Docker learning notes: image, container, data volume

Posted by evildarren on Sat, 16 May 2020 09:07:41 +0200

Core concepts

  • Image: a read-only template, similar to the image of a virtual machine.
  • Container: it can be understood as a running instance of the image. The runtime is similar to a sandbox, with multiple containers independent of each other.
  • Warehouse: the place where image files are stored.


Command table

command explain option
docker pull NAME[:TAG|@DIGEST] Pull image
docker push NAME[:TAG] Push image
docker images [REPOSITORY[:TAG]] Image list
docker rmi IMAGE [IMAGE...] Delete the image. If a container is using the image, it cannot be deleted. -f: Force deletion.
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] Tag, similar to one more reference. The image id of source and target are the same.
docker inspect NAME|ID [NAME|ID...] View image / container information
docker image prune Remove unused mirror images. -a: Delete all unused mirrors

create mirror

  • Create based on existing container: docker commit
  • Import based on local template: docker import (introduced in container section together with export command)
  • Create based on Dockerfile: docker build

docker commit

After modifying and installing some programs based on other images, commit to generate a new image.

Prepare a ubuntu image

-> [feifei@ffmac.local] [~] docker pull ubuntu
-> [feifei@ffmac.local] [~] docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              latest              1d622ef86b13        2 weeks ago         73.9MB
-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Run image to add a file

-> [feifei@ffmac.local] [~] docker run -it ubuntu /bin/bash
root@af9221c0bb6e:/# touch a.txt
root@af9221c0bb6e:/# exit

View the container list, view the modified content, and generate a new image of myubuntu

-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
af9221c0bb6e        ubuntu              "/bin/bash"         22 seconds ago      Exited (0) 6 seconds ago                       fervent_wiles
-> [feifei@ffmac.local] [~] docker diff af9221c0bb6e
A /a.txt
C /root
A /root/.bash_history
-> [feifei@ffmac.local] [~] docker commit af9221c0bb6e myubuntu
-> [feifei@ffmac.local] [~] docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
myubuntu            latest              9a8c0fa00cda        7 seconds ago       73.9MB
ubuntu              latest              1d622ef86b13        2 weeks ago         73.9MB

docker save/load

docker save IMAGE [IMAGE...]
The save target of save is a mirror. Commonly used docker save - O myimport2.tar Myimport or docker save myimport > myimport2.tar

-> [feifei@ffmac.local] [~] docker save -o myimport2.tar myimport
-> [feifei@ffmac.local] [~] ls
import.txt    myimport.tar  myimport2.tar

Load after deleting myimport image

-> [feifei@ffmac.local] [~] docker load -i myimport2.tar
90441ead6bbb: Loading layer [==================================================>]  1.536kB/1.536kB
Loaded image: myimport:latest

The image id after loading is the same as that before deleting, which is also different from import.


Command table

command explain remarks
docker create IMAGE [COMMAND] [ARG...] Create a container from the image. The status of the container just Created is Created Too many parameters, help.
docker start CONTAINER [CONTAINER...] Start one or more containers -i: Keep container standard input open
docker container prune Remove all stopped containers, including those in the Created and Exited states.
docker stop CONTAINER [CONTAINER...] Terminate container operation -t: The default value is 10, which means the maximum waiting time will be kill ed
docker kill CONTAINER [CONTAINER...] Send signal to container -s: KILL by default
docker attach CONTAINER When multiple windows attach to a container at the same time, all windows are displayed synchronously. When a window is blocked, other windows cannot operate.
docker exec CONTAINER COMMAND [ARG...] Each window is independent General usage: docker exec -it c1 /bin/bash
docker rm CONTAINER [CONTAINER...] Only terminated and exited containers can be deleted, - f forces the deletion of running containers. Docker will send SIGKILL signal to the container, terminate its application, and then delete the container. -f: Force deletion of running containers
docker inspect NAME|ID [NAME|ID...] This command can view image information or container information
Copy files between host and container docker cp c1:/a.txt ./
Copy from c1 container/ a.txt To the current directory of the host
docker port CONTAINER [PRIVATE_PORT[/PROTO]] View container port mapping

docker run

This command creates a container from the image and runs it. If the image does not exist locally, an attempt is made to pull it from the warehouse.

option explain
-t Ask Docker to assign a pseudo terminal and bind it to the container's standard input
-i Keep container standard input open
-d Running as Daemons
--rm Automatically delete after restart
-> [feifei@ffmac.local] [~] docker run ubuntu echo 'Hello World'
Hello World
-> [feifei@ffmac.local] [~] docker run -it ubuntu /bin/bash

docker wait

docker wait CONTAINER [CONTAINER...]
Block until one or more containers stop running, then print their exit codes
Open two windows to run a container, and then open a third window to run

