Learning links
- Crazy God said station B video
- Learning docker
- Using docker
- docker official document
- dockerhub official website
1, Docker overview
1. Why does docker appear?
One product: development – online two sets of environments! Application environment, application configuration!
Development - operation and maintenance. Question: I can allow it on my computer! Service unavailable due to version update! Is it a big test for operation and maintenance?
The environment configuration is very troublesome. Every machine needs to deploy the environment (cluster Redis, ES, Hadoop...)! It takes a lot of trouble.
Release a project (jar + (Redis MySQL JDK ES)). Can the project be installed and packaged with the environment!
Previously, configuring an application environment Redis MySQL JDK ES Hadoop on the server was too cumbersome to cross platform.
The development environment is Windows, and finally released to Linux!
Tradition: development jar, operation and maintenance to do!
Now: development, packaging, deployment and launch, and a set of processes are completed!
Android process: java - apk - publish (app store) one three, use apk and install it!
Docker process: Java jar (environment) - packaged project with environment (image) - (docker warehouse: store)-----
Docker has proposed solutions to the above problems!
2.Docker's idea comes from the container!
JRE – multiple applications (Port conflict) – originally, they are all cross!
Isolation: the core idea of docker! Packing! Each box is isolated from each other. Docker can make full use of the server through the isolation mechanism!
Essence: all technologies are learned because there are some problems that we need to solve!
3. Why is docker so popular?
Before container technology came out, we all used virtual machine technology!
We can install more than one virtual machine through VMware! Bulky!
Virtual machine also belongs to virtualization technology. Docker container technology is also a kind of virtualization technology!
- VM: Linux CentOS native image (one computer!) Isolate and open multiple virtual machines! A few G's, a few minutes.
- docker: isolation. The image (the core environment 4m + jdk + mysql) is very compact. Just run the image! Small! A few M seconds to start!
4. What can docker do?
Compare Docker and virtual machine technologies:
- The traditional virtual machine virtualizes a piece of hardware, runs a complete operating system, and then installs and runs software on this system
- The applications in the container run directly on the content of the host. The container does not have its own kernel or virtual hardware, so it is light
- Each container is isolated from each other, and each container has its own file system, which does not affect each other
5.DevOps (development, operation and maintenance)
- Faster delivery and deployment of applications
Traditional: a pair of help documents, installer.
Docker: the packaged image release test runs with one click. - More convenient upgrade and capacity expansion
After using Docker, we deploy the application just like building blocks. The project is packaged into an image to expand server A! Server B - More efficient utilization of computing resources
Docker is kernel level virtualization, which can run many container instances on a physical machine! Server performance can be squeezed to the extreme.
2, Docker installation
1. Basic composition of docker
-
Image:
The docker image is like a target, through which container services can be created. The tomcat image = = > Run = = > container (providing server). Through this image, multiple containers can be created (the final service running or project running is in the container). -
Container:
Docker uses container technology to run one or a group of applications independently and create them through image Start, stop, delete, basic commands. At present, this container can be understood as a simple Linux system. -
Repository:
The warehouse is where the image is stored! Warehouses are divided into public warehouses and private warehouses. (very similar to git)Docker Hub is foreign. Alicloud... All have container servers (configure image acceleration)
2. Install Docker
Environment preparation, Linux requires kernel 3.0 or above
➜ ~ uname -r 4.15.0-96-generic # Requirements above 3.0 ➜ ~ cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
- install
#1. Uninstall the old version
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#2. Required installation package
yum install -y yum-utils
#3. Set the warehouse of the image
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#The default is from abroad, not recommended
#Domestic is recommended
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#Update yum package index
yum makecache fast
#4. Install docker CE community version related to docker, while ee is enterprise version
yum install docker-ce docker-ce-cli containerd.io
#6. Use docker version to check whether it is successful
docker version
#7. Test
➜ ~ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
#8. Check the downloaded image
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest bf756fb1ae65 4 months ago 13.3kB
Understanding: uninstalling docker
#1. Uninstall dependency yum remove docker-ce docker-ce-cli containerd.io #2. Delete resources rm -rf /var/lib/docker # /var/lib/docker is the default working path of docker!
start-up docker systemctl start docker Set startup and self startup systemctl enable docker
Add alicloud image download address (fast download)
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://qqmbqch0.mirror.aliyuncs.com",
"https://hub-mirror.c.163.com/",
"https://reg-mirror.qiniu.com"]
}
Just restart docker
sudo systemctl restart docker
- Alibaba cloud image acceleration
1. Log in to alicloud and find the container service
2. Mirror accelerator found
3. Configuration use
- HelloWorld
- docker run flowchart:
3. Underlying principle
How does Docker work?
