Crazy God Theory docker basic chapter

Learning links

1, Docker overview

1. Why does docker appear?

One product: development – online two sets of environments! Application environment, application configuration!
Development - operation and maintenance. Question: I can allow it on my computer! Service unavailable due to version update! Is it a big test for operation and maintenance?
The environment configuration is very troublesome. Every machine needs to deploy the environment (cluster Redis, ES, Hadoop...)! It takes a lot of trouble.
Release a project (jar + (Redis MySQL JDK ES)). Can the project be installed and packaged with the environment!
Previously, configuring an application environment Redis MySQL JDK ES Hadoop on the server was too cumbersome to cross platform.
The development environment is Windows, and finally released to Linux!

Tradition: development jar, operation and maintenance to do!
Now: development, packaging, deployment and launch, and a set of processes are completed!
Android process: java - apk - publish (app store) one three, use apk and install it!
Docker process: Java jar (environment) - packaged project with environment (image) - (docker warehouse: store)-----
Docker has proposed solutions to the above problems!

2.Docker's idea comes from the container!

JRE – multiple applications (Port conflict) – originally, they are all cross!
Isolation: the core idea of docker! Packing! Each box is isolated from each other. Docker can make full use of the server through the isolation mechanism!
Essence: all technologies are learned because there are some problems that we need to solve!

3. Why is docker so popular?

Before container technology came out, we all used virtual machine technology!
We can install more than one virtual machine through VMware! Bulky!
Virtual machine also belongs to virtualization technology. Docker container technology is also a kind of virtualization technology!

  • VM: Linux CentOS native image (one computer!) Isolate and open multiple virtual machines! A few G's, a few minutes.
  • docker: isolation. The image (the core environment 4m + jdk + mysql) is very compact. Just run the image! Small! A few M seconds to start!

4. What can docker do?

Compare Docker and virtual machine technologies:

  • The traditional virtual machine virtualizes a piece of hardware, runs a complete operating system, and then installs and runs software on this system
  • The applications in the container run directly on the content of the host. The container does not have its own kernel or virtual hardware, so it is light
  • Each container is isolated from each other, and each container has its own file system, which does not affect each other

5.DevOps (development, operation and maintenance)

  • Faster delivery and deployment of applications
    Traditional: a pair of help documents, installer.
    Docker: the packaged image release test runs with one click.
  • More convenient upgrade and capacity expansion
    After using Docker, we deploy the application just like building blocks. The project is packaged into an image to expand server A! Server B
  • More efficient utilization of computing resources
    Docker is kernel level virtualization, which can run many container instances on a physical machine! Server performance can be squeezed to the extreme.

2, Docker installation

1. Basic composition of docker

  • Image:
    The docker image is like a target, through which container services can be created. The tomcat image = = > Run = = > container (providing server). Through this image, multiple containers can be created (the final service running or project running is in the container).

  • Container:
    Docker uses container technology to run one or a group of applications independently and create them through image Start, stop, delete, basic commands. At present, this container can be understood as a simple Linux system.

  • Repository:
    The warehouse is where the image is stored! Warehouses are divided into public warehouses and private warehouses. (very similar to git)Docker Hub is foreign. Alicloud... All have container servers (configure image acceleration)

2. Install Docker

Environment preparation, Linux requires kernel 3.0 or above

➜  ~ uname -r    
4.15.0-96-generic # Requirements above 3.0
➜  ~ cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID_LIKE="rhel fedora"
PRETTY_NAME="CentOS Linux 7 (Core)"


  • install
#1. Uninstall the old version
yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
#2. Required installation package
yum install -y yum-utils
#3. Set the warehouse of the image
yum-config-manager \
    --add-repo \
#The default is from abroad, not recommended
#Domestic is recommended
yum-config-manager \
    --add-repo \
#Update yum package index
yum makecache fast
#4. Install docker CE community version related to docker, while ee is enterprise version
yum install docker-ce docker-ce-cli
#6. Use docker version to check whether it is successful
docker version

#7. Test
➜  ~ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:

#8. Check the downloaded image
➜  ~ docker images         
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
hello-world           latest              bf756fb1ae65        4 months ago        13.3kB

Understanding: uninstalling docker

#1. Uninstall dependency
yum remove docker-ce docker-ce-cli
#2. Delete resources
rm -rf /var/lib/docker
# /var/lib/docker is the default working path of docker!

start-up docker
systemctl start docker
 Set startup and self startup
systemctl enable docker

Add alicloud image download address (fast download)

vi /etc/docker/daemon.json
"registry-mirrors": ["",

Just restart docker

sudo systemctl restart docker
  • Alibaba cloud image acceleration
    1. Log in to alicloud and find the container service
    2. Mirror accelerator found

3. Configuration use

  • HelloWorld

  • docker run flowchart:

3. Underlying principle

How does Docker work?
Docker is a client server system. The daemon of docker runs on the host. Access from the client through Socket!

