Basic knowledge review of Docker relearning series

Basic knowledge review of Docker relearning series

Docker

What is Docker

Official definition

# 1. Official introduction
- We have a complete container solution for you - no matter who you are and where you are on your containerization journey.
- translate: We provide you with a complete container solution,Whoever you are,Wherever you are,You can start the journey of the container.
- Official definition: docker Is a container technology.
copy

Origin of Docker

Docker was originally an internal project initiated by Solomon Hykes, the founder of dotCloud company, during his stay in France. It is an innovation based on cloud service technology of dotCloud company for many years. It was open-source under Apache 2.0 license agreement in March 2013, and the main project code is maintained on GitHub. The docker project later joined the Linux foundation and established the alliance to promote open containers (OCI).

Docker has received extensive attention and discussion since it was open source. So far, its GitHub project has more than 57000 stars and more than 10000 fork s. Even due to the popularity of docker project, dotCloud decided to change its name to docker at the end of 2013. Docker was originally developed and implemented on Ubuntu 12.04; Red Hat supports docker from RHEL 6.5; Google also widely uses docker in its PaaS products.

Docker is developed and implemented in Go language introduced by Google. Based on cgroup and namespace of Linux kernel and Union FS of overlay FS, docker encapsulates and isolates processes, which belongs to virtualization technology at the operating system level. Because the isolated process is independent of the host and other isolated processes, it is also called a container.

Why Docker

  • During development, it can run in the native test environment, but not in the production environment Here we take java Web application as an example. A java Web application involves many things, such as jdk, tomcat, mysql and other software environments. When one of these versions is inconsistent, the application may not run. Docker packages the program and the software environment directly, ensuring the consistency of the environment on any machine. Advantage 1: consistent operating environment and easier migration
  • The server's own program hung up. It was found that someone else's program had a problem and ran out of memory. Its own program hung up because there was not enough memory This is also a common situation. If your program is not particularly important, it is basically impossible for the company to let your program share a server. At this time, your server will share a server with other programs in the company, so it will inevitably be disturbed by other programs, resulting in problems in your own program. Docker solves the problem of environmental isolation, and other programs will not affect their own programs. Advantage 2: the process is encapsulated and isolated, and containers do not affect each other, making more efficient use of system resources
  • If the company wants to get an activity, a large amount of traffic may come in, and the company needs to deploy dozens of more servers In the absence of Docker, dozens of servers need to be deployed within a few days, which is a very painful thing for operation and maintenance. Moreover, the environment of each server is not necessarily the same, there will be various problems, and the scalp of the final deployment will be numb. With Docker, I only need to package the program into the image, and I can run as many containers as you want, which greatly improves the deployment efficiency. Advantage 3: copy N multiple environment consistent containers through mirroring

Difference between Docker and virtual machine

About the difference between Docker and virtual machine, I found a picture on the Internet, which is very intuitively and vividly displayed. I don't say much, but directly go to the figure above.

Comparing the above two figures, we find that the virtual machine carries the operating system, but the small application becomes very large and cumbersome because it carries the operating system. Docker does not carry the operating system, so the application of docker is very lightweight. In addition, when calling the host's CPU, disk and other resources, take memory as an example. The virtual machine uses the Hypervisor to virtualize memory. The whole calling process is virtual memory - > virtual physical memory - > real physical memory, but docker uses Docker Engine to call the host's resources. At this time, the process is virtual memory - > real physical memory.

Traditional virtual machine

Docker container

Disk occupancy

A few GB to dozens of GB or so

Tens of MB to hundreds of MB or so

CPU memory usage

The virtual operating system takes up a lot of CPU and memory

Docker engine occupies very low

Starting speed

(from Startup to running the project) a few minutes

(from opening the container to running the project) a few seconds

Installation management

Special operation and maintenance technology is required

Convenient installation and management

Application deployment

Every deployment takes time and effort

Easy and simple from the second deployment

Coupling

Multiple application services are installed together, which is easy to affect each other

Each application service has a container to achieve isolation

System dependence

nothing

Requires the same or similar kernel. Currently, Linux is recommended

Installation of Docker

Install docker(centos7.x)

bash installation (common to all platforms)