// Window 1 run container c1
docker run -it --name c1 ubuntu /bin/bash
// Window 2 run container c2
docker run -it --name c2 ubuntu /bin/bash
// Window 3 run docker wait
docker wait c1 c2
// When window 1 executes exit 1, window 3 does not respond; when window 2 executes exit 2, the output lines of window 3 are 1 and 2 respectively.

docker logs

Get a container's log
-f: Continuous output; - t: output timestamp; -- details: additional details

// Window 1
-> [feifei@ffmac.local] [~] docker run -it --name c1 ubuntu /bin/bash
root@046d5a62374e:/# pwd
root@046d5a62374e:/# touch a.txt
root@046d5a62374e:/# exit 123

// Window 2
-> [feifei@ffmac.local] [~] docker logs -tf c1
2020-05-13T16:55:10.398202931Z root@046d5a62374e:/# pwd
2020-05-13T16:55:10.398297213Z /
2020-05-13T16:55:38.712593120Z root@046d5a62374e:/# touch a.txt
2020-05-13T16:55:55.908622227Z root@046d5a62374e:/# exit 123
2020-05-13T16:55:55.909431626Z exit

docker pause/unpause

Pause container: docker pause CONTAINER [CONTAINER...]
Unsuspend: docker unpause CONTAINER [CONTAINER...]

// Window 1
-> [feifei@ffmac.local] [~] docker run -it --rm --name c1 ubuntu /bin/bash

// Window 2
-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
505f1b39efa0        ubuntu              "/bin/bash"         11 seconds ago      Up 11 seconds                           c1
-> [feifei@ffmac.local] [~] docker pause c1
-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
505f1b39efa0        ubuntu              "/bin/bash"         26 seconds ago      Up 26 seconds (Paused)                       c1
-> [feifei@ffmac.local] [~] docker unpause c1
-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
505f1b39efa0        ubuntu              "/bin/bash"         39 seconds ago      Up 39 seconds                           c1

docker import/export

import creates a image based on a tar file, but this tar file is not necessarily export ed, but can also be generated by itself.

docker import

docker import file|URL|- [REPOSITORY[:TAG]]
For the same tar file, the image id of the image generated by using docker import multiple times is different.

-> [feifei@ffmac.local] [~] touch import.txt
-> [feifei@ffmac.local] [~] tar -cvf myimport.tar import.txt
a import.txt
-> [feifei@ffmac.local] [~] docker import myimport.tar myimport
-> [feifei@ffmac.local] [~] docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
myimport            latest              3572df2ff16b        5 seconds ago       0B
ubuntu              latest              1d622ef86b13        2 weeks ago         73.9MB

docker export

docker export CONTAINER´╝î
The export target of export is container, not image. Commonly used: docker export - O c11.tar C1 or docker export C1 > c11.tar

-> [feifei@ffmac.local] [~] docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
68e152e8e6ee        ubuntu              "/bin/bash"         31 minutes ago      Up 31 minutes                           c1
-> [feifei@ffmac.local] [~] docker export -o c11.tar c1
-> [feifei@ffmac.local] [~] docker export c1 > c12.tar
-> [feifei@ffmac.local] [~] ls
c11.tar c12.tar

The difference between export and save

Different operation targets: export is a container and save is a mirror.
The content of the exported file is different: export exports the snapshot of the file at that time, and save exports the complete image with history and metadata.

The difference between import and load

import importing the same tar file multiple times will get multiple images with different image IDS, while load will only get one.

docker top

docker top CONTAINER [ps OPTIONS]
Viewing process information in a running container

-> [feifei@ffmac.local] [~] docker top c1
PID                 USER                TIME                COMMAND
2504                root                0:00                /bin/bash

docker stats

docker stats [CONTAINER...]
View statistics, including CPU, memory, storage, network, etc

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
0e5fa15b44a9        c1                  0.00%               884KiB / 1.945GiB   0.04%               1.05kB / 0B         0B / 0B             1

docker diff

docker diff CONTAINER
View changes to the file system within the container

  • A (Add): Add;
  • C (Change): Change;
  • D (Delete): Delete
-> [feifei@ffmac.local] [~] docker diff c1
A /a.txt
C /.dockerenv
D /tmp

docker update

docker update CONTAINER [CONTAINER...]
Change some configurations of the container runtime, mainly to limit the share of resources, such as cpu and memory. Specific parameter help.

data management

This chapter discusses how to persist data within containers and how to share data between containers.

