Basic management of Docker

Posted by asphpguy on Fri, 14 Jan 2022 01:39:10 +0100

1, First meet Docker

1.Docker overview

  • Docker is an open source tool for running applications in Linux container. It is a lightweight virtual machine, which was born in 2013

  • Docker project has joined the Linux foundation, and all open source code is in For maintenance, the official website is , docker and OpenStack are the most popular open source projects for cloud computing

  • Docker's Logo is designed as a blue whale dragging many containers. As shown in the above figure, whales can be regarded as host computers. Containers can be understood as isolated containers. Each container has its own application (sandbox / sandbox)

  • Docker's design philosophy: Build, Ship and Run Any APP, anywhere, that is, through the management of the life cycle of application component encapsulation, release, deployment and operation, to achieve the purpose of "one-time encapsulation and everywhere operation" at the application component level

  • The components here can be an application, a set of services, or even a complete operating system

2. Comparison between docker container and traditional virtualization

  • Small and flexible, efficiency first!

① Advantages of Docker

  1. Is there such a technology that can easily create applications running on the cloud platform, can be separated from the underlying hardware support, and can obtain these resources at any time and anywhere? (Docker!)

  2. Doker's container technology can easily create a lightweight, portable and self-sufficient container for any application on one host, package the application through the container, simplify the trivial repeated work of redeployment and debugging, and greatly improve the work efficiency!

  3. In short, if dockers are used by both parties, smooth transition can be completed and migration of any service can be realized, that is, the service runs on the Docker container, regardless of anything else!

  4. For example, the server needs to be migrated from Tencent cloud to Alibaba cloud. If Docker container technology is adopted, the whole migration process only needs to start the container we need on the new server

② Docker has significant advantages over traditional virtual machines

  1. The start and stop of Docker container can be implemented in seconds

  2. The core problem solved by Docker is to use containers to realize VM like functions and provide users with more computing resources with more saved hardware resources

  3. In addition to running its applications, Docker containers basically do not consume additional system resources. While maintaining performance, it effectively reduces system overhead, so that thousands of Docker containers can be run on a host

  4. Docker is easy to run and can support flexible automatic creation and deployment through Dockerfile configuration files

A more intuitive summary is shown below

characteristicDocker containervirtual machine
Starting speedSecond orderMinute level
Computing power lossAlmost noneLoss 50% action
performanceNear primaryweaker than
System support (single machine)ThousandsDozens
IsolationResource constraintsComplete isolation
  • Containers depend on the kernel for isolation, and the relationship between them is like sharing, so the security is worse than that of virtual machines. After all, they are not completely isolated. Therefore, if a container is broken by a hacker, the host basically disappears
  • There is not no way here, that is, cgroup resource allocation, which can provide a certain security mechanism

Docker's many advantages are inseparable from the characteristics of operating system virtualization:

  1. Traditional virtual machines require additional hypervisors and virtual machine operating system layers
  2. The Docker container is a virtualization directly implemented on the operating system level

2, Core concept and installation of Docker

1. Image

Docker images are the basis for creating containers, similar to snapshots of virtual machines

It can be understood as a read-only template for Docker container engine, such as:

  1. An image can be a complete CentOS operating system environment, which is called a CentOS image

  2. An application with MySQL installed is called a MySQL image

  3. ...

Docker provides a simple mechanism to create and update existing images. Users can also download ready application images from the Internet for direct use. It's so powerful!