The core architecture of Docker

  • Image: an image represents an application environment. It is a read-only file, such as mysql image, tomcat image, nginx image, etc

An image is a piece of software. The image is read-only and cannot be written

  • Container: after each operation of the image, a container is generated, that is, the running image, which is readable and writable

A container represents a running software service

  • Warehouse: the location where images are stored. Similar to maven warehouse, it is also the location where images are downloaded and uploaded

Remote warehouse: similar to maven's central warehouse Local warehouse: the image downloaded from the remote warehouse is saved to the local warehouse. The default local warehouse path is: / var/lib/docker

  • dockerFile:docker generates an image configuration file, which is used to write some configurations of user-defined images
  • tar: a file packaged for the image, which can be restored to the image in the future

Docker configures Alibaba image acceleration service

docker running process

docker configuring alicloud image acceleration

  • Visit alicloud to log in to your account and view the docker image acceleration service
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://lz2nib3q.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
copy
  • Verify whether the image acceleration of docker is effective
[root@localhost ~]# docker info
		..........
    127.0.0.0/8
   Registry Mirrors:
    'https://lz2nib3q.mirror.aliyuncs.com/'
   Live Restore Enabled: false
   Product License: Community Engine
copy

Common commands

Auxiliary command

# 1. Installation completion auxiliary command
		docker version	--------------------------	see docker Information
		docker info		--------------------------	View more details
		docker --help	--------------------------	Help command
copy

Images mirroring command

# 1. View all images in this machine
	docker images	--------------------------	List all local mirrors
		-a			List all mirrors (including intermediate image layer)
  	-q			Show only mirrors id
  	docker images Image name --->Only the images related to the specified image name are listed

# 2. Search image
	docker search [options] Image name	-------------------	go dockerhub Query current image on
		-s Specified value		Lists mirrors with a collection number of at least the specified value
  	--no-trunc	  Display complete image information

# 3. Download the image from the warehouse
	docker pull Image name[:TAG|@DIGEST]	----------------- Download Image

# 4. Delete image
	docker rmi Image name	--------------------------  delete mirror
		-f		Force deletion
copy

Contractor container command

# 1. Operating the container
	docker run Image name	--------------------------	Image name creates a new and starts the container
    --name 					Alias gives a name to the container
    -d							Start the daemon container (start the container in the background)
    -p 							Mapping port number: original port number		 Specify the port number to start

	Example: docker run -it --name myTomcat -p 8888:8080 tomcat
   	 docker run -d --name myTomcat -P tomcat

# 2. View running containers
	docker ps					--------------------------	List all running containers
	-a			Running and historically running containers
	-q			In silent mode, only the container number is displayed

# 3. Stop | close | restart the container
	docker start   Container name or container id  --------------- Open container
	docker restart Container name or container id    --------------- Restart container
	docker stop  Container name or container id 	    ------------------ Stop the operation of the container normally
	docker kill  Container name or container id      ------------------ Stop the container immediately
	docker pause Container name or container id
	docker unpause Container name or container id

# 4. Delete container
	docker rm -f container id And container name     
	docker rm -f $(docker ps -aq)		--------------------------	Delete all containers

# 5. View the process in the container
	docker top container id Or container name ------------------ View the processes in the container

# 6. Check the internal details of the container
	docker inspect container id 		------------------ View container interior details

# 7. Check the operation log of the container
	docker logs [OPTIONS] container id Or container name	------------------ View container log
    -t			 Add timestamp
    -f			 Follow the latest log print
    --tail 	 number	Show the last number

# 8. Enter the container
	docker exec [options] container id In container command ------------------ Enter the container and execute the command
		-i		Run the container in interactive mode, usually with-t Use together
    -t		Assign a pseudo terminal    shell window   bash 

# 9. Copy files between container and host
	docker cp file|Directory container id:Container path           -----------------   Copy the host to the inside of the container
	docker cp container id:Resource path in container host directory path  -----------------   Copy the resources in the container to the host