Docker server will execute this command after receiving the docker client instruction!

Why is Docker faster than Vm
1. Docker has fewer abstraction layers than virtual machines. Because docker does not need Hypervisor to realize hardware resource virtualization, the programs running on the docker container directly use the hardware resources of the actual physical machine. Therefore, docker will have obvious advantages in efficiency in terms of CPU and memory utilization.

2. docker uses the kernel of the host computer instead of Guest OS.

GuestOS: system (OS) in VM (virtual machine);

HostOS: System in physical machine (OS);
Therefore, when creating a new container, docker does not need to reload an operating system kernel like the virtual machine. However, avoiding booting and loading the operating system kernel is a time-consuming and resource-consuming process. When creating a new virtual machine, the virtual machine software needs to load GuestOS, and the new process is at the minute level. Because docker directly uses the operating system of the host, this complex process is omitted. Therefore, it only takes a few seconds to create a docker container.

3, Common commands of Docker

1. Help command

docker version    #Displays the version information of docker.
docker info       #Displays the system information of docker, including the number of images and containers
docker command --help #Help command
#Address of help document:

2. Mirror command

docker images #To view images on all local hosts, you can use docker image ls instead
docker search Search image
docker pull Download Image docker image pull
docker rmi delete mirror docker image rm

docker images view images on all local hosts

➜  ~ docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
mysql                 5.7                 e73346bdf465        24 hours ago        448MB
# explain
#REPOSITORY			# Mirrored warehouse source
#TAG				# Mirrored label
#IMAGE ID			# id of the mirror
#CREATED			# Creation time of image
#SIZE				# Mirror size
# Optional
  -a, --all             Show all images (default hides intermediate images) #List all mirrors
  -q, --quiet           Only show numeric IDs # Only the id of the image is displayed
➜  ~ docker images -aq #Show all mirrored id

docker pull Download Image

# Download Image docker pull image name [: tag]
➜  ~ docker pull tomcat:8
8: Pulling from library/tomcat #If you do not write tag, the default is latest
90fe46dd8199: Already exists   #Layered Download: the core federated file system of docker image
35a4f1977689: Already exists 
bbc37f14aded: Already exists 
74e27dc593d4: Already exists 
93a01fbfad7f: Already exists 
1478df405869: Pull complete 
64f0dd11682b: Pull complete 
68ff4e050d11: Pull complete 
f576086003cf: Pull complete 
3b72593ce10e: Pull complete 
Digest: sha256:0c6234e7ec9d10ab32c06423ab829b32e3183ba5bf2620ee66de866df640a027  # Signature anti-counterfeiting
Status: Downloaded newer image for tomcat:8 #Real address

#Equivalent to
docker pull tomcat:8
docker pull

docker rmi delete image

➜  ~ docker rmi -f image id #Deletes the specified image
➜  ~ docker rmi -f image id image id image id image id#Deletes the specified image
➜  ~ docker rmi -f $(docker images -aq) #Delete all mirrors

Note: only when we have an image can we create a container. For Linux, Download centos image to learn

➜  ~ docker container     
Usage:  docker container COMMAND
Manage containers
  attach      Attach local standard input, output, and error streams to a running container
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  inspect     Display detailed information on one or more containers
  kill        Kill one or more running containers
  logs        Fetch the logs of a container
  ls          List containers
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  run         Run a command in a new container
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes
Run 'docker container COMMAND --help' for more information on a command.