Docker is a client server system. The daemon of docker runs on the host. Access from the client through Socket!
Docker server will execute this command after receiving the docker client instruction!
Why is Docker faster than Vm
1. Docker has fewer abstraction layers than virtual machines. Because docker does not need Hypervisor to realize hardware resource virtualization, the programs running on the docker container directly use the hardware resources of the actual physical machine. Therefore, docker will have obvious advantages in efficiency in terms of CPU and memory utilization.
2. docker uses the kernel of the host computer instead of Guest OS.
GuestOS: system (OS) in VM (virtual machine);
HostOS: System in physical machine (OS);
Therefore, when creating a new container, docker does not need to reload an operating system kernel like the virtual machine. However, avoiding booting and loading the operating system kernel is a time-consuming and resource-consuming process. When creating a new virtual machine, the virtual machine software needs to load GuestOS, and the new process is at the minute level. Because docker directly uses the operating system of the host, this complex process is omitted. Therefore, it only takes a few seconds to create a docker container.
3, Common commands of Docker
1. Help command
docker version #Displays the version information of docker. docker info #Displays the system information of docker, including the number of images and containers docker command --help #Help command #Address of help document: https://docs.docker.com/engine/reference/commandline/build/
2. Mirror command
docker images #To view images on all local hosts, you can use docker image ls instead docker search Search image docker pull Download Image docker image pull docker rmi delete mirror docker image rm
docker images view images on all local hosts
➜ ~ docker images REPOSITORY TAG IMAGE ID CREATED SIZE mysql 5.7 e73346bdf465 24 hours ago 448MB # explain #REPOSITORY # Mirrored warehouse source #TAG # Mirrored label #IMAGE ID # id of the mirror #CREATED # Creation time of image #SIZE # Mirror size # Optional Options: -a, --all Show all images (default hides intermediate images) #List all mirrors -q, --quiet Only show numeric IDs # Only the id of the image is displayed ➜ ~ docker images -aq #Show all mirrored id e73346bdf465 d03312117bb0 d03312117bb0 602e111c06b6 2869fc110bf7 470671670cac bf756fb1ae65 5acf0e8da90b
docker pull Download Image
# Download Image docker pull image name [: tag] ➜ ~ docker pull tomcat:8 8: Pulling from library/tomcat #If you do not write tag, the default is latest 90fe46dd8199: Already exists #Layered Download: the core federated file system of docker image 35a4f1977689: Already exists bbc37f14aded: Already exists 74e27dc593d4: Already exists 93a01fbfad7f: Already exists 1478df405869: Pull complete 64f0dd11682b: Pull complete 68ff4e050d11: Pull complete f576086003cf: Pull complete 3b72593ce10e: Pull complete Digest: sha256:0c6234e7ec9d10ab32c06423ab829b32e3183ba5bf2620ee66de866df640a027 # Signature anti-counterfeiting Status: Downloaded newer image for tomcat:8 docker.io/library/tomcat:8 #Real address #Equivalent to docker pull tomcat:8 docker pull docker.io/library/tomcat:8
docker rmi delete image
➜ ~ docker rmi -f image id #Deletes the specified image ➜ ~ docker rmi -f image id image id image id image id#Deletes the specified image ➜ ~ docker rmi -f $(docker images -aq) #Delete all mirrors
Note: only when we have an image can we create a container. For Linux, Download centos image to learn
➜ ~ docker container Usage: docker container COMMAND Manage containers Commands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem exec Run a command in a running container export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more running containers logs Fetch the logs of a container ls List containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all stopped containers rename Rename a container restart Restart one or more containers rm Remove one or more containers run Run a command in a new container start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codes Run 'docker container COMMAND --help' for more information on a command.