# 10. The data volume can share the directory with the host
	docker run -v Host path|Any alias:/Path image name within the container
		be careful: 
				1.If it is a host, the path must be absolute,The host directory overwrites the contents of the directory in the container,The original data in the container will be emptied first,Then copy the data under the host directory
				2.If it is an alias, it will be displayed in the docker Automatically create a directory in the host when running the container,And copy the container directory file to the host
	              Keep the original contents of the path in the container by alias,The path corresponding to the prerequisite alias cannot have a file
	              be careful: If alias exists,docker Direct use,Otherwise, an alias directory is automatically created,The default creation path is/var/lib/docker/volumes           
	
    docker run -v Path to the host|Any alias:/Path within container:ro  Image name
    
    here ro It means that only the host can read and write the container data volume, while the operations on the data volume in the container can only be read-only and cannot be added, deleted or modified
       
# 11. Package image
		docker save Image name -o  name-tag.tar
		tag Equivalent version,You'd better mark the version

# 12. Load image
		docker load -i   name-tag.tar

# 13. Package the container into a new image
	  docker commit -m "Description information" -a "Author information"   (container id Or (name) the name of the packaged image:label
copy

Image principle of docker

What is mirroring?

Image is a lightweight and executable independent software package, which is used to package the software running environment and the software developed based on the running environment. It contains all the contents required to run a software, including code, libraries required for runtime, environment variables and configuration files.

However, such an image structure can still be optimized. We can extract the parts that can be reused. For example, all software service bottom layers need to rely on the operating system core library to run, so the operating system core library can be extracted and reused. For all java software, jdk is necessary, so jdk can also be extracted and reused. See the following for details:

Why is a mirror so big?

Mirror image is a scroll

  • UnionFS (Federated file system) - file overlay system Union file system is a layered, lightweight and high-performance file system. It supports the modification of the file system as a superposition of layers submitted at one time. At the same time, different directories can be mounted under the same virtual file system. The union file system is the foundation of Docker image. This file system feature: multiple file systems are loaded at the same time, but from the outside, only one file system can be seen. Joint loading will overlay all layers of file systems, so that the final file system will contain all underlying files and directories.

Reusing the underlying components can package the core library of the operating system and the jdk running environment into a basic image for use by java programs, so that the underlying images of other java programs can share this basic image. When downloading multiple java related software service images in our local warehouse, the base image only needs to be downloaded once to save disk space consumption

However, not all the underlying software services are implemented in java, so the jdk environment is also dispensable, so it can be further subdivided:

But in fact, it can be subdivided. Some software can run in different linux distributions, so that the image of the core library of the underlying operating system can continue to be split

Although we have carried out detailed splitting, we often superimpose multiple file systems when using them. For example, we superimpose the operating system core library file system, jdk environment, tomcat dependency library and software service file system to form an external table, which looks like an overall federated file system, that is, tomcat image

Docker image principle

The image of docker is actually composed of file systems layer by layer.

  • Bootfs (boot file system) mainly includes bootloader and kernel. Bootloader is mainly used to boot and load the kernel. Bootfs file system will be loaded when Linux starts. At the bottom of the docker image is bootfs. This layer is the same as Linux/Unix system, including boot loader and kernel. When the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, bootfs will be unloaded.
  • rootfs (root file system), on top of bootfs, contains standard directories and files such as / dev, / proc, / bin, / etc in a typical linux system. rootfs is a variety of operating system distributions, such as Ubuntu/CentOS and so on.
  • We usually install centos into virtual machines with 1 to several GB. Why is docker only 200MB? For a streamlined OS, rootfs can be very small. It only needs to include the most basic commands, tools, and program libraries. Because the underlying layer directly uses the Kernal of the Host, it only needs to provide rootfs. It can be seen that different linux distributions have the same bootfs and different rootfs. Therefore, different distributions can share bootfs.

Why does the docker image adopt this hierarchical structure?

One of the biggest benefits is resource sharing

  • For example, if multiple images are built from the same base image, the host only needs to save one base image in the disk. At the same time, only one base image needs to be loaded in memory to serve all containers. And every layer of the image can be shared. Docker images are read-only. When the container starts, a new writable layer is loaded on top of the image. This layer is usually called the container layer, and below the container layer is called the mirror layer.

Posted by thegame261 on Tue, 10 May 2022 11:26:35 +0300