Docker Overview
Docker is one for the development, delivery and open platform for running applications.
Docker advantage
Faster delivery and deployment
For developers - Build Once, Run Anywhere
Container means isolated from the environment and repeatability. Developers only need to create a runtime environment for the application, and then packed into containers can be run on other machines. In addition, Host environment where the container is isolated from the environment and, as a virtual machine the same, but faster and easier.
For operation and maintenance personnel - Configure Once, Run Anything
Only needs to configure a standard runtime environment, the server can run any container. This makes the work of maintenance staff becomes more efficient, consistent and repeatable. Container eliminates the development, testing, production inconsistencies environment.
More efficient virtualization
Run Docker containers do not require additional hypervisor support, it is kernel-level virtualization, it is possible to achieve higher performance and efficiency.
Easier migration and expansion
Docker containers can run on almost any platform, including physical machines, virtual machines, public cloud, private cloud, PCs, servers and so on. This compatibility allows users to migrate an application from one platform to another directly.
Simpler management
Use Docker, only small changes, you can replace a lot of conventional updating. All modifications are distributed and updated incrementally, enabling automated and efficient management.
Docker Engine
Docker Engine has the following main components is a client - server applications:
The server is running a long-term program, called daemon process (dockerd command).
REST API, which specifies the program can be used to communicate with and instruct the interface daemon operation thereof.
Command Line Interface (CLI) client (docker command).
CLI use Docker REST API to control Docker daemon via script or CLI command or directly interact with Docker daemon.
Docker many other applications use the underlying API and CLI.
Docker architecture
Docker architecture using C / S (Client / Server) system, Docker Docker daemon and client communications, Docker daemon is responsible for building, operating and distribution Docker containers. Docker client and the daemon can run on the same system can also be connected to a remote Docker Docker client daemon. Docker client using the REST API daemon and communicate through a network interface or a UNIX socket.
Damon Docker : dockerd, used to monitor and manage requests Docker Docker the API objects, such as mirrors, containers, and network Volume.
Client Docker : Docker Docker and carry out our client is the most important ways to interact, for example, we can run through a container docker run command, and then sent us to this client will command above Dockerd, let him do the real thing .
Docker three basic concepts
Registry Docker : warehouse used to store Docker mirror, Docker Hub is a public warehouse Docker official, but also to find a mirror of Docker default, of course, you can easily run from the Docker Hub a private warehouse, when we use docker when docker run or pull command, will be our Docker configured to pull the mirror image repository, using docker push command, we will construct the image corresponding to the image push warehouse.
Images: Mirroring is a read-only template, with instructions to create a Docker container, in general, the image will be based on some other basis image and add some additional custom features. For example, you can build a mirror image based Centos, and then install a mirror above on the basis of Nginx server, so that you can form a mirror image of our own.Containers : container is an example of an image that can be run, can be used Docker REST API or CLI to operation of the vessel, the substance of the container is the process, but the process performed directly host different container processes running on separate named own space. Therefore, the container can have their own root file system, your network configuration, its own process space, or even their own user ID space. Process in the container is run in an isolated environment, use up, as though it were operating under a system independent of the host. This feature allows direct application of the packaged safer operation than in the host.
The underlying technical support:
Docker written in Go, Namespaces (do isolation), CGroups (resource constraints do), UnionFS (hierarchical image and the vessel) the-underlying-technology Docker underlying architecture Analysis
installation
Direct access to official documents to choose the right platform can be installed, for example, we want to install here Docker on centos system, which went address https://docs.docker.com/install/linux/docker-ce/centos/ the prompts to install It can be.