Create a new container and start
docker run [Optional parameters] image | docker container run [Optional parameters] image #Reference notes --name="Name" Container name tomcat01 tomcat02 Used to distinguish containers -d Run in background mode -it Run in interactive mode and enter the container to view the content -p Specify the port of the container -p 8080(Host computer):8080(container) -p ip:Host port:Container port -p Host port:Container port(Commonly used) -p Container port Container port -P(Capitalize) Randomly assigned port # Test, start and enter the container ➜ ~ docker run -it centos /bin/bash Unable to find image 'centos:latest' locally latest: Pulling from library/centos 8a29a15cefae: Already exists Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700 Status: Downloaded newer image for centos:latest [root@95039813da8d /]# ls bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [root@95039813da8d /]# exit #Return the host from the container exit ➜ ~ ls shell user.txt
List all running containers
#docker ps command #Lists the currently running containers -a, --all Show all containers (default shows just running) -n, --last int Show n last created containers (includes all states) (default -1) -q, --quiet Only display numeric IDs ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 68729e9654d4 portainer/portainer "/portainer" 14 hours ago Up About a minute 0.0.0.0:8088->9000/tcp funny_curie d506a017e951 nginx "nginx -g 'daemon of..." 15 hours ago Up 15 hours 0.0.0.0:3344->80/tcp nginx01 ➜ ~ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 95039813da8d centos "/bin/bash" 3 minutes ago Exited (0) 2 minutes ago condescending_pike 1e46a426a5ba tomcat "catalina.sh run" 11 minutes ago Exited (130) 9 minutes ago sweet_gould 14bc9334d1b2 bf756fb1ae65 "/hello" 3 hours ago Exited (0) 3 hours ago amazing_stonebraker f10d60f473f5 bf756fb1ae65 "/hello" 3 hours ago Exited (0) 3 hours ago dreamy_germain 68729e9654d4 portainer/portainer "/portainer" 14 hours ago Up About a minute 0.0.0.0:8088->9000/tcp funny_curie 677cde5e4f1d elasticsearch "/docker-entrypoint...." 15 hours ago Exited (143) 8 minutes ago elasticsearch 33eb3f70b4db tomcat "catalina.sh run" 15 hours ago Exited (143) 8 minutes ago tomcat01 d506a017e951 nginx "nginx -g 'daemon of..." 15 hours ago Up 15 hours 0.0.0.0:3344->80/tcp nginx01 24ce2db02e45 centos "/bin/bash" 16 hours ago Exited (0) 15 hours ago hopeful_faraday 42267d1ad80b bf756fb1ae65 "/hello" 16 hours ago Exited (0) 16 hours ago ecstatic_sutherland ➜ ~ docker ps -aq 95039813da8d 1e46a426a5ba 14bc9334d1b2 f10d60f473f5 68729e9654d4 677cde5e4f1d 33eb3f70b4db d506a017e951 24ce2db02e45 42267d1ad80b
Exit container
exit #Container exit directly ctrl +P +Q #The container does not stop exiting
Delete container
docker rm container id #Delete the specified container. You cannot delete the running container. If you want to forcibly delete rm -rf docker rm -f $(docker ps -aq) #Deletes the specified container docker ps -a -q|xargs docker rm #Delete all containers
Start and stop container operation
docker start container id #Start container docker restart container id #Restart container docker stop container id #Stop the currently running container docker kill container id #Force stop of current container
4. Other common commands
Background start command
# Command docker run -d image name ➜ ~ docker run -d centos a8f922c255859622ac45ce3a535b7a0e8253329be4756ed6e32265d2dd2fac6c ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES # Problem docker ps. found centos stopped # In the common pit, when the docker container runs in the background, there must be a foreground process. When docker finds that there is no application, it will automatically stop # nginx, when the container starts and finds that it does not provide services, it will stop immediately, that is, there is no program
view log
docker logs --help
Options:
--details Show extra details provided to logs
* -f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
* --tail string Number of lines to show from the end of the logs (default "all")
* -t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
➜ ~ docker run -d centos /bin/sh -c "while true;do echo 6666;sleep 1;done" #Simulation log
#Show log
-tf #Display log information (always updated)
--tail number #Number of logs to be displayed
docker logs -t --tail n container id #View n-line log
docker logs -ft container id #Follow the log
View process information in container
[root@mydocker ~]# docker top 5ab838e523d0 UID PID PPID C STIME TTY TIME CMD root 106154 106136 4 14:18 pts/1 00:00:00 python app.py
View the metadata of the image
# command
docker inspect container id
#test
➜ ~ docker inspect 55321bcae33d
[
{
"Id": "55321bcae33d15da8280bcac1d2bc1141d213bcc8f8e792edfd832ff61ae5066",
"Created": "2020-05-15T05:22:05.515909071Z",
"Path": "/bin/sh",
...