Create a new container and start

docker run [Optional parameters] image | docker container run [Optional parameters] image 
#Reference notes
--name="Name"		Container name tomcat01 tomcat02 Used to distinguish containers
-d					Run in background mode
-it 				Run in interactive mode and enter the container to view the content
-p					Specify the port of the container -p 8080(Host computer):8080(container)
		-p ip:Host port:Container port
		-p Host port:Container port(Commonly used)
		-p Container port
		Container port
-P(Capitalize) 				Randomly assigned port
# Test, start and enter the container
➜  ~ docker run -it centos /bin/bash
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
8a29a15cefae: Already exists 
Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700
Status: Downloaded newer image for centos:latest
[root@95039813da8d /]# ls
bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@95039813da8d /]# exit #Return the host from the container
➜  ~ ls
shell  user.txt

List all running containers

#docker ps command #Lists the currently running containers
  -a, --all             Show all containers (default shows just running)
  -n, --last int        Show n last created containers (includes all states) (default -1)
  -q, --quiet           Only display numeric IDs
  ➜  ~ docker ps   
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                    NAMES
68729e9654d4        portainer/portainer   "/portainer"             14 hours ago        Up About a minute>9000/tcp   funny_curie
d506a017e951        nginx                 "nginx -g 'daemon of..."   15 hours ago        Up 15 hours>80/tcp     nginx01
➜  ~ docker ps -a
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS                       PORTS                    NAMES
95039813da8d        centos                "/bin/bash"              3 minutes ago       Exited (0) 2 minutes ago                              condescending_pike
1e46a426a5ba        tomcat                " run"        11 minutes ago      Exited (130) 9 minutes ago                            sweet_gould
14bc9334d1b2        bf756fb1ae65          "/hello"                 3 hours ago         Exited (0) 3 hours ago                                amazing_stonebraker
f10d60f473f5        bf756fb1ae65          "/hello"                 3 hours ago         Exited (0) 3 hours ago                                dreamy_germain
68729e9654d4        portainer/portainer   "/portainer"             14 hours ago        Up About a minute  >9000/tcp   funny_curie
677cde5e4f1d        elasticsearch         "/docker-entrypoint...."   15 hours ago        Exited (143) 8 minutes ago                            elasticsearch
33eb3f70b4db        tomcat                " run"        15 hours ago        Exited (143) 8 minutes ago                            tomcat01
d506a017e951        nginx                 "nginx -g 'daemon of..."   15 hours ago        Up 15 hours        >80/tcp     nginx01
24ce2db02e45        centos                "/bin/bash"              16 hours ago        Exited (0) 15 hours ago                               hopeful_faraday
42267d1ad80b        bf756fb1ae65          "/hello"                 16 hours ago        Exited (0) 16 hours ago                               ecstatic_sutherland
➜  ~ docker ps -aq

Exit container

exit #Container exit directly
ctrl +P +Q #The container does not stop exiting

Delete container

docker rm container id   #Delete the specified container. You cannot delete the running container. If you want to forcibly delete rm -rf
docker rm -f $(docker ps -aq)  #Deletes the specified container
docker ps -a -q|xargs docker rm  #Delete all containers

Start and stop container operation

docker start container id	#Start container
docker restart container id	#Restart container
docker stop container id	#Stop the currently running container
docker kill container id	#Force stop of current container

4. Other common commands

Background start command

# Command docker run -d image name
➜  ~ docker run -d centos
➜  ~ docker ps           
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
# Problem docker ps. found centos stopped
# In the common pit, when the docker container runs in the background, there must be a foreground process. When docker finds that there is no application, it will automatically stop
# nginx, when the container starts and finds that it does not provide services, it will stop immediately, that is, there is no program

view log

docker logs --help
      --details        Show extra details provided to logs 
*  -f, --follow         Follow log output
      --since string   Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
*      --tail string    Number of lines to show from the end of the logs (default "all")
*  -t, --timestamps     Show timestamps
      --until string   Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
➜  ~ docker run -d centos /bin/sh -c "while true;do echo 6666;sleep 1;done" #Simulation log      
#Show log
-tf		#Display log information (always updated)
--tail number #Number of logs to be displayed
docker logs -t --tail n container id #View n-line log
docker logs -ft container id #Follow the log

View process information in container

[root@mydocker ~]# docker top 5ab838e523d0
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                106154              106136              4                   14:18               pts/1               00:00:00            python

View the metadata of the image

# command
docker inspect container id
➜  ~ docker inspect 55321bcae33d
        "Id": "55321bcae33d15da8280bcac1d2bc1141d213bcc8f8e792edfd832ff61ae5066",
        "Created": "2020-05-15T05:22:05.515909071Z",
        "Path": "/bin/sh",

