Basic management of Docker

Posted by asphpguy on Fri, 14 Jan 2022 01:39:10 +0100

1, First meet Docker

1.Docker overview

Docker is an open source tool for running applications in Linux container. It is a lightweight virtual machine, which was born in 2013
Docker project has joined the Linux foundation, and all open source code is in https://github.com/docker For maintenance, the official website is https://www.docker.com/ , docker and OpenStack are the most popular open source projects for cloud computing
Docker's Logo is designed as a blue whale dragging many containers. As shown in the above figure, whales can be regarded as host computers. Containers can be understood as isolated containers. Each container has its own application (sandbox / sandbox)
Docker's design philosophy: Build, Ship and Run Any APP, anywhere, that is, through the management of the life cycle of application component encapsulation, release, deployment and operation, to achieve the purpose of "one-time encapsulation and everywhere operation" at the application component level
The components here can be an application, a set of services, or even a complete operating system

2. Comparison between docker container and traditional virtualization

Small and flexible, efficiency first!

① Advantages of Docker

Is there such a technology that can easily create applications running on the cloud platform, can be separated from the underlying hardware support, and can obtain these resources at any time and anywhere? (Docker!)
Doker's container technology can easily create a lightweight, portable and self-sufficient container for any application on one host, package the application through the container, simplify the trivial repeated work of redeployment and debugging, and greatly improve the work efficiency!
In short, if dockers are used by both parties, smooth transition can be completed and migration of any service can be realized, that is, the service runs on the Docker container, regardless of anything else!
For example, the server needs to be migrated from Tencent cloud to Alibaba cloud. If Docker container technology is adopted, the whole migration process only needs to start the container we need on the new server

② Docker has significant advantages over traditional virtual machines

The start and stop of Docker container can be implemented in seconds
The core problem solved by Docker is to use containers to realize VM like functions and provide users with more computing resources with more saved hardware resources
In addition to running its applications, Docker containers basically do not consume additional system resources. While maintaining performance, it effectively reduces system overhead, so that thousands of Docker containers can be run on a host
Docker is easy to run and can support flexible automatic creation and deployment through Dockerfile configuration files

A more intuitive summary is shown below

characteristic	Docker container	virtual machine
Starting speed	Second order	Minute level
Computing power loss	Almost none	Loss 50% action
performance	Near primary	weaker than
System support (single machine)	Thousands	Dozens
Isolation	Resource constraints	Complete isolation

Containers depend on the kernel for isolation, and the relationship between them is like sharing, so the security is worse than that of virtual machines. After all, they are not completely isolated. Therefore, if a container is broken by a hacker, the host basically disappears

There is not no way here, that is, cgroup resource allocation, which can provide a certain security mechanism

Docker's many advantages are inseparable from the characteristics of operating system virtualization:

Traditional virtual machines require additional hypervisors and virtual machine operating system layers
The Docker container is a virtualization directly implemented on the operating system level

2, Core concept and installation of Docker

1. Image

Docker images are the basis for creating containers, similar to snapshots of virtual machines

It can be understood as a read-only template for Docker container engine, such as:

An image can be a complete CentOS operating system environment, which is called a CentOS image
An application with MySQL installed is called a MySQL image
...

Docker provides a simple mechanism to create and update existing images. Users can also download ready application images from the Internet for direct use. It's so powerful!

2. Container

Docker's container is a running instance created from an image. It can be started, stopped and deleted. The container is a service

Each container created is isolated and invisible from each other, with strong isolation between each other, so as to ensure the security of the platform
The container can be regarded as a simple version of Linux environment. Docker can use the container to run and isolate applications

3. Repository

The Docker warehouse is used to centrally store images

After creating your own image, you can use the [push] command to upload it to [public] or [Private]
After that, use this image on another machine and directly pull it down. It's not too convenient!