}
]
Enter the currently running container
# We usually use the background mode to run the container. We need to enter the container and modify some configurations # command docker exec -it container id bashshell #test ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55321bcae33d centos "/bin/sh -c 'while t..." 10 minutes ago Up 10 minutes bold_bell a7215824a4db centos "/bin/sh -c 'while t..." 13 minutes ago Up 13 minutes zen_kepler 55a31b3f8613 centos "/bin/bash" 15 minutes ago Up 15 minutes lucid_clarke ➜ ~ docker exec -it 55321bcae33d /bin/bash [root@55321bcae33d /]#
# Mode 2 docker attach container id #test docker attach 55321bcae33d Executing current code... difference #docker exec #After entering the current container, open a new terminal, which can be operated inside. (common) #docker attach # Enter the terminal where the container is executing
Copy from container to host
docker cp container id:In container path host destination path #Enter the docker container ➜ ~ docker exec -it 55321bcae33d /bin/bash [root@55321bcae33d /]# ls bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr #Create a new file [root@55321bcae33d /]# echo "hello" > java.java [root@55321bcae33d /]# cat java.java hello [root@55321bcae33d /]# exit exit ➜ ~ docker cp 55321bcae33d:/java.java / #Copy ➜ ~ cd / ➜ / ls #You can see Java Java exists bin home lib mnt run sys vmlinuz boot initrd.img lib64 opt sbin tmp vmlinuz.old dev initrd.img.old lost+found proc srv usr wget-log etc java.java media root swapfile var
4, Summary
All commands of Docker
Docker command help document (important)
attach Attach local standard input, output, and error streams to a running container #The image of the specified operation of the attach connection under the current shell build Build an image from a Dockerfile # Customized image through Dockerfile commit Create a new image from a container's changes #Commit the current container as a new image cp Copy files/folders between a container and the local filesystem #Copy file create Create a new container #Create a new container diff Inspect changes to files or directories on a container's filesystem #View the changes of docker container events Get real time events from the server # Get container real time from service exec Run a command in a running container # Running commands on a running container export Export a container's filesystem as a tar archive #Export the container file system as a tar archive [corresponding to import] history Show the history of an image # Show a mirror formation history images List images #Lists the current mirrors of the system import Import the contents from a tarball to create a filesystem image #Import content from the tar package to create a file system image info Display system-wide information # Display system wide information inspect Return low-level information on Docker objects #View container details kill Kill one or more running containers # kill specifies the docker container load Load an image from a tar archive or STDIN #Load an image from a tar package or standard input [corresponding to save] login Log in to a Docker registry # logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes
5, Homework practice
Three jobs:
- Job 1 tells us the importance of exposing ports;
- Assignment 2 tells us the importance of entering the container;
- Job 3 tells us the importance of viewing the current container state and how to modify the environment in which the container runs.
Job 1: Docker installation Nginx
#1. Search image search recommends that you search in docker and you can see the help documents #2. Pull the image pull #3. Operation test # -d background operation # --Name name the container # -p host port: container internal port ➜ ~ docker run -d --name nginx00 -p 3344:80 nginx 75943663c116f5ed006a0042c42f78e9a1a6a52eba66311666eee12e1c8a4502 ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75943663c116 nginx "nginx -g 'daemon of..." 41 seconds ago Up 40 seconds 0.0.0.0:3344->80/tcp nginx00 ➜ ~ curl localhost:3344 #test <!DOCTYPE html>,,,,
Port exposure diagram:
Thinking question: every time we change the nginx configuration file, we need to enter the container? It's very troublesome. If you can provide a mapping path outside the container to modify the file name in the container, it can be automatically modified inside the container? → data volume!
Homework 2: docker to install a tomcat
# Official use docker run -it --rm tomcat:9.0 # The previous startup was in the background. If the container is stopped, the container can still be found # docker run -it --rm image is generally used for testing and deleting after use (not recommended for the time being) --rm Automatically remove the container when it exits #download docker pull tomcat #Start operation docker run -d -p 8080:8080 --name tomcat01 tomcat #Is there a problem with the test access curl localhost:8080 #Enter container ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES db09851cf82e tomcat "catalina.sh run" 28 seconds ago Up 27 seconds 0.0.0.0:8080->8080/tcp tomcat01 ➜ ~ docker exec -it db09851cf82e /bin/bash root@db09851cf82e:/usr/local/tomcat# # Problems found: 1. There are few linux commands. 2. No webapps # Alibaba cloud image (castrated version). In order to ensure the minimum image, it eliminates all unnecessary images → ensure the minimum runnable environment!
