Shulou(Shulou.com)06/01 Report--

Many novices are not very clear about how to release the Docker architecture and homemade images. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

one。 What is docker?

As we all know about virtual machines, installing a linux virtual machine on windows is a common solution for most programmers. Most of the company's production environment is also a virtual machine, the virtual machine virtualizes the physical hardware resources, allocates and uses them according to demand, and the virtual machine uses exactly the same as the real operating system. When the virtual machine files are not in use, the resources can be recycled by deleting the virtual machine files directly. It's convenient for centralized management.

Because the virtual machine is very large and consumes a lot of hardware resources, linux has developed another virtualization technology, namely linux container (Linux Containers, abbreviated as LXC), which does not simulate a complete operating system like a virtual machine, but provides the same effect as a virtual machine. If the virtual machine is operating system-level isolation, then the container is process-level isolation, you can imagine the advantages of this level of isolation is undoubtedly fast and resource-saving.

Docker is the encapsulation of linux container and provides a simple and practical user interface. It is the most popular linux container solution at present.

Here is the definition of the encyclopedia:

Docker is an open source application container engine based on the Go language and complies with the Apache2.0 protocol. Docker allows developers to package their applications and dependency packages into a portable container and publish them to any popular linux machine. Containers are fully sandboxed and will not have any interface with each other.

two。 What problem does docker solve?

1. Solve the problem of virtual machine resource consumption.

The virtual machine runs on the server operating system, the guest operating system runs on the virtual machine, and the user's applications run on the guest operating system. 80% of the resource overhead of a server is spent on hardware virtualization and the client operating system itself.

Figure 1. The difference between virtual machine architecture and container architecture

As shown in figure 1, if you use docker container technology, there is a virtual server running on the container, and the user's applications are running in the virtual server. The virtual server and the server operating system use the same kernel. The file system of the virtual server uses the file system of the physical server, but it is isolated. It seems that each virtual server has its own independent file system. A virtual bridge device is established on the physical server, and each virtual server connects to the network through the virtual bridge device. The virtual server directly uses the CPU, memory and hard disk of the physical server, and does not virtualize the hardware, so there is no resource consumption occupied by hardware virtualization and client operating system, and the performance of each virtual server is close to the performance of the physical server.

It may be very slow for an ordinary home computer to run a Linux virtual machine, but you can use docker to virtualize dozens or even hundreds of virtual linux servers. If you switch to a powerful server, you can use docker to provide private cloud services.

two。 Rapid deployment.

The difficulty of software development lies in the configuration of the environment. Software running on one's own computer may not run on another machine, unless the operating system is set up correctly and various components and libraries are installed correctly. For example, to deploy a web system developed by Java, the computer must install Java and the correct environment variables, and may also need to install tomcat and nginx. If you change the machine, you have to do it all over again.

Using docker, you can package applications and dependencies in a file (docker image file). Running this file will start the virtual server and start the application or service on the virtual server, just like running on a real physical machine. With docker, you can deploy at once, run everywhere, and can also be used to automate publishing.

3. Provide an one-time environment.

For example, testing other people's software locally, providing an environment for unit testing and building during continuous integration, starting or shutting down a virtual server is as simple and fast as starting or shutting down a process.

4. Provide flexible cloud services.

Because the Docker container can be switched on and off, it is very suitable for dynamic capacity expansion and reduction.

5. Build a micro-service architecture.

Through multiple containers, a machine can run many virtual servers, so it is possible to simulate a micro-service architecture or a distributed architecture on one machine.

three。 Docker installation, deployment and use

This paper introduces the installation and use of ubuntu 18.04system. For other operating systems, please refer to the official documentation https://docs.docker.com/.

1. Install the docker engine

Get the latest version of the Docker installation package

Aaron@ubuntu:~$ wget-qO- https://get.docker.com/ | sh

Execute the above command, enter the current user password, you can automatically download the latest version of the docker installation package, and automatically install.

After the installation is complete, there is a prompt:

If you would like to use Docker as a non-root user, you should now consideradding your user to the "docker" >

You need to execute when you want to run docker directly as a non-root user

Sudo usermod-aG docker aaron

Command to add user aaron to the docker user group, and then log in again, otherwise the following error will be reported:

Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix / var/run/docker.sock: connect: permission denied.See 'docker run-- help'.