The warehouse registration server [Registry] is the place where warehouses are stored. It contains multiple warehouses. Each warehouse stores a certain type of image and uses different tags [tag] to distinguish them

At present, the largest public warehouse is Docker Hub

4. Install Docker

Docker can be used on mainstream operating system platforms, such as Windows, Linux and MacOS systems

Official docker installation technical documents: https://docs.docker.com/engine/install/centos/
Alicloud docker installation technical documentation: https://developer.aliyun.com/article/110806

It is recommended to see these technical documents!

systemctl stop firewalld
systemctl disable firewalld
setenforce 0

--
'#The Docker repository needs to be set before the Docker Engine is installed on the new host for the first time. After that, you can install and update Docker 'from the repository
'#Set up the repository, install the yum utils package (provides the yum config manager utility) and set up a stable repository '
yum install -y yum-utils

yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

--
'## Note: after some versions, other dependent packages appear in docker CE installation. If the installation fails, please pay attention to the error message '
'#For example, after docker CE 17.03, you need to install docker CE SELinux! "
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

--
'#Install the latest version of Docker Engine and container '
'#Docker CE cli is the docker command line toolkit, containerd IO is container interface related package '
yum install -y docker-ce docker-ce-cli containerd.io


--
'#Start docker '
systemctl start docker
systemctl enable docker

--
'#Verify that Docker Engine 'is installed correctly by running the Hello world image
sudo docker run hello-world

--
'#'check docker version'
docker version

The installed Docker has two programs: Docker server and Docker client

The Docker server is a service process that manages all containers
Docker client is the remote controller of docker server, which can be used to control the process of docker server
In most cases, Docker server and client run on the same server

5. How to install a specific version of Docker?

If the installed or updated version is always the highest version, it may not meet the stability requirements
We can list the available versions in the repository to see which versions are available:

'#List and sort the versions available in the repository, sort the results by version number (from high to low), and truncate '
yum list docker-ce --showduplicates | sort -r
...
...

--
'#Uninstall Docker Engine, CLI and container packages'
yum remove -y docker-ce docker-ce-cli containerd.io
'#Images, containers, volumes or custom profiles on the host will not be automatically deleted. To delete all images, containers and volumes'
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
'#Note: all edited profiles must be deleted manually '

--
'#Example: [docker-ce-18.09.1] '
sudo yum install docker-ce-18.09.1 docker-ce-cli-18.09.1 containerd.io

systemctl start docker
docker version

6. Extra meal - key JSON | docker0 | pat port multiplexing technology

cd /etc/docker
'//After Docker is installed, a new file key will be generated in this directory json'

You can check the content below. This file is the key to download the image from the official public warehouse. The json format is in the form of key value pairs
From a development perspective, key value pairs are more efficient

ifconfig
'//After installing docker, ifcong will find an additional docker0 network card '

It is the bridge of containers, connecting containers to each other

PAT: port multiplexing technology and the ability to convert multiple addresses into one address (172.17.0.1 / 24)

3, Docker image operation

Docker needs to have a local image before running the container. If there is no local image, docker will try to start from the default image warehouse[ https://hub.docker.com ]Download. This is a public warehouse officially maintained by Docker, which can meet most of the needs of users
Of course, users can also use the customized image warehouse through configuration

① Search image – docker search

'Command format:'
docker search [object]

'Example:'
docker search nginx

'#Default output results will be sorted by star rating '

docker search -f stars=1000 nginx

'#You can use the option "- f" with "stars=x" to display images above the specified star level '

Generally, the image maintained by the official project team uses a single word, such as [nginx] as the image name, which we call the basic image or root image
An image named like [mailu/nginx] means an image created and maintained by the user [mailu] of Docker Hub, with the user name as the prefix
Whether to actively create indicates whether users are allowed to verify the source and content of the image
Using the [docker search] command, you can only find the image, but cannot obtain the image label. If you need to find the docker label, you need to access the image warehouse from the web page https://hub.docker.com

② Get image – docker pull

After searching for the image that meets the requirements, we can use the [docker pull] command to download the image from the network for local use