Question to consider: we will deploy the project in the future. Is it very troublesome if we have to enter the container every time? If we can provide a mapping path outside the container, webapps, and we place items outside, we can automatically synchronize the inside!
Job 3: deploy es+kibana
# es exposed many ports!
# es consumes a lot of memory
# The data of es generally needs to be placed in the security directory! mount
# --net somenetwork ? network configuration
# Download and start elasticsearch (Docker will finish it in one step)
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2
# Test whether es is started successfully
➜ ~ curl localhost:9200
{
"name" : "d73ad2f22dd3",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "atFKgANxS8CzgIyCB8PGxA",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
# Check the memory usage of docker container (refresh every second, which is also a memory consuming command)
➜ ~ docker stats
#Close, add the memory limit, modify the configuration file -e, and modify the environment configuration ➜ ~ docker rm -f d73ad2f22dd3 ➜ ~ docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.6.2
Job: using kibana to connect es? Think about how the network can connect.
6, Docker image explanation
- What is mirroring
Image is a kind of lightweight and executable independent software, which is used to package the software running environment and the software developed based on the running environment. It contains all the contents required to run a software, including code, runtime, environment variables and configuration files. All applications and environments can be directly packaged into a docker image and run directly.
1.Docker image loading principle
-
UnionFs (Federated file system)
When we download, we see layers of downloads. That's it.
Union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the superposition of file system modifications from one submission to another. At the same time, different directories can be mounted into a single virtual file system. The union file system is the foundation of Docker image. Images can be inherited through layering. Based on the basic image (without parent image), various specific application images can be made.
Features: multiple file systems can be loaded at the same time, but from the outside, only one file system can be seen. Joint loading will overlay all layers of file systems, so that the final file system will contain all underlying files and directories. -
Docker image loading principle
The image of docker is actually composed of a layer by layer file system, which is called UnionFS.
boots(boot file system) mainly includes bootloader and kernel. Bootloader is mainly boot plus kernel. Linux will add bootfs file system when it is just started. boots is at the bottom of Docker image. This layer is the same as our typical Linux/Unix system, including boot loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs.
rootfs (root file system), above bootfs. It contains standard directories and files such as / dev,/proc,/bin,/etc in a typical Linux system. rootfs is a variety of operating system distributions, such as Ubuntu, Centos and so on.
Usually, the CentOS we install into the virtual machine are several G's. why is Docker only 200M here?
For a thin OS,rootfs can be very small. You only need to package the most basic commands, tools and program libraries. Because the underlying layer directly uses the Host kernel, you only need to provide rootfs. It can be seen that for different Linux distributions, boots are basically the same, and rootfs will be different, so different distributions can share bootfs
The virtual machine is at the minute level and the container is at the second level!
2. Layered understanding
We can download an image and pay attention to the log output of the download. We can see that it is downloading layer by layer.
Thinking: why does Docker image adopt this hierarchical structure?
The biggest benefit, I think, is resource sharing! For example, if multiple images are built from the same base image, the host only needs to keep one base image on the disk, and only one base image needs to be loaded in the memory. In this way, it can serve all containers, and each layer of the image can be shared.