Execute the following command to start the docker engine

Aaron@ubuntu:~$ sudo service docker start

After a successful installation, it has been set to boot by default and start automatically. If you want to set it manually, execute the following command:

Sudo systemctl enable dockersudo systemctl start docker

Test run

Aaron@ubuntu:~$ sudo docker run hello-world2. Use docker

1. Understand the architecture of docker

Learn about the architecture of docker before using it, as shown in the following figure:

Docker architecture diagram

Docker mirrors (image) are files stored in the docker repository (Registry) and are templates for creating docker containers.

A docker container is an independent application or group of applications, which can be understood as the virtual server described above.

A docker host is a physical or virtual machine used to execute docker daemons and containers.

The docker client uses docker API to communicate with the docker daemon through the command line or other tools.

As users, we use the docker client directly.

2. Docker command

View help information for the docker command

Docker-- help # docker all Command help Information docker COMMAND-- help # docker help Information for specific Command COMMAND

View docker information

Docker info

You can see the pool of the container, the size of used data, the total data size, the basic container size, the number of containers currently running, and so on.

Search for images, and search for container images made by others on the Internet.

Docker search ubuntudocker search centos

Ubuntu Mirror

From here, we can see that some images have integrated php, java, ansible and other applications. We can also make an image file containing our own applications or services, and pass this file to others, who can directly use docker to open the container without any additional operation or resource consumption like a virtual machine. Is it very convenient to run your applications or services?!

If the software testing, interface testing, automated testing, performance testing, LR script development, interview experience exchange. If you are interested in 175317069, there will be free links distributed in the group from time to time, which are collected and sorted out from various technical websites. If you have good learning materials, you can chat and send me in private. I will indicate the source and share it with you.

Download the container image made by others from the network.

Docker pull centosdocker pull ubuntu

Import the downloaded container image file

Docker load

< image_xxx.tar 查看镜像 docker imagesdocker images -a 检查镜像 docker inspect ubuntu 可以看到容器镜像的基本信息。 删除镜像，通过镜像的 id 来指定删除 docker rmi ubuntu 删除全部镜像 docker rmi $(docker images -q) 显示镜像历史 docker history ubuntu 运行容器 Docker容器可以理解为在沙盒中运行的进程，这个沙盒包含了该进程运行所必须的资源，包括文件系统、系统类库、shell 环境等。但这个沙盒默认是不会运行任何程序的，需要在沙盒中运行一个进程来启动某一个容器。这个进程是该容器的唯一进程，所以当该进程结束的时候，容器也会完全停止。 运行 ubuntu 容器并进入交互式环境 aaron@ubuntu:~$ docker run -i --name="ubuntu1" --hostname="ubuntu1" ubuntu /bin/shcat /etc/hosts127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.17.0.2 ubuntu1whoamirootuname -aLinux ubuntu1 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux 上述命令我们创建了一个名字为 ubuntu1 的容器，设置容器的主机名为 ubuntu1，进入 /bin/sh 命令后我们打印了 hosts 文件的内容，查看了内核版本(与本机操作系统版本一致)，这里可以使用各种 linux 命令，就像在新的操作系统中使用命令一个样。同样的方法，我们在新的终端创建一个 ubuntu2 的容器，并使用 docker ps 查看正在运行的容器。 查看正在运行的容器 输入 exit 退出容器。 docker run -d ubuntu 会出现一串长的字母数字组成的串，为容器的 id，请注意容器要有持续运行的进程存在，否则，容器会很快自动退出。 运行容器并指定MAC地址 docker run -d --name='centos3' --hostname='centos3' --mac-address="02:42:AC:11:00:24">

List all containers

Docker ps-a

List the containers that were last started

Docker ps-l

Check the container

Docker inspect centos1

You can get information about the container.

Get container CID

Docker inspect-f'{{.ID}} 'centos1

Get container PID

Docker inspect-f'{{.State.Pid}} 'centos1

Get container IP

Docker inspect-f'{{.NetworkSettings.IPAddress}} 'centos1

Get the container gateway

Docker inspect-f'{{.NetworkSettings.Gateway}} 'centos1

Get container MAC

Docker inspect-f'{{.NetworkSettings.MacAddress}} 'centos1

Check the container IP address

Docker inspect-f'{{.NetworkSettings.IPAddress}} 'centos1

Connect the container

IP address of the ssh container

Enter password: 123456

After the container is running, you can enter the inside of the container in another way

Docker exec-it centos / bin/sh

View the logs while the container is running

Docker logs centos1

List the files or directories that have been changed in a container, and the list will show three events: added by A, deleted by D, and changed by C.