Install the needed packages
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
Add depot, here we use the stable version Docker, execute the following command to add yum warehouse address:
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repoInstallation Docker CE
yum install docker-ceStart Docker CE
$ sudo systemctl enable docker
$ sudo systemctl start dockerView the version number
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.4
API version: 1.40 (minimum version 1.12)
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:50:54 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
[root@localhost ~]#Running the first container
Environmental ready, run the first container immediately, execute the command:
docker run -d -p 80:80 httpd
第一次需要下载镜像 可能比较慢 这就需要做镜像加速Mirror accelerator
Domestic sometimes have difficulty pulling from Docker Hub mirror, you can configure mirroring accelerator
对于使用 systemd 的系统,请在 /etc/docker/daemon.json 中写入如下内容(如果文件不存在请新建该文件)
{
"registry-mirrors": [
"https://dockerhub.azk8s.cn",
"https://reg-mirror.qiniu.com"
]
}
注意,一定要保证该文件符合 json 规范,否则 Docker 将不能启动。
之后重新启动服务Check the accelerator is in effect
[root@localhost docker]# docker info |grep Registry -A 10
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://dockerhub.azk8s.cn/
https://reg-mirror.qiniu.com/
Live Restore Enabled: false
Start a container:
[root@muyudembp ~]# docker run ubuntu:16.04 /bin/echo 'Hello world'
Unable to find image 'ubuntu:16.04' locally
16.04: Pulling from library/ubuntu
e80174c8b43b: Pull complete
d1072db285cc: Pull complete
858453671e67: Pull complete
3d07b1124f98: Pull complete
Digest: sha256:bb5b48c7750a6a8775c74bcb601f7e5399135d0a06de004d000e05fd25c1a71c
Status: Downloaded newer image for ubuntu:16.04
Hello world
[root@muyudembp ~]# docker run ubuntu:16.04 /bin/echo 'Hello world'
Hello worldView mirror of history commands
[root@muyudembp ~]# docker history ubuntu:16.04
IMAGE CREATED CREATED BY SIZE COMMENT
5f2bf26e3524 Less than a second ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> Less than a second ago /bin/sh -c mkdir -p /run/systemd && echo 'do… 7B
<missing> Less than a second ago /bin/sh -c set -xe && echo '#!/bin/sh' > /… 745B
<missing> Less than a second ago /bin/sh -c rm -rf /var/lib/apt/lists/* 0B
<missing> Less than a second ago /bin/sh -c #(nop) ADD file:9511990749b593a6f… 123MBInto the container
[root@muyudembp ~]# docker run -it ubuntu:16.04 /bin/bash
root@247c977ce6dc:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@247c977ce6dc:/#Start closed container
[root@muyudembp ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
247c977ce6dc ubuntu:16.04 "/bin/bash" 7 minutes ago Up 7 minutes youthful_hamilton
6fe5c402d589 httpd "httpd-foreground" 5 hours ago Up 5 hours 0.0.0.0:80->80/tcp sad_dijkstra
[root@muyudembp ~]# docker stop 6fe5c402d589
6fe5c402d589
[root@muyudembp ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
247c977ce6dc ubuntu:16.04 "/bin/bash" 7 minutes ago Up 7 minutes youthful_hamilton
[root@muyudembp ~]# docker start 6fe5c402d589
6fe5c402d589
[root@muyudembp ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
247c977ce6dc ubuntu:16.04 "/bin/bash" 7 minutes ago Up 7 minutes youthful_hamilton
6fe5c402d589 httpd "httpd-foreground" 5 hours ago Up 1 second 0.0.0.0:80->80/tcp sad_dijkstra
[root@muyudembp ~]# docker rm 247c977ce6dc
Error response from daemon: You cannot remove a running container 247c977ce6dcc47e043b4d9ef02c95b4d7d21e32009bff425314724315e4bea4. Stop the container before attempting removal or force remove
强制关闭在运行的容器
[root@muyudembp ~]# docker rm -f 247c977ce6dc
247c977ce6dc
[root@muyudembp ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6fe5c402d589 httpd "httpd-foreground" 5 hours ago Up 2 minutes 0.0.0.0:80->80/tcp sad_dijkstra
Mirroring related operations
[root@muyudembp ~]# docker rmi -f 5f2bf26e3524
Untagged: ubuntu:16.04
Untagged: ubuntu@sha256:bb5b48c7750a6a8775c74bcb601f7e5399135d0a06de004d000e05fd25c1a71c
Deleted: sha256:5f2bf26e35249d8b47f002045c57b2ea9d8ba68704f45f3c209182a7a2a9ece5
[root@muyudembp ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest d3017f59d5e2 17 hours ago 165MBdocker commit customized image
Mirroring is the foundation of container, every execution docker run of which will be designated as mirror base container operation. In the previous example, come from Docker Hub mirrored we use. These images are used directly to meet certain needs, and when these images can not meet the demand directly, we need to customize these images.
Now let's use an example to be mirrored httpd.
docker run --name webserver -d -p 80:80 httpdThis command will start httpd with a mirror container, named webserver, and mapped port 80, so we can use the browser to access the web server.
