Docker principle, basic usage, installation and deployment of docker - super detailed, beginners can understand!

1, Docker overview

1.1 what is Docker

  • Is a lightweight "virtual machine"
  • Docker is an open platform for developing, delivering and running applications. Docker enables you to separate your applications from your infrastructure, allowing you to deliver software quickly.
  • It is an open source application container engine, which allows developers to package portal applications and dependency packages into a portable image, and then publish them to any popular Linux or Windows machine, or realize virtualization. Containers are completely sandboxed, and there will be no interface between them
  • Sandbox: in the field of computer security, sandbox is an isolated running mechanism of programs
  • Docker aims to provide a standardized runtime environment from the beginning, and truly "build once, run anywhere". The same build version can be used in any environment such as development, testing, pre release and production, and decoupled from the underlying operating system. On this basis, CaaS (container as a service) technology has been further developed.

1.2. Docker usage scenario

  • Simple deployment of packaged applications
  • Deploy microservices
  • Providing PAAS products (platform as a service) {the virtual machine of OpenStack is similar to Alibaba cloud ECS, belonging to IAAS, and Docker (K8S) belongs to PAAS}
  • Continuous integration and continuous delivery (CI/CD): development to test release
  • It can be migrated arbitrarily away from the underlying hardware (realizing the isolation of applications, splitting and decoupling applications), such as the migration of servers from Tencent cloud to Alibaba cloud

1.3 difference between container and virtual machine

  • Virtual machine: virtual machine hardware (cpu, memory, disk, network) image mounting system
  • Container: process (service, system) environment

  • A virtual machine is equivalent to a process
  • The vcpu inside... Is equivalent to the thread inside
  • Container: a container that shares kernel resources, so it is relatively unsafe

Two ecosystems:

  • OpenStack -- virtual machine
  • kubernetes -- containers

1.4 core concepts of Docker


  • A read-only template for docker container engine


  • Run real columns created from images


  • Where the image is stored centrally

2, Deploy version 19 docker

1: Install dependent packages

yum install -y yum-utils device-mapper-persistent-data Ivm2
  • Yum config manager is available from Yum utils
  • Device mapper storage driver requires device mapper persistent data and Ivm2
  • Device Mapper
    It's Linux 2 The general device mapping mechanism supporting logical volume management in 6 kernel provides a highly modular kernel architecture for the implementation of block device driver for storage resource management.

2: Set alicloud image source

yum-config-manager --add-repo
 Only by pointing to alicloud image source yum download docker

3: Install docker CE

yum install -y docker-ce

systemctl stop firewalld 'Turn off the firewall'

setenforce 0   'View core protection'

vim /etc/selinux/config  'Core protection profile'
SELINUX=disabIed  'Turn off core protection'

systemctl start docker.service
systemctl enable docker.service

4: Image acceleration

Browser access to alicloud University
Select console

Search container mirroring service

Select mirror accelerator

Copy image acceleration path
Everyone has their own image acceleration

Accelerate with Alibaba cloud

tee /etc/docker/daemon.json <<-'EOF'
  "registry-mirrors": [""]

systemctl daemon-reload
systemctl restart docker

5: Network optimization

vim /etc/sysctl.conf
net.ipv4.ip_forward=1  'Turn on routing forwarding to facilitate the host to contact the container'

sysctl -p  'Validate profile'

service network restart   
systemctl restart docker

docker version        'docker Version information'

docker search nginx        'Find the specified image'

docker pull nginx

AUFS(Federated file system) several layers of download

Download and store in /var/lib/docker

vim /var/lib/docker/image/overlay2/repositories.json       //The directory for storing image management data is named after the storage driver used, and the driver used is overlay 2.

docker images    //View and download image information

REPOSITORY       TAG               IMAGE ID                             CREATED                     SIZE
nginx               latest             231d40e811cd                    4 weeks ago                      126MB

docker inspect 231d40e811cd            //Get image information

//Add new label
docker tag nginx:latest nginx:web

docker images | grep nginx

docker rmi nginx:web

//The saved image is named nginx and exists in the current directory
cd /opt/
docker save -o nginx nginx:latest    'Back up the image in the container to the host directory'

ls -lh nginx

//Load image
 Method 1: docker load < nginx     'Re import the mirrored backup from the host into the container'
Method 2: docker --input nginx      

6: Upload image (for reference only)

//Change label
docker tag nginx:latest abner/nginx:wed      // User name / warehouse Name: image name
//Sign in
docker login
Username: docker
docker push abner/nginx:web

7: Container operation

//Container creation
docker create -it nginx:latest /bin/bash

//Look at the container
docker ps -a

CONTAINERID          IMAGE                 COMMAND                 CREATED                       STATUS       PORTS       NAMES
6c9aabe7b1e5         nginx:latest          "/bin/bash"            About a minute ago            Created                         adoring_dijks

//Start container
docker start 6c9aabe7b1e5

//The viewing status is up
docker ps -a
CONTAINERID         IMAGE                 COMMAND           CREATED                   STATUS                    PORTS         NAMES
6c9aabe7b1e5          nginx:latest         "/bin/bash"           2 minutes ago           Up 36 seconds        80/tcp        adoring_dijks

//Start and execute the command to view the system root directory
docker pull paigeeworld/centos7
docker create -it paigeeworld/centos7 /bin/bash
docker start 31c5e232b074

docker run paigeeworld/centos7 /usr/bin/bash -c ls /   ## -c ls / after execution, the container will be released for parallel calculation: one-time calculation such as data analysis and data cleaning