2. Container

Docker's container is a running instance created from an image. It can be started, stopped and deleted. The container is a service

  1. Each container created is isolated and invisible from each other, with strong isolation between each other, so as to ensure the security of the platform

  2. The container can be regarded as a simple version of Linux environment. Docker can use the container to run and isolate applications

3. Repository

The Docker warehouse is used to centrally store images

  1. After creating your own image, you can use the [push] command to upload it to [public] or [Private]

  2. After that, use this image on another machine and directly pull it down. It's not too convenient!

  • The warehouse registration server [Registry] is the place where warehouses are stored. It contains multiple warehouses. Each warehouse stores a certain type of image and uses different tags [tag] to distinguish them
  • At present, the largest public warehouse is Docker Hub

4. Install Docker

Docker can be used on mainstream operating system platforms, such as Windows, Linux and MacOS systems

It is recommended to see these technical documents!

systemctl stop firewalld
systemctl disable firewalld
setenforce 0

'#The Docker repository needs to be set before the Docker Engine is installed on the new host for the first time. After that, you can install and update Docker 'from the repository
'#Set up the repository, install the yum utils package (provides the yum config manager utility) and set up a stable repository '
yum install -y yum-utils

yum-config-manager \
--add-repo \

'## Note: after some versions, other dependent packages appear in docker CE installation. If the installation fails, please pay attention to the error message '
'#For example, after docker CE 17.03, you need to install docker CE SELinux! "
wget -O /etc/yum.repos.d/CentOS-Base.repo

'#Install the latest version of Docker Engine and container '
'#Docker CE cli is the docker command line toolkit, containerd IO is container interface related package '
yum install -y docker-ce docker-ce-cli

'#Start docker '
systemctl start docker
systemctl enable docker

'#Verify that Docker Engine 'is installed correctly by running the Hello world image
sudo docker run hello-world

'#'check docker version'
docker version

The installed Docker has two programs: Docker server and Docker client

  1. The Docker server is a service process that manages all containers

  2. Docker client is the remote controller of docker server, which can be used to control the process of docker server

  3. In most cases, Docker server and client run on the same server

5. How to install a specific version of Docker?

  • If the installed or updated version is always the highest version, it may not meet the stability requirements

  • We can list the available versions in the repository to see which versions are available:

'#List and sort the versions available in the repository, sort the results by version number (from high to low), and truncate '
yum list docker-ce --showduplicates | sort -r

'#Uninstall Docker Engine, CLI and container packages'
yum remove -y docker-ce docker-ce-cli
'#Images, containers, volumes or custom profiles on the host will not be automatically deleted. To delete all images, containers and volumes'
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
'#Note: all edited profiles must be deleted manually '

'#Example: [docker-ce-18.09.1] '
sudo yum install docker-ce-18.09.1 docker-ce-cli-18.09.1

systemctl start docker
docker version

6. Extra meal - key JSON | docker0 | pat port multiplexing technology

cd /etc/docker
'//After Docker is installed, a new file key will be generated in this directory json'
  • You can check the content below. This file is the key to download the image from the official public warehouse. The json format is in the form of key value pairs
  • From a development perspective, key value pairs are more efficient
'//After installing docker, ifcong will find an additional docker0 network card '

It is the bridge of containers, connecting containers to each other

PAT: port multiplexing technology and the ability to convert multiple addresses into one address ( / 24)

3, Docker image operation

  • Docker needs to have a local image before running the container. If there is no local image, docker will try to start from the default image warehouse[ ]Download. This is a public warehouse officially maintained by Docker, which can meet most of the needs of users

  • Of course, users can also use the customized image warehouse through configuration

① Search image – docker search

'Command format:'
docker search [object]

docker search nginx

'#Default output results will be sorted by star rating '

docker search -f stars=1000 nginx

'#You can use the option "- f" with "stars=x" to display images above the specified star level '

  • Generally, the image maintained by the official project team uses a single word, such as [nginx] as the image name, which we call the basic image or root image
  • An image named like [mailu/nginx] means an image created and maintained by the user [mailu] of Docker Hub, with the user name as the prefix
  • Whether to actively create indicates whether users are allowed to verify the source and content of the image
  • Using the [docker search] command, you can only find the image, but cannot obtain the image label. If you need to find the docker label, you need to access the image warehouse from the web page

