Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to understand the internal logic of docker". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "how to understand docker's internal logic"!

Image-A special file system

Docker image is a special file system. In addition to providing programs, libraries, resources, configuration files, etc. required by the container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc.)

Container--Entity at runtime for mirroring

Containers are entities that mirror the runtime. Containers can be created, started, stopped, deleted, paused, etc.

Repository-A centralized repository of mirrored files

After the image is built, it can easily run on the current host, but if we need to use this image on other servers, we need a centralized storage and distribution service for the image. Docker Registry is such a service.

Docker uses C/S architecture. The client and server can run on the same machine or communicate via sockets or RESTful APIs.

Docker Daemon: Generally runs in the background of the host, waiting to receive messages from the client

Docker Client: provides a series of executable commands for customers to use to interact with docker daemon

The user uses Docker Client to establish communication with Docker Daemon and send requests to the latter.

Engine performs a series of jobs inside Docker, each of which exists in the form of a Job.

3. During the running process of Job, when a container image is needed, download the image from Docker Registry and store the downloaded image in the form of Graph through image management driver graphdriver; when a network environment needs to be created for Docker, create and configure Docker container network environment through network management driver networkdriver; when operations such as restricting Docker container running resources or executing user instructions need to be completed through execudriver. Libcontainer is an independent container management package, networkdriver and execdriver are implemented through libcontainer to implement specific operations on containers.

1. Comparison of containers and virtual machines

2. Docker's advantages

Docker's Disadvantages

4. Docker application scenarios

1. Docker installation

2. Understand mirrors and containers

3. Mirror container management

What is a mirror image?

Mirrors are multi-tiered federated read-only file systems.

What is a container?

Container is based on mirror plus read-write layer. Containers are processes.

The process of building mirrors?

Mirror-> Mirror + writable layer + execute command->commit for new mirror (new layer)-> Mirror + writable layer + execute command->commit for new mirror (new layer)->…

Typical file system startup:

A typical Linux file system consists of bootfs and rootfs,

bootfs(boot file system)

It mainly contains bootloader and kernel. bootloader is mainly used to boot and load kernel. bootfs will be counted off after kernel is loaded into memory.

rootfs (root file system)

/dev,/proc,/bin,/etc are standard directories and files in typical Linux systems.

Loading process:

bootfs sets rootfs to read-only, and then changes rootfs from read-only to read-write after the system self-test

Docker file system startup:

Docker does not change rootfs read-only to read-write after bootfs self-test, but uses union mount (a mounting mechanism of UnionFS) to load other layers in image onto the previous read-only rootfs layer. Each layer is rootfs structure and read-only. So, we can't modify a layer inside an existing mirror! Only when we create a container, instantiating Docker images, will the system allocate an empty layer of read-write rootfs to hold our changes

Layer information for base mirror

docker pull centos

tree -L 2 /var/lib/docker/overlay2/

Layer information mirrored after build

cd layer_dockerfile/

docker build -t centos:test -f ./ Dockerfile .

tree -L 2 /var/lib/docker/overlay2/

Each layer contains "files unique to that layer" and "connections to data shared at lower layers." In versions before Docker 1.10, the directory name is the same as the UUID of the image, while Docker 1.10 uses a new storage method. You can see that the directory name is not the same as the UUID of the download image.

Diff

The specific file content of the mount point

Link

Name of link source corresponding to l directory

Lower

The root has no lower, and the other lower points to the parent layer link

L：

The "l" directory contains symbolic links as shortened layer identifiers. These shortened identifiers are used to avoid mounting beyond page size limits

Commit: container committed as mirror

docker run -idt --name test centos

Touch liwei

docker commit 6de test2

Create: Create container but don't start

docker create --name nginx-con -p80:80 nginx:latest

Start: Start container

docker start nginx-con

Stop: Stop container

docker stop nginx-con

Kill: Kill containers, and stop compared to unfriendly

docker kill nginx-con

Pause: Pause container

docker pause nginx-con

Unpause: Resume paused containers

docker unpause nginx-con

Run: Create and start container

docker run -idt --restart=always --name nginx_con -v /tmp/:/mnt -p 88:80 -e arg1=arg1 nginx

Docker attach nginx_con

Ctrl+^p+^q

CP: copy files between host and container

docker cp docker_install.sh nginx_con:/opt

docker exec nginx_con ls /opt

docker cp nginx_con:/opt/docker_install.sh ./ 1.sh

Exec: Executes commands, can also be attached to containers

docker exec nginx_con ls /opt

Attach: Attach to container

docker attach nginx_con

docker exec -it nginx_con /bin/bash

Logs: View container logs

docker logs -f nginx_con

Inspect: View metadata, mirror and container

docker inspect nginx_con

Port: View container port mapping

docker port nginx_con

Top: View processes running in containers

docker top nginx_con

Ps: View containers

docker ps

docker ps -a

docker ps -aq

View running containers, plus-a View all containers (including stopped and paused containers)

Rm: Delete container

docker rm nginx_con Remove container

docker rm -f nginx_con Forcibly delete containers

Export: Export container

docker pull busybox

docker run -itd busybox

docker export 983989307eef>busybox.tar

Import: importing containers

docker import busybox.tar busybox:1.3

Save: Export Mirror

docker save busybox:1.3>busybox1.3.tar

Load: Import Mirror

docker load -i busybox1.3.tar

Tag: mirror tag

docker tag busybox:1.3 192.168.199.160/test/busybox:latest

Build: Build an image from dockerfile

FROM centos

ENV TZ "Asia/Shanghai"

ADD echo.sh /opt/echo.sh

RUN chmod +x /opt/echo.sh

CMD ["/opt/echo.sh"]

docker build -t centos:test -f Dockerfile .

Pull: Pull images from registry

docker pull nginx pulled from dockerhub

docker pull 192.168.199.160/test/nginx:latest Pull from harbor on intranet

Push: Push the image to the repository [password is required for the first time, no longer required]

docker login 192.168.199.160

admin

Harbor12345

docker push 192.168.199.160/test/busybox:latest

Info、version、events

docker info View docker related information

Docker version View docker version information

Docker events View docker events

[Note]

1. Do not move the firewall after creating the container

2, cmd will be overwritten problem, need to pay attention, may cause/bin/bash to start the command overwritten, can not start the problem, for example

docker run -idt --restart=always --name nginx_con -v /tmp/:/mnt -p 88:80 -e arg1=arg1 nginx /bin/bash

3, cmd commands will be suspended after the execution.

At this point, I believe everyone has a deeper understanding of "how to understand docker's internal logic". Let's do it in practice! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.