[root@muyudembp ~]# curl localhost
<html><body><h1>It works!</h1></body></html>
[root@muyudembp ~]# docker exec -it 543f2ad89f8e /bin/bash
root@543f2ad89f8e:/usr/local/apache2# echo "<h1>Hello, Docker!</h1>" > /usr/local/apache2/htdocs
退出容器
[root@muyudembp ~]# curl localhost
<h1>Hello, Docker!</h1>
我们可以用下面的命令将容器保存为镜像:
[root@muyudembp ~]# docker commit \
> --author "muyu" \
> --message "修改了默认首页" \
> webserver \
> httpd:v2
sha256:229d8c3a7577be285e858f80c1e97dad5ddfb504fbcd5b4f1b3ad4fa40935712
[root@muyudembp ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd v2 229d8c3a7577 11 seconds ago 165MB
httpd latest d3017f59d5e2 17 hours ago 165MB
[root@muyudembp ~]# docker history 229d8c3a7577
IMAGE CREATED CREATED BY SIZE COMMENT
229d8c3a7577 About a minute ago httpd-foreground 31B 修改了默认首页
d3017f59d5e2 17 hours ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0B
<missing> 17 hours ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 17 hours ago /bin/sh -c #(nop) COPY file:c432ff61c4993ecd… 138B
<missing> 17 hours ago /bin/sh -c #(nop) STOPSIGNAL WINCH 0B
<missing> 17 hours ago /bin/sh -c set -eux; savedAptMark="$(apt-m… 60.7MB
<missing> 2 weeks ago /bin/sh -c #(nop) ENV HTTPD_PATCHES= 0B
<missing> 2 weeks ago /bin/sh -c #(nop) ENV HTTPD_SHA256=133d4829… 0B
<missing> 2 weeks ago /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.41 0B
<missing> 2 weeks ago /bin/sh -c set -eux; apt-get update; apt-g… 35.4MB
<missing> 2 weeks ago /bin/sh -c #(nop) WORKDIR /usr/local/apache2 0B
<missing> 2 weeks ago /bin/sh -c mkdir -p "$HTTPD_PREFIX" && chow… 0B
<missing> 2 weeks ago /bin/sh -c #(nop) ENV PATH=/usr/local/apach… 0B
<missing> 2 weeks ago /bin/sh -c #(nop) ENV HTTPD_PREFIX=/usr/loc… 0B
<missing> 2 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 2 weeks ago /bin/sh -c #(nop) ADD file:74b2987cacab5a6b0… 69.2MB
[root@muyudembp ~]# docker run --name webserver2 -d -p 81:80 httpd:v2
693745577ac0d47dc88680dff44afa3749ac88c39ad55deea1802c191bcb9542
[root@muyudembp ~]# curl localhost:81
<h1>Hello, Docker!</h1>At this point, the first time we completed the customized image, using a docker commit command, the manual operation to the old mirror added a new layer to form a new mirror, the mirror tiered storage should have a more intuitive feel.
But the customized image is not recommended to use customized image should be done Dockerfile
Finishing order:
Container operations:
docker create # 创建一个容器但是不启动它
docker run # 创建并启动一个容器
docker stop # 停止容器运行,发送信号SIGTERM
docker start # 启动一个停止状态的容器
docker restart # 重启一个容器
docker rm # 删除一个容器
docker kill # 发送信号给容器,默认SIGKILL
docker attach # 连接(进入)到一个正在运行的容器
docker wait # 阻塞一个容器,直到容器停止运行
Gets information:
docker ps # 显示状态为运行(Up)的容器
docker ps -a # 显示所有容器,包括运行中(Up)的和退出的(Exited)
docker inspect # 深入容器内部获取容器所有信息
docker logs # 查看容器的日志(stdout/stderr)
docker events # 得到docker服务器的实时的事件
docker port # 显示容器的端口映射
docker top # 显示容器的进程信息
docker diff # 显示容器文件系统的前后变化
docker system df # 查看镜像、容器、数据卷所占用的空间。Export container:
docker cp # 从容器里向外拷贝文件或目录
docker export # 将容器整个文件系统导出为一个tar包,不带layers、tag等信息carried out:
docker exec # 在容器里执行一个命令,可以执行bash进入交互式Mirror operations:
docker images # 显示本地所有的镜像列表
docker import # 从一个tar包创建一个镜像,往往和export结合使用
docker build # 使用Dockerfile创建镜像(推荐)
docker commit # 从容器创建镜像
docker rmi # 删除一个镜像
docker load # 从一个tar包创建一个镜像,和save配合使用
docker save # 将一个镜像保存为一个tar包,带layers和tag信息
docker history # 显示生成一个镜像的历史命令
docker tag # 为镜像起一个别名Warehouse mirror (Registry) Operation:
docker login # 登录到一个registry
docker search # 从registry仓库搜索镜像
docker pull # 从仓库下载镜像到本地
docker push # 将一个镜像push到registry仓库中