② Get image – docker pull

After searching for the image that meets the requirements, we can use the [docker pull] command to download the image from the network for local use

'Command format:'
docker pull [Warehouse name][:label]

docker pull mailu/nginx

  • The tag [tag] is used to distinguish the image version. You can see that there is no specified tag. Here, the latest version of the image in the warehouse will be downloaded by default, that is, select the [latest] tag

  • During the whole downloading process, we can see that the entire image file is composed of several layers, which we call AUFS, that is, the federated file system, which realizes the basis of incremental saving and updating. During the downloading process, the information of each layer of the image will be output

  • After the image is downloaded locally, we can use the image at any time

  • Users can also choose to download from other registration server warehouses. You need to specify the complete warehouse registration server address before the warehouse name

③ View image information – docker images/inspect/tag

'Command format:'
docker images [Warehouse name][:label]

docker images

REPOSITORYWarehouse to which the image belongs
TAGThe label information of the image marks different images in the same warehouse
IMAGE IDThe unique ID number of the image, which is the unique identification of the image
CREATEDCreation time of the image
SIZEMirror size

The user can also obtain the details of the image according to the unique ID number of the image

'Command format:'
docker inspect [image ID number]

docker inspect 23089a8ec5aa

'#This is the image ID number of wodby/nginx '
'#'long display length'

In order to make it easier to use the downloaded image in subsequent work, we can use the [docker tag] command to add a new label to the local image

'Command format:'
docker tag name:[label] New name:[new label]

docker tag mailu/nginx nginx123:nginx

docker images|grep nginx

④ Delete image – docker rmi

  • You can use the [docker rmi] command to delete the image

  • There are two ways to delete a mirror: use the label or ID of the mirror

'Command format:'
docker rmi [Warehouse name][:label]
docker rmi [image ID number]

docker images|grep nginx

docker rmi nginx123:nginx

'#When an image has multiple labels, this command will only delete the specified label in the number of labels, and will not affect the image file '
'#If the image has only one label, you should pay attention. Using this command again will directly and completely delete the image! "

docker rmi 97788821c58b

'#Be careful when selecting the image ID number as the parameter. You must first ensure that the image is not currently used by the container '
'#If the image has been used by a container, delete the container that depends on the image first, and then delete the image '
'#When deleting, the system will first delete all labels pointing to the image, and then delete the image itself '

docker images|grep nginx

⑤ Saving and loading images – docker save/load

  • If you need image migration, you need to save the image to a local file first, and then copy the file to other hosts

  • This process is called saving an image. Use the [docker save] command

'Command format:'
docker save -o [Storage file name] [Storage Mirroring ]

docker save -o nginx nginx
ls -l nginx

scp nginx root@

'#To another host '
  • If you need to migrate the saved image from host A to host B, you can import the exported file into the image library of host B

  • This process is called loading image, and the [docker load] is used for loading

'Command format:'
docker load <[Save file]

docker load <nginx

docker images|grep nginx

⑥ Upload image – docker login/push

  • More and more images are stored locally. We can specify a warehouse to store these images

  • At present, the most convenient is the public warehouse. By default, it is uploaded to the official warehouse of Docker Hub, but the account for using the public warehouse needs to be registered. You can use the [docker login] command to enter the user name, password and email to log in

docker login

'I need to go first[ https://hub. docker. [com] to register an account, the registration process is very simple. '

Before uploading an image, you need to add a new label to the local image, and then use the [docker push] command to upload it

'Command format:'
docker tag [name][:label] [Account name][/name][:new label]
docker push [Account name][/name][:new label]

docker tag nginx:latest qq1605963524/nginx:centos7
docker push qq1605963524/nginx:centos7

4, Docker container operation

Container is another core concept of Docker:

  1. A container is a running instance of an image. It is one or a group of applications running independently and their necessary running environment

  2. Including file system, system class library, Shell environment, etc

  3. The image is like a read-only template, and the container will give the read-only template an additional writable layer