Docker diff centos1

And the initial container image project, which directory files have been added / modified / deleted by the user or system can be seen.

View the processes running in the container

Docker top centos1

Copy the files / directories in the container to the local server

Docker cp centos1:/etc/passwd / tmp/ls / tmp/passwd

The container files can also be copied to the server through the network IP address, which is more convenient.

Stop the container

Docker stop centos1

Stop all containers

Docker kill $(docker ps-a-Q)

Start the container

Docker start centos1

Delete a single container

Docker stop centos1docker rm centos1

Stop the operation of the container before deleting it.

Delete all containers

Docker kill $(docker ps-a-Q) docker rm $(docker ps-a-Q)

3. The concept of volume

In order to preserve (persist) data and share data between containers, docker proposed the concept of volume. The volume Volume is the specific directory of the container, and the files in this directory are saved on the host, not in the container's file system.

A data volume is a special directory that can be used by one or more containers, bypassing the container's default file system, and providing many useful features:

(1) data volumes can be shared and reused among containers

(2) changes to the data volume will take effect immediately.

(3) updates to the data volume will not affect the mirror image

(4) the data volume will always exist by default, even if the container is deleted.

Note: the use of data volumes is similar to mounting mount to the directory under Linux. The files in the directory specified as the mount point in the container will be hidden, and the mounted data volume can be displayed.

Create and use data volum

Mkdir-p / root/volume1mkdir-p / root/volume2docker run-d-v / volume1-- name='centos5' docker-centos6.10-hadoop-sparkdocker run-d-v / root/volume1:/volume1-- name='centos6' docker-centos6.10-hadoop-sparkdocker run-d-v / root/volume1:/volume1-v / root/volume2:/volume2-- name='centos7' docker-centos6.10-hadoop-sparkdocker run-d-v / root/volume1:/volume1:ro-- name='centos8' docker-centos6.10-hadoop-spark

Use the docker run command to create a container, specify the-v flag to create a data volume and mount it to the container; you can mount multiple data volumes; you can set the read-only attribute of the volume; you can not specify the directory mapped by the server, and the system automatically specifies the directory, and check the mapping path through docker inspect.

Go to each of these containers and check the / volume1 and / volume2 directories.

Data volume sharing

If you want to authorize one container to access another container's data volume, you can use the-volumes-from parameter to do so.

Data volume container

If there is some continuously updated data that needs to be shared between containers, it is best to create a data volume container.

A data volume container is actually a normal container designed to provide data volumes for other containers to mount.

(1) create a data volume container named dbdata

Docker run-d-v / dbdata-- name dbdata docker-centos6.10-hadoop-spark

(2) use-volumes-from in other containers to mount the data volumes in the dbdata container

Docker run-d-volumes-from dbdata-- name db1 docker-centos6.10-hadoop-sparkdocker run-d-- volumes-from dbdata-- name db2 docker-centos6.10-hadoop-spark

In this way, data sharing between containers can be realized.

Go to each of these containers and check the / volume1 and / volume2 directories.

4. Make your own image and publish it

Save container changes and submit a new container image

Docker commit centos1 centos111

Submit the existing container to form a new container image, and you can see the centos111 image using docker images. With this method, you can create a new container image.

View Mirror

Docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEcentos111 latest d691a75ee371 23 minutes ago 501.5 MB

Create a container based on the new container image

Docker run-d-name='centos111' centos111

View the container

Docker inspect centos111

Export and import images

When you need to migrate an image from one machine to another, you need to export and import the image.

Machine A

Docker save docker-centos6.10-hadoop-spark > docker-centos6.10-hadoop-spark2.tar

Or

Docker save-o docker-centos6.10-hadoop-spark docker-centos6.10-hadoop-spark2.tar

Use the scp command to copy docker-centos6.10-hadoop-spark2.tar to machine B in other ways

Machine B

Docker load < docker-centos6.10-hadoop-spark2.tar

Or

Docker load-I docker-centos6.10-hadoop-spark2.tar

Publish Container Image

Docker push centos6.8-lamp1

Publish the container to the network.