'Command format:'
docker pull [Warehouse name][:label]

'Example:'
docker pull mailu/nginx

The tag [tag] is used to distinguish the image version. You can see that there is no specified tag. Here, the latest version of the image in the warehouse will be downloaded by default, that is, select the [latest] tag
During the whole downloading process, we can see that the entire image file is composed of several layers, which we call AUFS, that is, the federated file system, which realizes the basis of incremental saving and updating. During the downloading process, the information of each layer of the image will be output
After the image is downloaded locally, we can use the image at any time
Users can also choose to download from other registration server warehouses. You need to specify the complete warehouse registration server address before the warehouse name

③ View image information – docker images/inspect/tag

'Command format:'
docker images [Warehouse name][:label]

'Example:'
docker images

information	explain
REPOSITORY	Warehouse to which the image belongs
TAG	The label information of the image marks different images in the same warehouse
IMAGE ID	The unique ID number of the image, which is the unique identification of the image
CREATED	Creation time of the image
SIZE	Mirror size

The user can also obtain the details of the image according to the unique ID number of the image

'Command format:'
docker inspect [image ID number]

'Example:'
docker inspect 23089a8ec5aa

'#This is the image ID number of wodby/nginx '
'#'long display length'

In order to make it easier to use the downloaded image in subsequent work, we can use the [docker tag] command to add a new label to the local image

'Command format:'
docker tag name:[label] New name:[new label]

'Example:'
docker tag mailu/nginx nginx123:nginx

docker images|grep nginx

④ Delete image – docker rmi

You can use the [docker rmi] command to delete the image
There are two ways to delete a mirror: use the label or ID of the mirror

'Command format:'
docker rmi [Warehouse name][:label]
or
docker rmi [image ID number]

'Example:'
docker images|grep nginx

docker rmi nginx123:nginx

'#When an image has multiple labels, this command will only delete the specified label in the number of labels, and will not affect the image file '
'#If the image has only one label, you should pay attention. Using this command again will directly and completely delete the image! "

docker rmi 97788821c58b

'#Be careful when selecting the image ID number as the parameter. You must first ensure that the image is not currently used by the container '
'#If the image has been used by a container, delete the container that depends on the image first, and then delete the image '
'#When deleting, the system will first delete all labels pointing to the image, and then delete the image itself '

docker images|grep nginx

⑤ Saving and loading images – docker save/load

If you need image migration, you need to save the image to a local file first, and then copy the file to other hosts
This process is called saving an image. Use the [docker save] command

'Command format:'
docker save -o [Storage file name] [Storage Mirroring ]

'Example:'
docker save -o nginx nginx
ls -l nginx

--
scp nginx root@192.168.239.102:nginx

'#To another host '

If you need to migrate the saved image from host A to host B, you can import the exported file into the image library of host B
This process is called loading image, and the [docker load] is used for loading

'Command format:'
docker load <[Save file]

'Example:'
docker load <nginx

docker images|grep nginx

⑥ Upload image – docker login/push

More and more images are stored locally. We can specify a warehouse to store these images
At present, the most convenient is the public warehouse. By default, it is uploaded to the official warehouse of Docker Hub, but the account for using the public warehouse needs to be registered. You can use the [docker login] command to enter the user name, password and email to log in

'Example:'
docker login

--
'I need to go first[ https://hub. docker. [com] to register an account, the registration process is very simple. '

Before uploading an image, you need to add a new label to the local image, and then use the [docker push] command to upload it

'Command format:'
docker tag [name][:label] [Account name][/name][:new label]
docker push [Account name][/name][:new label]

'Example:'
docker tag nginx:latest qq1605963524/nginx:centos7
docker push qq1605963524/nginx:centos7

4, Docker container operation

Container is another core concept of Docker:

A container is a running instance of an image. It is one or a group of applications running independently and their necessary running environment
Including file system, system class library, Shell environment, etc
The image is like a read-only template, and the container will give the read-only template an additional writable layer

