Docker's two-hour introduction

1. Introduction

1.1 what is docker

Docker was originally an internal project launched by Solomon Hykes, the founder of dotCloud company, during his stay in France. It was open-source under the Apache 2.0 license agreement in March 2013. The main project code is maintained on GitHub.

Docker is developed and implemented in Go language launched by Google.

docker is an encapsulation of Linux container, which provides a simple and easy-to-use container interface. It is the most popular Linux container solution.

The interface of docker is quite simple. Users can easily create and destroy containers.

docker packages applications and program dependencies in a file. Running this file will generate a virtual container.

The program runs in a virtual container, just as it runs on a real physical machine. With docker, you don't have to worry about the environment.

1.2 application scenarios

Automatic packaging and publishing of web applications

Automated testing and continuous integration and release

Deploy and adjust databases or other applications in a service-oriented environment

1.3 differences

1. Physical machine

2. Virtual machine

3. docker container

1.4 three concepts and advantages of docker

  • Mirror image
  • container
  • Warehouse repository

Advantages of docker container

1. More efficient use of system resources

Because the container does not need additional overhead such as hardware virtualization and running a complete operating system, Docker has a higher utilization of system resources.

Whether it is application execution speed, memory loss or file storage speed, it is more efficient than traditional virtual machine technology. Therefore, compared with virtual machine technology, a host with the same configuration can often run more applications.

2. Faster startup time

The traditional virtual machine technology often takes several minutes to start the application service, while the Docker container application can achieve the start-up time of seconds or even milliseconds because it runs directly in the host kernel and does not need to start the complete operating system. It greatly saves the time of development, testing and deployment.

3. Consistent operating environment

A common problem in the development process is the consistency of the environment. Because the development environment, test environment and production environment are inconsistent, some bug s have not been found in the development process.

The Docker image provides a complete runtime environment other than the kernel, ensuring the consistency of the application running environment, so that there will be no problems such as "this code is OK on my machine".

4. Continuous delivery and deployment

For development and operation and maintenance (DevOps) personnel, what they want most is to create or configure it at one time, and it can run normally anywhere.

Using Docker, continuous integration, continuous delivery and deployment can be realized by customizing application images. Developers can build the image through Dockerfile and conduct integration test in combination with continuous integration system, while operation and maintenance personnel can quickly deploy the image directly in the production environment, or even automatically deploy it in combination with continuous delivery / deployment system.

Moreover, the use of Dockerfile makes the image construction transparent, which not only enables the development team to understand the application running environment, but also facilitates the operation and maintenance team to understand the conditions required for application running, and helps deploy the image in a better production environment.

5. Easier migration

Because docker ensures the consistency of the execution environment, it makes the migration of applications easier. Docker can run on many platforms, whether it is physical machine, virtual machine, public cloud, private cloud or even notebook, and its running results are consistent.

Therefore, users can easily migrate applications running on one platform to another platform without worrying about the failure of applications to run normally due to changes in the operating environment.

2. Docker installation

System environment: docker supports CentOS 7 at least and is on 64 bit platform with kernel version above 3.10

Version: community version, enterprise version (including some paid services)

Official installation tutorial (English)

https://docs.docker.com/install/linux/docker-ce/centos/#upgrade-docker-after-using-the-convenience-script

Blog master installation tutorial:

#Install docker
yum install docker
#Start docker
systemctl start/status docker 
#View docker startup status
docker version 

Configure accelerator

Introduction: DaoCloud accelerator is a popular Docker tool, which solves the problem of slow access to Docker Hub by domestic users. DaoCloud accelerator combines domestic CDN service and protocol layer optimization to double the download speed.

DaoCloud official website:

https://www.daocloud.io/mirror#accelerator-doc

#A command accelerates (remember to restart docker)
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://95822026.m.daocloud.io

3. Docker basic command

docker --help (Chinese annotation)

Usage:
docker [OPTIONS] COMMAND [arg...]
       docker daemon [ --help | ... ]
       docker [ --help | -v | --version ]
A
self-sufficient runtime for containers.

Options:
  --config=~/.docker              Location of client config files  #Location of client profile
  -D, --debug=false               Enable debug mode  #Enable Debug debug mode
  -H, --host=[]                   Daemon socket(s) to connect to  #Socket connection of daemon
  -h, --help=false                Print usage  #Print use
  -l, --log-level=info            Set the logging level  #Set log level
  --tls=false                     Use TLS; implied by--tlsverify  #
  --tlscacert=~/.docker/ca.pem    Trust certs signed only by this CA  #Trust certificate signing CA
  --tlscert=~/.docker/cert.pem    Path to TLS certificate file  #TLS certificate file path
  --tlskey=~/.docker/key.pem      Path to TLS key file  #TLS key file path
  --tlsverify=false               Use TLS and verify the remote  #Remote authentication using TLS
  -v, --version=false             Print version information and quit  #Print version information and exit