Enter the currently running container

# We usually use the background mode to run the container. We need to enter the container and modify some configurations
# command 
docker exec -it container id bashshell
➜  ~ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
55321bcae33d        centos              "/bin/sh -c 'while t..."   10 minutes ago      Up 10 minutes                           bold_bell
a7215824a4db        centos              "/bin/sh -c 'while t..."   13 minutes ago      Up 13 minutes                           zen_kepler
55a31b3f8613        centos              "/bin/bash"              15 minutes ago      Up 15 minutes                           lucid_clarke
➜  ~ docker exec -it 55321bcae33d /bin/bash
[root@55321bcae33d /]# 

# Mode 2 
docker attach container id
docker attach 55321bcae33d 
Executing current code...
#docker exec #After entering the current container, open a new terminal, which can be operated inside. (common)
#docker attach # Enter the terminal where the container is executing

Copy from container to host

docker cp container id:In container path host destination path
#Enter the docker container
➜  ~ docker exec -it  55321bcae33d /bin/bash 
[root@55321bcae33d /]# ls
bin  etc   lib    lost+found  mnt  proc  run   srv  tmp  var
dev  home  lib64  media       opt  root  sbin  sys  usr
#Create a new file
[root@55321bcae33d /]# echo "hello" >
[root@55321bcae33d /]# cat 
[root@55321bcae33d /]# exit
➜  ~ docker cp 55321bcae33d:/ /    #Copy
➜  ~ cd /              
➜  / ls  #You can see Java Java exists
bin   home            lib         mnt   run       sys  vmlinuz
boot  initrd.img      lib64       opt   sbin      tmp  vmlinuz.old
dev   initrd.img.old  lost+found  proc  srv       usr  wget-log
etc       media       root  swapfile  var  

4, Summary

All commands of Docker

Docker command help document (important)

  attach      Attach local standard input, output, and error streams to a running container
  #The image of the specified operation of the attach connection under the current shell
  build       Build an image from a Dockerfile # Customized image through Dockerfile
  commit      Create a new image from a container's changes #Commit the current container as a new image
  cp          Copy files/folders between a container and the local filesystem #Copy file
  create      Create a new container #Create a new container
  diff        Inspect changes to files or directories on a container's filesystem #View the changes of docker container
  events      Get real time events from the server # Get container real time from service
  exec        Run a command in a running container # Running commands on a running container
  export      Export a container's filesystem as a tar archive #Export the container file system as a tar archive [corresponding to import]
  history     Show the history of an image # Show a mirror formation history
  images      List images #Lists the current mirrors of the system
  import      Import the contents from a tarball to create a filesystem image #Import content from the tar package to create a file system image
  info        Display system-wide information # Display system wide information
  inspect     Return low-level information on Docker objects #View container details
  kill        Kill one or more running containers # kill specifies the docker container
  load        Load an image from a tar archive or STDIN #Load an image from a tar package or standard input [corresponding to save]
  login       Log in to a Docker registry #
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

5, Homework practice

Three jobs:

  • Job 1 tells us the importance of exposing ports;
  • Assignment 2 tells us the importance of entering the container;
  • Job 3 tells us the importance of viewing the current container state and how to modify the environment in which the container runs.

Job 1: Docker installation Nginx

#1. Search image search recommends that you search in docker and you can see the help documents
#2. Pull the image pull
#3. Operation test
# -d background operation
# --Name name the container
# -p host port: container internal port
➜  ~ docker run -d --name nginx00 -p 3344:80 nginx
➜  ~ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
75943663c116        nginx               "nginx -g 'daemon of..."   41 seconds ago      Up 40 seconds>80/tcp   nginx00
➜  ~ curl localhost:3344   #test
<!DOCTYPE html>,,,,

Port exposure diagram:

Thinking question: every time we change the nginx configuration file, we need to enter the container? It's very troublesome. If you can provide a mapping path outside the container to modify the file name in the container, it can be automatically modified inside the container? → data volume!

Homework 2: docker to install a tomcat

# Official use
docker run -it --rm tomcat:9.0
# The previous startup was in the background. If the container is stopped, the container can still be found
# docker run -it --rm image is generally used for testing and deleting after use (not recommended for the time being)
--rm       Automatically remove the container when it exits
docker pull tomcat
#Start operation
docker run -d -p 8080:8080 --name tomcat01 tomcat
#Is there a problem with the test access
curl localhost:8080

#Enter container
➜  ~ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
db09851cf82e        tomcat              " run"   28 seconds ago      Up 27 seconds>8080/tcp   tomcat01
➜  ~ docker exec -it db09851cf82e /bin/bash             
# Problems found: 1. There are few linux commands. 2. No webapps
# Alibaba cloud image (castrated version). In order to ensure the minimum image, it eliminates all unnecessary images → ensure the minimum runnable environment!