Data volume

A data volume is a special directory that can be used by a container. It maps the host directory directly to the container. Similar to Linux mount. It has the following features:

  • Data volumes can be shared and reused between containers
  • Changes to data volumes take effect immediately
  • The data volume remains until there is no container to use and can be safely unmounted

Create data volume

docker volume create [VOLUME]
Other docker volume subcommands are: ls, rm, prune, inspect.

// Create a data volume named test
-> [feifei@ffmac.local] [~] docker volume create test
// Not specifying a name assigns a
-> [feifei@ffmac.local] [~] docker volume create
// View results
-> [feifei@ffmac.local] [~] docker volume ls
local               b03ca993f283336bbc227e2a58e3683e175316222321074ec4b24f556fe3bdd2
local               test

Bind data volume

When using docker run, you can use the -- mount option to use data volumes, which supports three types:

  • Volume: normal data volume, mapped to / var/lib/docker/volumes of the host
  • Bind: bind the data volume and map it to the specified path of the host
  • tmpfs: temporary data volume, only in memory

Map the host host hostdir to / root/cntrdir of the vtest container. The following two are equivalent.

docker run --rm --name vtest --mount type=bind,src=`pwd`/hostdir,dst=/root/cntrdir -it ubuntu
docker run --rm --name vtest -v `pwd`/hostdir:/root/cntrdir -it ubuntu

The default permission for docker to mount data volume is read-write (rw). Read only (ro) can be specified. The data volume cannot be modified in the container, but the host is not affected.

docker run --rm --name vtest -v `pwd`/hostdir:/root/cntrdir:ro -it ubuntu

If the volume specified by src does not exist, it is created automatically. If src is not specified, a volume with random name is created, and its life cycle is the same as that of the container. When the container is destroyed, the volume is also destroyed.
Mount common data volume v1 to / root/cntrv1 of container vtest

docker run --rm --name vtest --mount type=volume,src=v1,dst=/root/cntrv1 -it ubuntu
docker run --rm --name vtest -v v1:/root/cntrv1 -it ubuntu

Viewing data volume content on mac

docker is running in Linux kit VM on Mac. You need to use the screen command to enter the view.

// Create a data volume first
-> [feifei@ffmac.local] [~] docker volume create v1

// screen
-> [feifei@ffmac.local] [~] screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

// Enter virtual machine
docker-desktop:~# cd /var/lib/docker/volumes/
docker-desktop:/var/lib/docker/volumes# ls
metadata.db  v1

See the data volume directory found!

Data volume container

Creation and use

The purpose of data volume container is to provide data volume mount for other containers.
--Volumes from does not require the data volume container specified by the parameter to be in a running state.

// Create two data volume containers db1, DB2 db3, where db1 and db3 map the same contents in the container
-> [feifei@ffmac.local] [~] docker run --name db1 -v /root/db1 -itd ubuntu
-> [feifei@ffmac.local] [~] docker run --name db2 -v /root/db2 -itd ubuntu
-> [feifei@ffmac.local] [~] docker run --name db3 -v /root/db1 -itd ubuntu

// Use -- volumes from to mount the data volume in the container, which can be used multiple times
-> [feifei@ffmac.local] [~] docker run --name cntr1 --volumes-from db1 --volumes-from db2 -it ubuntu
root@63c9ba535eec:/# ls /root/
db1  db2

// You can mount data volumes from other containers that have data volume containers mounted. It's a bit like inheritance.
-> [feifei@ffmac.local] [~] docker run --name cntr2 --volumes-from cntr1 -it ubuntu
root@640c49fee4ad:/# ls /root/
db1  db2

// If you mount different data volume containers, but the mapping paths are the same, you are actually using the later data volume containers.
-> [feifei@ffmac.local] [~] docker run --name cntr3 --volumes-from db1 --volumes-from db3 -it ubuntu
root@7aba448230b8:/# ls /root/

If the attached container (db1, db2, cntr1) is deleted, the data volume will not be deleted automatically. If you want to delete it, you need to execute docker rm -v when you delete the last container hanging here.


Back up the data volume contents in the data volume container db1 to the local current directory.

docker run --volumes-from db1 -v `pwd`:/bak --name cntrbak ubuntu tar -cvf /bak/db1.tar /root/db1

Use -- volumes from db1 to mount a container data volume; use - V ` PWD ` / bak to map the current directory of the host to the / bak directory of the container cntrbak; then tar packs db1 to / bak/db1.tar.

Topics: Docker Ubuntu Windows Linux