Shulou(Shulou.com)06/02 Report--

1. What is docker?

As we all know about virtual machines, installing a linux virtual machine on windows is a common solution for most programmers. Most of the company's production environment is also a virtual machine, the virtual machine virtualizes the physical hardware resources, allocates and uses them according to demand, and the virtual machine uses exactly the same as the real operating system. When the virtual machine files are not in use, the resources can be recycled by deleting the virtual machine files directly. It's convenient for centralized management.

Because the virtual machine is very large and consumes a lot of hardware resources, linux has developed another virtualization technology, namely linux container (Linux Containers, abbreviated as LXC), which does not simulate a complete operating system like a virtual machine, but provides the same effect as a virtual machine. If the virtual machine is operating system-level isolation, then the container is process-level isolation, you can imagine the advantages of this level of isolation is undoubtedly fast and resource-saving.

Docker is the encapsulation of linux container and provides a simple and practical user interface. It is the most popular linux container solution at present.

Here is the definition of the encyclopedia:

Docker is an open source application container engine based on the Go language and complies with the Apache2.0 protocol. Docker allows developers to package their applications and dependency packages into a portable container and publish them to any popular linux machine. Containers are fully sandboxed and will not have any interface with each other.

2. What problem does docker solve?

1. Solve the problem of virtual machine resource consumption.

The virtual machine runs on the server operating system, the guest operating system runs on the virtual machine, and the user's applications run on the guest operating system. 80% of the resource overhead of a server is spent on hardware virtualization and the client operating system itself.

Figure 1. The difference between virtual machine architecture and container architecture

As shown in figure 1, if you use docker container technology, there is a virtual server running on the container, and the user's applications are running in the virtual server. The virtual server and the server operating system use the same kernel. The file system of the virtual server uses the file system of the physical server, but it is isolated. It seems that each virtual server has its own independent file system. A virtual bridge device is established on the physical server, and each virtual server connects to the network through the virtual bridge device. The virtual server directly uses the CPU, memory and hard disk of the physical server, and does not virtualize the hardware, so there is no resource consumption occupied by hardware virtualization and client operating system, and the performance of each virtual server is close to the performance of the physical server.

It may be very slow for an ordinary home computer to run a Linux virtual machine, but you can use docker to virtualize dozens or even hundreds of virtual linux servers. If you switch to a powerful server, you can use docker to provide private cloud services.

two。 Rapid deployment.

The difficulty of software development lies in the configuration of the environment. Software running on one's own computer may not run on another machine, unless the operating system is set up correctly and various components and libraries are installed correctly. For example, to deploy a web system developed by Java, the computer must install Java and the correct environment variables, and may also need to install tomcat and nginx. If you change the machine, you have to do it all over again.

Using docker, you can package applications and dependencies in a file (docker image file). Running this file will start the virtual server and start the application or service on the virtual server, just like running on a real physical machine. With docker, you can deploy at once, run everywhere, and can also be used to automate publishing.

3. Provide an one-time environment.

For example, testing other people's software locally, providing an environment for unit testing and building during continuous integration, starting or shutting down a virtual server is as simple and fast as starting or shutting down a process.

4. Provide flexible cloud services.

Because the Docker container can be switched on and off, it is very suitable for dynamic capacity expansion and reduction.

5. Build a micro-service architecture.

Through multiple containers, a machine can run many virtual servers, so it is possible to simulate a micro-service architecture or a distributed architecture on one machine.

3. Installation, deployment and use of docker

This paper introduces the installation and use of ubuntu 18.04system. For other operating systems, please refer to the official documentation https://docs.docker.com/.

1. Install the docker engine

Get the latest version of the Docker installation package

Aaron@ubuntu:~$ wget-qO- https://get.docker.com/ | sh

Execute the above command, enter the current user password, you can automatically download the latest version of the docker installation package, and automatically install.

After the installation is complete, there is a prompt:

If you would like to use Docker as a non-root user, you should now consideradding your user to the "docker" group with something like: sudo usermod-aG docker aaronRemember that you will have to log out and back in for this to take warning: Adding a user to the "docker" group will grant the ability to run containers which can be used to obtain root privileges on the docker host. Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface for more information.