You can view the image hierarchy through the docker image inspect command
➜ / docker image inspect redis
[
{
"Id": "sha256:f9b9909726890b00d2098081642edf32e5211b7ab53563929a47f250bcdc1d7c",
"RepoTags": [
"redis:latest"
],
"RepoDigests": [
"redis@sha256:399a9b17b8522e24fbe2fd3b42474d4bb668d3994153c4b5d38c3dafd5903e32"
],
"Parent": "",
"Comment": "",
"Created": "2020-05-02T01:40:19.112130797Z",
"Container": "d30c0bcea88561bc5139821227d2199bb027eeba9083f90c701891b4affce3bc",
"ContainerConfig": {
"Hostname": "d30c0bcea885",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.12",
"REDIS_VERSION=6.0.1",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.0.1.tar.gz",
"REDIS_DOWNLOAD_SHA=b8756e430479edc162ba9c44dc89ac394316cd482f2dc6b91bcd5fe12593f273"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"redis-server\"]"
],
"ArgsEscaped": true,
"Image": "sha256:704c602fa36f41a6d2d08e49bd2319ccd6915418f545c838416318b3c29811e0",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "18.09.7",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.12",
"REDIS_VERSION=6.0.1",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.0.1.tar.gz",
"REDIS_DOWNLOAD_SHA=b8756e430479edc162ba9c44dc89ac394316cd482f2dc6b91bcd5fe12593f273"
],
"Cmd": [
"redis-server"
],
"ArgsEscaped": true,
"Image": "sha256:704c602fa36f41a6d2d08e49bd2319ccd6915418f545c838416318b3c29811e0",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 104101893,
"VirtualSize": 104101893,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/adea96bbe6518657dc2d4c6331a807eea70567144abda686588ef6c3bb0d778a/diff:/var/lib/docker/overlay2/66abd822d34dc6446e6bebe73721dfd1dc497c2c8063c43ffb8cf8140e2caeb6/diff:/var/lib/docker/overlay2/d19d24fb6a24801c5fa639c1d979d19f3f17196b3c6dde96d3b69cd2ad07ba8a/diff:/var/lib/docker/overlay2/a1e95aae5e09ca6df4f71b542c86c677b884f5280c1d3e3a1111b13644b221f9/diff:/var/lib/docker/overlay2/cd90f7a9cd0227c1db29ea992e889e4e6af057d9ab2835dd18a67a019c18bab4/diff",
"MergedDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/merged",
"UpperDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/diff",
"WorkDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:c2adabaecedbda0af72b153c6499a0555f3a769d52370469d8f6bd6328af9b13",
"sha256:744315296a49be711c312dfa1b3a80516116f78c437367ff0bc678da1123e990",
"sha256:379ef5d5cb402a5538413d7285b21aa58a560882d15f1f553f7868dc4b66afa8",
"sha256:d00fd460effb7b066760f97447c071492d471c5176d05b8af1751806a1f905f8",
"sha256:4d0c196331523cfed7bf5bafd616ecb3855256838d850b6f3d5fba911f6c4123",
"sha256:98b4a6242af2536383425ba2d6de033a510e049d9ca07ff501b95052da76e894"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
understand:
All Docker images start from a basic image layer. When modifying or adding new content, a new image layer will be created above the current image layer.
For a simple example, if it is based on Ubuntu linux16 04 create a new image, which is the first layer of the new image; If you add a Python package to this image,
A second mirror layer will be created above the basic mirror layer; If you continue to add a security patch, the third image layer will be created. This image already contains three image layers, as shown in the figure below (this is just a simple example for demonstration).
It is important to understand that while adding additional mirror layers, the mirror remains the combination of all current mirrors. The following figure shows a simple example. Each mirror layer contains three files, while the mirror contains six files from two mirror layers.
The image layer in the above figure is slightly different from that in the previous figure. The main purpose is to facilitate the display of files
The following figure shows a slightly complex three-tier image. Externally, there are only six files in the entire image, because file 7 in the top layer is a newer version of file 5
.
In the case of languages, the files in the upper image layer overwrite the files in the lower image layer. This allows the updated version of the file to be added to the image as a new image layer. Docker realizes the image layer stack through the storage engine (the new version adopts the snapshot mechanism), and ensures that multiple image layers are displayed as a unified file system. AUFS, Overlay2, Device Mapper, Btrfs, and ZFS are available on Linux. As the name suggests, each storage engine is based on the corresponding in Linux.
File system or block device technology, and each storage engine has its unique performance characteristics. Docker only supports a Windows filter storage engine on windows, which implements layering and cow based on NTFS file system [1].
The following figure shows the same three-tier image as the system display. All mirror layers are stacked and combined to provide a unified view.
Docker images are read-only. When the container starts, a new writable layer is loaded on the top of the image! This layer is what we usually call the container layer. What is under the container is called the mirror layer!
3.commit image
docker commit Submit the container as a new copy # The principle of the command is similar to that of git docker commit -m="Description information" -a="author" container id Target image name:[TAG]
Actual test
# 1. Start a default tomcat docker run -d -p 8080:8080 tomcat # 2. It is found that the default tomcat has no webapps application, and there are no files under the official image default webapps! docker exec -it container id # 3. Copy the file in # 4. Adjust the operated container into an image through commit! We can use our modified image in the future. This is our own modified image. docker commit -m="Description information" -a="author" container id Target image name:[TAG] docker commit -a="kuangshen" -m="add webapps app" container id tomcat02:1.0
If you want to save the state of the current container, you can submit it through commit to obtain an image, just as we use the snapshot of the virtual machine.
Successful entry!!!!