Commands:
    attach    Attach to a running container  #The attach connection under the current shell specifies the running image
    build     Build an image from a Dockerfile  #Customized image through Dockerfile
    commit    Create a new image from a container's changes  #Commit the current container as a new image
    cp    Copy files/folders from a container to a HOSTDIR or to STDOUT  #Copy the specified file or directory from the container to the host
    create    Create a new container  #Create a new container, the same as run # but do not start the container
    diff    Inspect changes on a container's filesystem  #View docker container changes
    events    Get real time events from the server#Get container real-time events from docker service
    exec    Run a command in a running container#Run the command on an existing container
    export    Export a container's filesystem as a tar archive  #Export the content stream of the container as a tar Archive (corresponding to import)
    history    Show the history of an image  #Show a mirror formation history
    images    List images  #Lists the current image of the system
    import    Import the contents from a tarball to create a filesystem image  #Create a new file system image from the contents of the tar package (corresponding to export)
    info    Display system-wide information  #Display system related information
    inspect    Return low-level information on a container or image  #View container details
    kill    Kill a running container  #kill specifies the docker container
    load    Load an image from a tar archive or STDIN  #Load an image from a tar package (corresponding to save)
    login    Register or log in to a Docker registry#Register or log in to a docker source server
    logout    Log out from a Docker registry  #Exit from the current Docker registry
    logs    Fetch the logs of a container  #Output current container log information
    pause    Pause all processes within a container#Pause container
    port    List port mappings or a specific mapping for the CONTAINER  #View the internal source port of the container corresponding to the mapped port
    ps    List containers  #List containers
    pull    Pull an image or a repository from a registry  #Pull the specified image or library image from the docker image source server
    push    Push an image or a repository to a registry  #Push the specified image or library image to the docker source server
    rename    Rename a container  #Rename container
    restart    Restart a running container  #Restart the running container
    rm    Remove one or more containers  #Remove one or more containers
    rmi    Remove one or more images  #Remove one or more images (the image can be deleted only if there is no container. Otherwise, you need to delete the relevant container to continue or -f force the deletion)
    run    Run a command in a new container  #Create a new container and run a command
    save    Save an image(s) to a tar archive#Save an image as a tar package (corresponding to load)
    search    Search the Docker Hub for images  #In docker
hub Search for images in
    start    Start one or more stopped containers#Start container
    stats    Display a live stream of container(s) resource usage statistics  #Statistics container usage resources
    stop    Stop a running container  #Stop container
    tag         Tag an image into a repository  #Label the image in the source
    top       Display the running processes of a container #View the process information running in the container
    unpause    Unpause all processes within a container  #Unsuspend container
    version    Show the Docker version information#View container version number
    wait         Block until a container stops, then print its exit code  #Intercept the exit status value when the container stops

Run 'docker COMMAND --help' for more information on a command.  #Run the docker command to get more information in the help
docker search  hello-docker  #Search the image of Hello docker
docker search centos #Search centos image
docker pull hello-docker #Get centos image
docker run  hello-world   #Run a docker image to generate a container instance (you can also run through the first three digits of the image id)
docker image ls  #View all local mirrors
docker images  #View docker image
docker image rmi hello-docker #Delete centos image
docker ps  #List the running containers (if no process is running in the created container, the container will stop immediately)
docker ps -a  #List all container records that have been run
docker save centos > /opt/centos.tar.gz  #Export docker image to local
docker load < /opt/centos.tar.gz   #Import local image to docker image library
docker stop  `docker ps -aq`  #Stop all running containers
docker  rm `docker ps -aq`    #Delete all container records at once
docker rmi  `docker images -aq`   #Delete all local mirror records at once

3.1 two ways to start the container

Containers run applications, so they must be based on an operating system

1. Create a new container based on the image and start it

# 1. Running a docker in the background
docker run -d centos /bin/sh -c "while true;do echo Running; sleep 1;done"
    #- d) background running container
    #/ bin/sh , specifies the bash interpreter using centos
    #- c) run a shell command
    #"while , true;do , echo , running; sleep , 1;done" in the linux background, printing is running once a second
docker ps  #Check container process
docker  logs  -f  container id/name  #Continuously print the log information of the container
docker stop centos  #Stop container

# 2. Start a bash terminal to allow users to interact
docker run --name mydocker -it centos /bin/bash  
    #-- name -- define a name for the container
    #- i) keep the standard input of the container open
    #- t # let Docker assign a pseudo terminal and bind it to the standard input of the container
    #/ bin/bash , specify the docker container and interact with the shell interpreter

When using docker run to create a container, the steps of Docker running in the background are as follows:

  1. Check whether the specified image exists locally. If it does not exist, download it from the public warehouse
  2. Create and start a container using the image
  3. Allocate a file system and hang it on a read-write layer outside the read-only image layer
  4. Bridge a virtual interface from the bridge interface configured by the host to the container
  5. Configure an ip address from the address pool to the container
  6. Execute user specified applications
  7. The container is terminated after execution

2. Restart a stopped container

[root@localhost ~]# docker ps -a  #Query records first
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS                    NAMES
ee92fcf6f32d        centos              "/bin/bash"              4 days ago          Exited (137) 3 days ago                                kickass_raman

[root@localhost ~]# docker start ee9  #Restart the container
ee9

[root@localhost ~]# docker exec -it  ee9 /bin/bash  #Enter the container interactive interface
[root@ee92fcf6f32d /]#   #Note that the user name has become the container user name

3.2 submit and create custom image

# 1. We entered the interactive centos container and found that there was no vim command
    docker run -it centos
# 2. In the current container, install a vim
    yum install -y vim
# 3. After installing vim, exit exits the container
    exit
# 4. Check the container record of vim just installed
    docker container ls -a
# 5. Submit this container and create a new image
    docker commit 059fdea031ba chaoyu/centos-vim
# 6. View mirrored files
    docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
chaoyu/centos-vim   latest              fd2685ae25fe        5 minutes ago   

3.3 external access container

Network applications can be run in the container, but to allow external access to these applications, you can specify the port mapping through the - P or - P parameter.

docker run -d -P training/webapp python app.py
  #The - P # parameter randomly maps the port to the open network port of the container

#Check mapped ports
docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED            STATUS              PORTS                     NAMES
cfd632821d7a        training/webapp     "python app.py"     21 seconds ago      Up 20 seconds       0.0.0.0:32768->5000/tcp   brave_fermi
#Host ip:32768 # mapping the 5000 port of the container

#View container log information
docker logs -f cfd  # #Continuous display of log

#You can also specify the mapping port through the - p parameter
docker run -d -p 9000:5000 training/webapp python app.py

Open the browser to access the 9000 port of the server, and the content displays Hello world! Indicates normal startup

(if the access fails, check your firewall and the security group of ECS)

4. Using dockerfile to customize image

The image is the basis of the container. Each time docker run is executed, which image will be specified as the basis for the container to run. Our previous examples used images from docker hub. Using these images directly can only meet certain needs. When the images can not meet our needs, we have to customize these images.

Image customization is to customize the configuration and files added by each layer. If you can write the commands of modification, installation, construction and operation of each layer into a script, and use the script to build and customize the image. This script is dockerfile.

Dockerfile is a text file containing instructions. Each instruction builds a layer. Therefore, the content of each instruction is to describe how the layer should be built.

Detailed explanation of parameters

FROM scratch #Make base image basic image and try to use official image as base image
FROM centos #Using base image
FROM ubuntu:14.04 #base image with tag

LABEL version="1.0" #Container meta information, help information, Metadata, similar to code comments
LABEL maintainer="yc_uuu@163.com"

#For complex RUN commands, avoid useless layering. Multiple commands wrap with backslashes to synthesize one command!
RUN yum update && yum install -y vim 
    Python-dev #Backslash wrap
RUN /bin/bash -c "source $HOME/.bashrc;echo $HOME"

WORKDIR /root #Equivalent to the cd command of linux, change the directory and try to use the absolute path!!! Do not use RUN cd
WORKDIR /test #If not, it will be created automatically
WORKDIR demo #Then enter the demo folder
RUN pwd     #The print result should be / test/demo

ADD and COPY 
ADD hello /  #Add the local file to the image and copy the local hello executable file to the / directory of the image
ADD test.tar.gz /  #Add to the root directory and unzip

WORKDIR /root
ADD hello test/  #Enter / root / and add the hello executable command to the test directory, which is an absolute path of / root/test/hello
COPY hello test/  #Equivalent to the above ADD effect

ADD And COPY
   - priority of use COPY command
    -ADD except COPY Function and decompression function
 Add remote file/Directory usage curl or wget

ENV #Environment variables, use ENV as much as possible to increase maintainability
ENV MYSQL_VERSION 5.6 #Set a mysql constant
RUN yum install -y mysql-server="${MYSQL_VERSION}" 

Advanced knowledge (understanding)

VOLUME and EXPOSE 
Storage and networking

RUN and CMD and ENTRYPOINT
RUN: Execute the command and create a new Image Layer
CMD: Set the commands and parameters to be executed by default after the container is started
ENTRYPOINT: Sets the command to run when the container starts

Shell Format and Exec format
RUN yum install -y vim
CMD echo "hello docker"
ENTRYPOINT echo "hello docker"