Question to consider: we will deploy the project in the future. Is it very troublesome if we have to enter the container every time? If we can provide a mapping path outside the container, webapps, and we place items outside, we can automatically synchronize the inside!

Job 3: deploy es+kibana

# es exposed many ports!
# es consumes a lot of memory
# The data of es generally needs to be placed in the security directory! mount 
# --net somenetwork ?  network configuration

# Download and start elasticsearch (Docker will finish it in one step)
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2

# Test whether es is started successfully
➜  ~ curl localhost:9200
  "name" : "d73ad2f22dd3",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "atFKgANxS8CzgIyCB8PGxA",
  "version" : {
    "number" : "7.6.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
    "build_date" : "2020-03-26T06:34:37.794943Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  "tagline" : "You Know, for Search"
# Check the memory usage of docker container (refresh every second, which is also a memory consuming command)
➜  ~ docker stats 
#Close, add the memory limit, modify the configuration file -e, and modify the environment configuration
➜  ~ docker rm -f d73ad2f22dd3                                                  
➜  ~ docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.6.2

Job: using kibana to connect es? Think about how the network can connect.

6, Docker image explanation

  • What is mirroring
    Image is a kind of lightweight and executable independent software, which is used to package the software running environment and the software developed based on the running environment. It contains all the contents required to run a software, including code, runtime, environment variables and configuration files. All applications and environments can be directly packaged into a docker image and run directly.

1.Docker image loading principle

  • UnionFs (Federated file system)
    When we download, we see layers of downloads. That's it.
    Union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the superposition of file system modifications from one submission to another. At the same time, different directories can be mounted into a single virtual file system. The union file system is the foundation of Docker image. Images can be inherited through layering. Based on the basic image (without parent image), various specific application images can be made.
    Features: multiple file systems can be loaded at the same time, but from the outside, only one file system can be seen. Joint loading will overlay all layers of file systems, so that the final file system will contain all underlying files and directories.

  • Docker image loading principle
    The image of docker is actually composed of a layer by layer file system, which is called UnionFS.
    boots(boot file system) mainly includes bootloader and kernel. Bootloader is mainly boot plus kernel. Linux will add bootfs file system when it is just started. boots is at the bottom of Docker image. This layer is the same as our typical Linux/Unix system, including boot loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs.
    rootfs (root file system), above bootfs. It contains standard directories and files such as / dev,/proc,/bin,/etc in a typical Linux system. rootfs is a variety of operating system distributions, such as Ubuntu, Centos and so on.

Usually, the CentOS we install into the virtual machine are several G's. why is Docker only 200M here?
For a thin OS,rootfs can be very small. You only need to package the most basic commands, tools and program libraries. Because the underlying layer directly uses the Host kernel, you only need to provide rootfs. It can be seen that for different Linux distributions, boots are basically the same, and rootfs will be different, so different distributions can share bootfs

The virtual machine is at the minute level and the container is at the second level!

2. Layered understanding

We can download an image and pay attention to the log output of the download. We can see that it is downloading layer by layer.

Thinking: why does Docker image adopt this hierarchical structure?

The biggest benefit, I think, is resource sharing! For example, if multiple images are built from the same base image, the host only needs to keep one base image on the disk, and only one base image needs to be loaded in the memory. In this way, it can serve all containers, and each layer of the image can be shared.