① Container creation and use – docker create/ps/start/run

The creation of a container is the process of loading images into the container:

  1. Docker's container is very lightweight, and users can create or delete it randomly

  2. The newly created container is stopped by default, that is, it will not start running any programs by itself

  3. You need to start a process to start the container. The process is the only process of the container. That is, when the process terminates, the container will also be completely terminated

  4. The stopped container can be restarted and the original changes can be retained

'Command format:'
docker create [option] [image] [Running program]

'Common options:'
-i: Keep the output of the container open
-t: Give Way Docker Assign a pseudo terminal

docker create -it nginx /bin/bash

'#When a new container is created, a unique ID 'is returned

docker ps -a

'#You can use this command to view the running status of the index container '
'#"- a" option means to list the containers that the system was last started "

docker start [Container ID/name]

'#'container in start stop state'

  • If you want to directly create and use containers, you can use the [docker run] command, which is equivalent to executing [docker create] first and then [docker start]

  • It should be noted that when this command is executed, the container will stop as long as the subsequent command runs

When using the [docker run] command to create a container, the standard running process of Docker in the background:

  1. Check whether the specified image exists locally. If it does not exist, it will be downloaded from the public warehouse
  2. Create and start a container using a mirror
  3. Allocate a file system to the container and mount a read-write layer outside the read-only image layer
  4. Bridge a virtual machine from the bridge interface configured by the host to the container
  5. Assign an IP in the address pool to the container
  6. Execute user specified applications
  7. After execution, the container is terminated
'Example: create a container and start executing a shell command'
docker run centos /usr/bin/bash -c ls /

docker ps -a

'#Viewing the status of the container, you will find that it is terminated after executing the command '

docker run -d centos /usr/bin/bash -c "while true;do echo hello world;done"

'#The "- d" option can be added to make docker run in the background as a daemon, that is, the container can be continuously run in the background '
'#Note: once the program run by the container is completed, the container will also be terminated. '

docker ps -a

② Operation and termination of containers – docker stop

'Command format:'
docker stop [Container ID/name]

docker stop fcd5691107cf
docker stop a17b5d224f47

docker ps -a

'#'expired is the terminated status'

③ Container entry – docker exec

When you need to enter the container for corresponding operations, you can use the [docker exec] command to enter the running container

'Command format:'
docker exec -it [container ID/name] /bin/bash

docker exec -it 4aa9da25318d /bin/bash

'#The user can enter the command through the created terminal '

④ Export and import of containers – docker export/import

  1. First, you need to export the created container as a file. Use the [docker export] command. The container is currently running and can be exported normally
  2. After export, transfer the file to other hosts, and use the corresponding import command to migrate the container
  3. It is basically the same as image migration
'Command format:'
docker export [container ID/name] >file name

docker export 4aa9da25318d >nginx01
ls -l nginx01 

scp nginx01 root@

Go to the remote output host for the next operation
Use the [docker import] command to import and become an image

'Command format:'
cat [file name] |docker import - [Generated image name][:label]

ls -l nginx01

cat nginx01 |docker import - nginx01:xcf

'#Import file nginx01 as local image '

docker images |grep nginx

⑤ Deletion of containers – docker rm

You can use the [docker rm] command to delete a container in terminated status

'Command format:'
docker rm [container ID/name]

docker ps -a

docker rm docker rm fcd5691107cf a17b5d224f47 cf7eb18ebf28 fb95ffa44044 2ee2c9d515b3 e88f1ded4cd

docker ps -a

If you want to delete a running container, you can add the "- f" option to force the deletion, but it is not recommended. It is best to stop the container before deleting it!

  • The default storage directory of Docker is / var/lib/docker, where all Docker images, containers, logs and other contents are stored
    Large capacity partitions can be used separately to store these contents, and LVM logical volumes are generally selected to avoid the problem of insufficient storage directory capacity during Docker operation

Topics: Docker