parent mirror, and the bottom mirror is called the base mirror
• When starting a container from an image, Docker mounts a read-write filesystem at the top as the container
  
  Answers the question:

1. What is the nature of a Docker image?
   is a hierarchical file system
2. Why does a Centos image in Docker only have 200MB, while an iso file of a Centos operating system needs several G? The iso
   image file of Centos contains bootfs and rootfs, while the centos image of docker reuses the bootfs of the operating system, only rootfs and mirror layer
3. Why does a Tomcat image in Docker have 600MB, but a tomcat installation package is only more than 70MB?
   Because the Docker image is layered, although tomcat is only more than 70 MB, it needs to rely on the parent image and the base image, and the size of all exposed tomcat images is more than 600 MB

8. Docker image production

8.1. Convert container to image

docker commit 容器id 镜像名称:版本号 #容器转镜像
docker save -o 文件名称 镜像名称:版本号 #压缩镜像
docker load -i 压缩文件名称 #从压缩文件加载镜像

# 创建tomcat镜像
docker run -id --name=c_tomcat \
-p 8080:8080 \
-v $PWD:/usr/local/tomcat/webapps \
tomcat
# 进入tomcat镜像
docker exec -it c_tomcat /bin/bash
#创建a.txt b.txt
cd ~
touch a.txt b.txt#容器转镜像
docker commit 28b8d4dc9744 lxs_tomcat:1.0
#压缩镜像
docker save -o lxs_tomcat.tar lxs_tomcat:1.0
#删除原来镜像
docker rmi lxs_tomcat:1.0
#从压缩文件加载镜像
docker load -i lxs_tomcat.tar
#产生镜像
docker run -it --name=new_tomcat lxs_tomcat:1.0 /bin/bash
#进入查看内容
docker exec -it c_tomcat /bin/bash
#可以看到a.txt b.txt存在，而webapps/test不存在

8.2.dockerfile

concept:

• Dockerfile is a text file
• Contains a line of instructions
• Each instruction builds a layer, based on the base image, and finally builds a new image
• For developers: can provide a completely consistent development environment for the development team
• For testers: You can directly take the base image built during development or build a new image through the dockerfile file to start working
• For operation and maintenance personnel: during deployment, seamless migration of applications can be achieved

Refer to the Dochub URL: https://hub.docker.com, such as centos and nginx images


Case 1: Customize centos7 images
Requirements:

• List item
• The default login path is /usr
• can use vim

Implementation steps:

1. Define the parent image: FROM centos:7
2. Define author information: MAINTAINER gjt [email protected]
3. Execute the command to install vim: RUN yum install -y vim
4. Define the default working directory: WORKDIR:/usr
5. Define the command to start and execute the container: CMD /bin/bash
6. Build the image through dockerfile: docker build -f file path of dockerfile -t image name: version. (The latter point cannot be omitted)

9. Introduction to docker-compose

9.1. Concept

The application system of the microservice architecture generally includes several microservices, and each microservice usually deploys multiple instances. If each microservice needs to be started and stopped manually, the maintenance workload will be heavy. Take a look at our daily work:

• To build image from Dockerfile or go to dockerhub to pull image
• To create multiple containers
• To manage these containers (start, stop, delete)

The above work can be greatly simplified through service orchestration. Service orchestration: manage containers in batches according to certain business rules

9.2.Docker Compose

Docker Compose is a tool for orchestrating distributed deployment of multiple containers, providing commands to centrally manage the complete development cycle of containerized applications, including service construction, start and stop. Steps for usage:

• Use Dockerfile to define the running environment image
• Use docker-compose-yml to define various services that compose references
• Run docker-compose up to start the application

9.3. Install Docker Compose

#Compose 目前已经完全支持 Linux 、Mac OS 和 Windows,在我们安装 compose 之前，需要先安装docker. 下面我们以编译好的二进制包方式安装在Linux系统中。
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

#第二种方式
访问https://github.com/docker/compose/releases，下载 docker-compose-Linux-x86_64，然后复制到 /usr/local/bin 目录下，然后
在继续下面的步骤
#设置文件可执行权限
chmod +x /usr/local/bin/docker-compose
#查看版本信息
docker-compose -

Uninstall Docker compose

#二进制包的方式安装的，删除二进制文件即可
rm /usr/local/bin/docker-compose

10. Docker repository

Docker's official Docker hub (https://hub.docker.com) is a warehouse for managing public images. We can pull images from it to the local, or push our own images to it. However, sometimes we don't want to put our own image on the public network, then we need to build our own private warehouse to store and manage our own image

Private warehouse creation:

# 1、拉取私有仓库镜像
docker pull registry
# 2、启动私有仓库容器
docker run -id --name=registry -p 5000:5000 registry
# 3、打开浏览器 输入地址http://私有仓库服务器ip:5000/v2/_catalog，看到{"repositories":[]} 表示私有仓
库 搭建成功
# 4、修改daemon.json
vim /etc/docker/daemon.json
# 在上述文件中添加一个key，保存退出。此步用于让 docker 信任私有仓库地址；注意将私有仓库服务器ip修改为自
己私有仓库服务器真实ip
{
    
    "insecure-registries":["私有仓库服务器ip:5000"]}
{
    
    "insecure-registries":["192.168.220.12:5000"]}
# 5、重启docker 服务
systemctl restart docker
docker start registry

Upload the image to a private repository:

# 1、标记镜像为私有仓库的镜像
docker tag centos:7 192.168.220.12:5000/centos:7
# 2、上传标记的镜像
docker push 192.168.220.12:5000/centos:7

Pull the image from a private repository:

#拉取镜像
docker pull 192.168.220.12:5000/centos:7