//The status of direct closing after execution is Exited

//Continuous execution in the background
docker run -d paigeeworld/centos7 /bin/bash -c "while true;do echo hello;done"

docker ps -a
CONTAINERID               IMAGE                             COMMAND                                 STATUS                PORTS                    NAMES
a029cbf81e0c           paigeeworld/centos7          /bin/bash -c "while..."             19 seconds ago        Up 18 seconds

//Terminate operation
docker stop a029cbf81e0c

//Container entry
docker ps -a
//Display nginx container status
6c9aabe7b1e5            nginx:latest           "/bin/bash"            18 minutes ago         Exited(0)5 seconds ago
docker start 6c9aabe7b1e5((must be running)
docker stop b7dfb848b414  
docker exec -it 6c9aabe7b1e5 /bin/bash
exit//Exit container

//Container export
docker export 6c9aabe7b1e5 > nginx_c
//Container import (generates a mirror instead of creating a container)
cat nginx_c A docker import - nginx:web

//Delete container
docker rm 4d8dcf51a4ef
//Batch delete container
docker ps -a | awk '{print"docker rm "$1}' | bash

8: Creation of Docker image

Docker image

  • Standard format applied to publishing
  • Support the operation of a Docker container

Creating method of Docker image

  • Create based on existing image
  • Create based on local template
  • Create based on Dockerfile

8.1: create based on the existing image container

Package the program and running environment running in the container to generate a new image
docker commit [options] container ID / name warehouse Name: [label]
-m description information
-a author information
-p stop the operation of the container during generation

//Create container
docker create  -it centos:7 /bin/bash
docker commit -m "new" -a "daoke" c83aee844ae0 daoke:test 'This way id Is an existing container id'
docker images A grep daoke

8.2: create based on local template

Generate a new image by importing the operating system template file
Use the wget command to import as a local image

'The previous command can be omitted for reference only'

Drag the module package into the virtual machine and execute the next command
cat debian-7.O-x86-minimaI.tar.gz  | docker import - daoke:new
docker images | grep new

8.3: Dockerfile file

Dockerfile operation instruction
FROM image: Specifies the image on which the new image is based. The first instruction must be a FROM instruction. One FROM instruction is required for each image created

MAINTAINER Name: description of MAINTAINER information
RUN command: execute the command on the image based on and submit it to the new image. Commands executed in containers

CMD [running program, parameter 1, parameter 2]: Specifies the instructions that will be executed only when the container is started. If multiple instructions are specified, only the last one will be executed

Export: the port exposed by the container, not the mapped port

ENV environment variable value: set the environment variable, which will be used by RUN later

ADD source file / directory target file / Directory: copy the source file to the target file. The source file should be in the same directory or a URL as the dockerfile. Put the host file into the container

COPY source file / directory target file / Directory: COPY files inside the container

VOLUME [directory]: data VOLUME container. The host shared directory can be used by the container, and the mount point can be created in the container

USER user name / UID: Specifies the USER of the container runtime

WORKDIR path: specify the working directory for subsequent RUN, CMD and ENTRYPOINT, which is equivalent to cd in the container

ONBUILD: Specifies the runtime command required when the generated image is used as a basic image

Heathcheck: health check

Layering of Docker image

  • Each instruction in Dockerfile creates a new mirror layer
  • The mirror layer is cached and reused
  • When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image layer cache will become invalid
  • After the mirror cache of a certain layer fails, the mirror layer cache after it will fail
  • The mirror layer is immutable. If you add a file in one layer and delete it in the next layer, the file will still be included in the mirror
mkdir apache
cd apache

vim Dockerfile

'Base image based on'
FROM centos:7
'Maintain the user information of the image'
MAINTAINER The porject <
'Image operation instruction installation apache Software'
RUN yum -y update  'Upgrade all packages,System version and kernel, change software settings and system settings'
RUN yum -y install httpd
'Open port 80'
'Copy the home page file of the website'
ADD index.html /var/www/html/index.html   'Host computer html Copy the file into the container to generate a home page'
'Copy the execution script to the image'
ADD /   'Put the host execution script into the container'
RUN chmod 755 /
'Execute script when starting container'
CMD ["/"]


rm -rf /run/httpd/*  'If so apche Empty and execute'
exec /usr/sbin/apachectl -D FOREGROUND   'Force start apache'

Write some data in the web page
echo "web test" > index.html

//Generate image and create container
docker build -t httpd:centos .(Be careful not to forget at the end".")
'During the creation process, an instruction opens the container once and discards it after opening.'

//New mirror run container
docker run -d -p 1216:80 httpd:centos  'Mapping between container port and host port'

http: //

Summary: the image creation principle of Dockerfile is to create a new image based on a basic image. The commands in the Dockerfile file are executed one by one and need to be executed in the container (Note: the commands here are in the new image). Therefore, each command needs to create a new image layer. When executing the next command, the image layer of the previous command will disappear because of resource problems, It is impossible that all image layers will exist all the time. They must be released after the command is executed. After the Dockerfile is executed, two images will be generated, one is based on the basic image, and the other is the user-defined image generated based on the basic image. At this time, the image has no container, and the Dockerfile commands encapsulated one by one are stored in the image, so docker build -t httpd:centos is required To generate an image, execute the Dockerfile command one by one, such as yum -y install httpd... After that, there will be a service, and a container will be created along with it.

Tags: Docker

Posted by JKinBlack on Sun, 08 May 2022 03:07:41 +0300