5. Docker network

If the software testing, interface testing, automated testing, performance testing, LR script development, interview experience exchange. If you are interested in 175317069, there will be free links distributed in the group from time to time, which are collected and sorted out from various technical websites. If you have good learning materials, you can chat and send me in private. I will indicate the source and share it with you.

When docker starts, it creates a virtual network interface called docker0 on the host machine. It randomly selects an address and subnet mask that the host does not use from the private address defined by RFC 1918 and assigns it to docker0. By default, 172.18.0.1 docker0 is selected. A 16-bit subnet mask provides the container with 65534 IP addresses.

Docker0 is not a normal network interface, but a virtual Ethernet bridge that automatically forwards packets between other network cards bound to it, which enables containers and hosts to communicate with each other, containers and containers to communicate with each other.

Each time docker creates a container, it creates a pair of peer-to-peer interfaces (Peer Interface), similar to the two ends of a pipe, where you can receive packets sent by the other. Docker connects one of the peer interfaces to the container as an eth0 interface and holds the other with a unique name like vethAQI2QT, depending on the host's namespace. By binding all veth* interfaces to the docker0 bridge Nic, docker creates a shared virtual subnet between the host and all docker containers.

Docker NAT network

The docker container accesses the network through nat by default. When docker starts, it creates a virtual network interface called docker0 on the host host. Docker0 is just a virtual Ethernet bridge that automatically forwards packets among other network cards bound to it. It enables containers and hosts to communicate with each other and containers to communicate with each other.

The docker0 gateway address is 172.18.0.1, the mask is 16 bits, and 65534 IP addresses are provided.

In NAT mode, the virtual container can access the external network (other than the host), but the machines outside the host cannot access the private network of the container.

Docker Bridage network

The docker container can access the network through bridge.

In bridge mode, the virtual container can access the external network (other than the host), and the machines outside the host can also access the container's private network.

6. Docker pipework

The network function of docker itself is relatively simple, which can not meet many complex application scenarios. Therefore, there are many open source projects to improve the network functions of docker, such as pipework, weave, flannel and so on.

Pipework is a docker network configuration tool developed by docker engineer J é r ô me Petazzoni. It is implemented by more than 200 lines of shell and is easy to use.

Install pipework

Git clone https://github.com/jpetazzo/pipeworkcp pipework/pipework / bin/

Or

Wget [http://172.17.1.240/docker/software/pipework](http://172.17.1.240/docker/software/pipework)chmod axix pipeworkcp pipework / bin/

Run the container

Docker run-d-- net='none'-- name='centos9' docker-centos6.10-hadoop-spark

Configure the container network and connect to the bridge docker0; the gateway is specified with @ after the IP address.

Pipework docker0 centos9 172.18.0.100 Compact 16mm 172.18.0.1

7. Docker network port mapping

If the container uses the docker0 virtual network, then the container's network is 172.17.0.0ub16, and the container can access the public network through NAT, but the public network cannot access the private network. If the container uses the br0 virtual network, the container and the server can be in the same network address range; the container can access the public network; and the public network can also access the container network.

For containers that use docker0 virtual networks, you can let the public network access some ports of the container by port mapping.

Run the container

Docker run-d-p 38022 22-- name='centos10' docker-centos6.10-hadoop-spark

Connect the container

Ssh localhost-p 38022

On other servers, you can access the container by accessing the physical server and adding ports, and you can map multiple ports at a time.

Run the container

Docker run-d-p 38022 22-p 38080 80-- name='centos11' docker-centos6.10-hadoop-spark

The implementation principle is realized through iptables forwarding on the server. Of course, you can also forward the entire container IP address through iptables.

Because containers are process-level, they have many advantages over virtual machines.

(1) start up quickly

The application in the container is directly a process of the underlying system, not a process within the virtual machine. Therefore, booting the container is equivalent to starting a process on the machine, rather than starting an operating system, which is much faster.

(2) take up less resources

The container only occupies the resources needed and does not occupy those resources that are not used; because the virtual machine is a complete operating system, it is inevitable to occupy all resources. In addition, multiple containers can share resources, and virtual machines are exclusive resources.

(3) small size

The container only needs to contain the components used, and the virtual machine is the package of the entire operating system, so the container file is much smaller than the virtual machine file.

In short, containers are a bit like lightweight virtual machines, providing a virtualized environment, but at much lower cost.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.