Exec format
RUN ["apt-get","install","-y","vim"]
CMD ["/bin/echo","hello docker"]
ENTRYPOINT ["/bin/echo","hello docker"]


adopt shell Format to run the command, will read $name Command, and exec The format is to execute only one command, not shell instructions
cat Dockerfile
    FROM centos
    ENV name Docker
    ENTRYPOINT ["/bin/echo","hello $name"]#This is only to execute echo command and cannot read shell variables
    ENTRYPOINT  ["/bin/bash","-c","echo hello $name"]

CMD
 The default command to execute when the container starts
 If docker run Other commands specified(docker run -it [image] /bin/bash ),CMD Command ignored
 If you define more than one CMD,Only the last execution

ENTRYPOINT
 Let the container run as an application or service
 It will not be ignored and will be implemented
 Best practice: write a shell Script as entrypoint
COPY docker-entrypoint.sh /usr/local/bin
ENTRYPOINT ["docker-entrypoint.sh]
EXPOSE 27017
CMD ["mongod"]

[root@master home]# more Dockerfile
FROm centos
ENV name Docker
#CMD ["/bin/bash","-c","echo hello $name"]
ENTRYPOINT ["/bin/bash","-c","echo hello $name"]

5. Publish to warehouse

5.1 common image publishing of docker hub

docker provides a repository similar to github, which is the official website (registration is required)

https://hub.docker.com/

#After registering docker # id, log in to dockerhub in linux
    docker login

#Pay attention to ensure that the tag of the image is the account name. If the image name is wrong, you need to change the tag
    docker tag chaoyu/centos-vim peng104/centos-vim
    #The syntax is: docker tag , warehouse name , peng104 / warehouse name

#Push docker # image to dockerhub
    docker push peng104/centps-cmd-exec:latest

#Check the image in dockerhub
#First delete the local image, and then test and download the pull# image file
    docker pull peng104/centos-entrypoint-exec

5.2 private warehouse

docker hub is public and can be downloaded by others. It is not safe. Therefore, you can also use the private warehouse officially provided by docker registry

Detailed usage:

https://yeasy.gitbooks.io/docker_practice/repository/registry.html

# 1. Download an official private warehouse image of docker
    docker pull registry
# 2. Run a docker private container repository
docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry  registry
    -d Background operation 
    -p  Port mapping 5000 of host:5000 in container
    -v  Data volume mount  Host /opt/data/registry :/var/lib/registry 
    registry  Image name
    /var/lib/registry  Location of private warehouse
# Docker does not allow non HTTPS image push by default. We can cancel this restriction through docker configuration options
# 3. Modify the configuration file of docker to support http mode and upload private images
    vim /etc/docker/daemon.json 
    #Write the following
    {
        "registry-mirrors": ["http://f1361db2.m.daocloud.io"],
        "insecure-registries":["192.168.11.37:5000"]
    }
# 4. Modify the service configuration file of docker
    vim /lib/systemd/system/docker.service
#Find the code area block [service] and write the following parameters
    [Service]
    EnvironmentFile=-/etc/docker/daemon.json
# 5. Reload docker service
    systemctl daemon-reload
# 6. Restart docker service
    systemctl restart docker
    #Note: restart the docker service and all containers will hang up

# 7. Modify the tag tag of the local image and push it to your own private warehouse
    docker tag docker.io/peng104/hello-world-docker 192.168.11.37:5000/peng-hello
    #Browser access http://192.168.119.10:5000/v2/_catalog View warehouse
# 8. Download Image of private warehouse
    docker pull 192.168.11.37:5000/peng-hello

6. Example demonstration

Write dockerfile, build your own image and run flash program.

Make sure the app Py and dockerfile are in the same directory!

# 1. Get the app ready Flash program of PY
    [root@localhost ~]# cat app.py
    from flask import Flask
    app=Flask(__name__)
    @app.route('/')
    def hello():
        return "hello docker"
    if __name__=="__main__":
        app.run(host='0.0.0.0',port=8080)
    [root@master home]# ls
    app.py  Dockerfile

# 2. Write dockerfile
    [root@localhost ~]# cat Dockerfile
    FROM python:2.7
    LABEL maintainer="Wen Erxin"
    RUN pip install flask
    COPY app.py /app/
    WORKDIR /app
    EXPOSE 8080
    CMD ["python","app.py"]

# 3. Build the image, find the Dockerfile of the current directory, and start building
    docker build -t peng104/flask-hello-docker .

# 4. View the created images
    docker image ls

# 5. Start the flask Hello docker container and map a port for external access
    docker run -d -p 8080:8080 peng104/flask-hello-docker

# 6. Check running containers
    docker container ls

# 7. Push this image to the private warehouse
    docker tag  peng104/flask-hello-docker   192.168.11.37:5000/peng-flaskweb
    docker push 192.168.11.37:5000/peng-flaskweb

What are the gains after reading this article? Please forward and share with more people

Follow official account: java classic

Posted by quasiman on Tue, 10 May 2022 07:02:12 +0300