① Container creation and use – docker create/ps/start/run

The creation of a container is the process of loading images into the container:

Docker's container is very lightweight, and users can create or delete it randomly
The newly created container is stopped by default, that is, it will not start running any programs by itself
You need to start a process to start the container. The process is the only process of the container. That is, when the process terminates, the container will also be completely terminated
The stopped container can be restarted and the original changes can be retained

'Command format:'
docker create [option] [image] [Running program]

'Common options:'
-i: Keep the output of the container open
-t: Give Way Docker Assign a pseudo terminal

'Example:'
docker create -it nginx /bin/bash

'#When a new container is created, a unique ID 'is returned

--
docker ps -a

'#You can use this command to view the running status of the index container '
'#"- a" option means to list the containers that the system was last started "

--
docker start [Container ID/name]

'#'container in start stop state'

If you want to directly create and use containers, you can use the [docker run] command, which is equivalent to executing [docker create] first and then [docker start]
It should be noted that when this command is executed, the container will stop as long as the subsequent command runs

When using the [docker run] command to create a container, the standard running process of Docker in the background:

Check whether the specified image exists locally. If it does not exist, it will be downloaded from the public warehouse
Create and start a container using a mirror
Allocate a file system to the container and mount a read-write layer outside the read-only image layer
Bridge a virtual machine from the bridge interface configured by the host to the container
Assign an IP in the address pool to the container
Execute user specified applications
After execution, the container is terminated

'Example: create a container and start executing a shell command'
docker run centos /usr/bin/bash -c ls /

--
docker ps -a

'#Viewing the status of the container, you will find that it is terminated after executing the command '

--
docker run -d centos /usr/bin/bash -c "while true;do echo hello world;done"

'#The "- d" option can be added to make docker run in the background as a daemon, that is, the container can be continuously run in the background '
'#Note: once the program run by the container is completed, the container will also be terminated. '

docker ps -a

② Operation and termination of containers – docker stop

'Command format:'
docker stop [Container ID/name]

'Example:'
docker stop fcd5691107cf
docker stop a17b5d224f47

docker ps -a

'#'expired is the terminated status'

③ Container entry – docker exec

When you need to enter the container for corresponding operations, you can use the [docker exec] command to enter the running container

'Command format:'
docker exec -it [container ID/name] /bin/bash

'Example:'
docker exec -it 4aa9da25318d /bin/bash

'#The user can enter the command through the created terminal '

④ Export and import of containers – docker export/import

First, you need to export the created container as a file. Use the [docker export] command. The container is currently running and can be exported normally
After export, transfer the file to other hosts, and use the corresponding import command to migrate the container
It is basically the same as image migration

'Command format:'
docker export [container ID/name] >file name

'Example:'
docker export 4aa9da25318d >nginx01
ls -l nginx01 

--
scp nginx01 root@192.168.126.16:nginx01

Go to the remote output host for the next operation
Use the [docker import] command to import and become an image

'Command format:'
cat [file name] |docker import - [Generated image name][:label]

'Example:'
ls -l nginx01

cat nginx01 |docker import - nginx01:xcf

'#Import file nginx01 as local image '

--
docker images |grep nginx

⑤ Deletion of containers – docker rm

You can use the [docker rm] command to delete a container in terminated status

'Command format:'
docker rm [container ID/name]

'Example:'
docker ps -a

docker rm docker rm fcd5691107cf a17b5d224f47 cf7eb18ebf28 fb95ffa44044 2ee2c9d515b3 e88f1ded4cd

docker ps -a

If you want to delete a running container, you can add the "- f" option to force the deletion, but it is not recommended. It is best to stop the container before deleting it!

The default storage directory of Docker is / var/lib/docker, where all Docker images, containers, logs and other contents are stored
Large capacity partitions can be used separately to store these contents, and LVM logical volumes are generally selected to avoid the problem of insufficient storage directory capacity during Docker operation

Topics: Docker

Programmer Think