You can view the image hierarchy through the docker image inspect command

➜  / docker image inspect redis          
        "Id": "sha256:f9b9909726890b00d2098081642edf32e5211b7ab53563929a47f250bcdc1d7c",
        "RepoTags": [
        "RepoDigests": [
        "Parent": "",
        "Comment": "",
        "Created": "2020-05-02T01:40:19.112130797Z",
        "Container": "d30c0bcea88561bc5139821227d2199bb027eeba9083f90c701891b4affce3bc",
        "ContainerConfig": {
            "Hostname": "d30c0bcea885",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "6379/tcp": {}
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
            "Cmd": [
                "#(nop) ",
                "CMD [\"redis-server\"]"
            "ArgsEscaped": true,
            "Image": "sha256:704c602fa36f41a6d2d08e49bd2319ccd6915418f545c838416318b3c29811e0",
            "Volumes": {
                "/data": {}
            "WorkingDir": "/data",
            "Entrypoint": [
            "OnBuild": null,
            "Labels": {}
        "DockerVersion": "18.09.7",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "6379/tcp": {}
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
            "Cmd": [
            "ArgsEscaped": true,
            "Image": "sha256:704c602fa36f41a6d2d08e49bd2319ccd6915418f545c838416318b3c29811e0",
            "Volumes": {
                "/data": {}
            "WorkingDir": "/data",
            "Entrypoint": [
            "OnBuild": null,
            "Labels": null
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 104101893,
        "VirtualSize": 104101893,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/adea96bbe6518657dc2d4c6331a807eea70567144abda686588ef6c3bb0d778a/diff:/var/lib/docker/overlay2/66abd822d34dc6446e6bebe73721dfd1dc497c2c8063c43ffb8cf8140e2caeb6/diff:/var/lib/docker/overlay2/d19d24fb6a24801c5fa639c1d979d19f3f17196b3c6dde96d3b69cd2ad07ba8a/diff:/var/lib/docker/overlay2/a1e95aae5e09ca6df4f71b542c86c677b884f5280c1d3e3a1111b13644b221f9/diff:/var/lib/docker/overlay2/cd90f7a9cd0227c1db29ea992e889e4e6af057d9ab2835dd18a67a019c18bab4/diff",
                "MergedDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/merged",
                "UpperDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/diff",
                "WorkDir": "/var/lib/docker/overlay2/afa1de233453b60686a3847854624ef191d7bc317fb01e015b4f06671139fb11/work"
            "Name": "overlay2"
        "RootFS": {
            "Type": "layers",
            "Layers": [
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"


All Docker images start from a basic image layer. When modifying or adding new content, a new image layer will be created above the current image layer.
For a simple example, if it is based on Ubuntu linux16 04 create a new image, which is the first layer of the new image; If you add a Python package to this image,
A second mirror layer will be created above the basic mirror layer; If you continue to add a security patch, the third image layer will be created. This image already contains three image layers, as shown in the figure below (this is just a simple example for demonstration).

It is important to understand that while adding additional mirror layers, the mirror remains the combination of all current mirrors. The following figure shows a simple example. Each mirror layer contains three files, while the mirror contains six files from two mirror layers.
The image layer in the above figure is slightly different from that in the previous figure. The main purpose is to facilitate the display of files
The following figure shows a slightly complex three-tier image. Externally, there are only six files in the entire image, because file 7 in the top layer is a newer version of file 5

In the case of languages, the files in the upper image layer overwrite the files in the lower image layer. This allows the updated version of the file to be added to the image as a new image layer. Docker realizes the image layer stack through the storage engine (the new version adopts the snapshot mechanism), and ensures that multiple image layers are displayed as a unified file system. AUFS, Overlay2, Device Mapper, Btrfs, and ZFS are available on Linux. As the name suggests, each storage engine is based on the corresponding in Linux.
File system or block device technology, and each storage engine has its unique performance characteristics. Docker only supports a Windows filter storage engine on windows, which implements layering and cow based on NTFS file system [1].
The following figure shows the same three-tier image as the system display. All mirror layers are stacked and combined to provide a unified view.

Docker images are read-only. When the container starts, a new writable layer is loaded on the top of the image! This layer is what we usually call the container layer. What is under the container is called the mirror layer!

3.commit image

docker commit Submit the container as a new copy

# The principle of the command is similar to that of git
docker commit -m="Description information" -a="author" container id Target image name:[TAG]

Actual test

# 1. Start a default tomcat
docker run -d -p 8080:8080 tomcat
# 2. It is found that the default tomcat has no webapps application, and there are no files under the official image default webapps!
docker exec -it container id
# 3. Copy the file in

# 4. Adjust the operated container into an image through commit! We can use our modified image in the future. This is our own modified image.
docker commit -m="Description information" -a="author" container id Target image name:[TAG]
docker commit -a="kuangshen" -m="add webapps app" container id tomcat02:1.0

If you want to save the state of the current container, you can submit it through commit to obtain an image, just as we use the snapshot of the virtual machine.

Successful entry!!!!

Tags: Linux Docker

Posted by py343 on Sun, 08 May 2022 13:31:22 +0300