You need to execute when you want to run docker directly as a non-root user

Sudo usermod-aG docker aaron

Command to add user aaron to the docker user group, and then log in again, otherwise the following error will be reported:

Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix / var/run/docker.sock: connect: permission denied.See 'docker run-- help'.

Execute the following command to start the docker engine

Aaron@ubuntu:~$ sudo service docker start

After a successful installation, it has been set to boot by default and start automatically. If you want to set it manually, execute the following command:

Sudo systemctl enable dockersudo systemctl start docker

Test run

Aaron@ubuntu:~$ sudo docker run hello-world

two。 Use docker

1. Understand the architecture of docker

Learn about the architecture of docker before using it, as shown in the following figure:

Docker architecture diagram

Docker mirrors (image) are files stored in the docker repository (Registry) and are templates for creating docker containers. A docker container is an independent application or group of applications, which can be understood as the virtual server described above. A docker host is a physical or virtual machine used to execute docker daemons and containers. The docker client uses docker API to communicate with the docker daemon through the command line or other tools.

As users, we use the docker client directly.

2. Docker command

View help information for the docker command

Docker-- help # docker all Command help Information docker COMMAND-- help # docker help Information for specific Command COMMAND

View docker information

Docker info

You can see the pool of the container, the size of used data, the total data size, the basic container size, the number of containers currently running, and so on.

Search for images, and search for container images made by others on the Internet.

Docker search ubuntudocker search centos

Ubuntu Mirror

From here, we can see that some images have integrated php, java, ansible and other applications. We can also make an image file containing our own applications or services, and pass this file to others, who can directly use docker to open the container without any additional operation or resource consumption like a virtual machine. Is it very convenient to run your applications or services?!

Download the container image made by others from the network.

Docker pull centosdocker pull ubuntu

Import the downloaded container image file

Docker load

< image_xxx.tar 查看镜像 docker imagesdocker images -a 检查镜像 docker inspect ubuntu 可以看到容器镜像的基本信息。 删除镜像，通过镜像的 id 来指定删除 docker rmi ubuntu 删除全部镜像 docker rmi $(docker images -q) 显示镜像历史 docker history ubuntu 运行容器 Docker容器可以理解为在沙盒中运行的进程，这个沙盒包含了该进程运行所必须的资源，包括文件系统、系统类库、shell 环境等。但这个沙盒默认是不会运行任何程序的，需要在沙盒中运行一个进程来启动某一个容器。这个进程是该容器的唯一进程，所以当该进程结束的时候，容器也会完全停止。 运行 ubuntu 容器并进入交互式环境 aaron@ubuntu:~$ docker run -i --name="ubuntu1" --hostname="ubuntu1" ubuntu /bin/shcat /etc/hosts127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.17.0.2 ubuntu1whoamirootuname -aLinux ubuntu1 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux 上述命令我们创建了一个名字为 ubuntu1 的容器，设置容器的主机名为 ubuntu1，进入 /bin/sh 命令后我们打印了 hosts 文件的内容，查看了内核版本(与本机操作系统版本一致)，这里可以使用各种 linux 命令，就像在新的操作系统中使用命令一个样。同样的方法，我们在新的终端创建一个 ubuntu2 的容器，并使用 docker ps 查看正在运行的容器。 查看正在运行的容器 输入 exit 退出容器。 docker run -d ubuntu 会出现一串长的字母数字组成的串，为容器的 id，请注意容器要有持续运行的进程存在，否则，容器会很快自动退出。 运行容器并指定MAC地址 docker run -d --name='centos3' --hostname='centos3' --mac-address="02:42:AC:11:00:24" docker-centos6.10-hadoop-spark 列出所有的容器 docker ps -a 列出最近一次启动的容器 docker ps -l 检查容器 docker inspect centos1 可以获取容器的相关信息。 获取容器CID docker inspect -f '{{.Id}}' centos1 获取容器PID docker inspect -f '{{.State.Pid}}' centos1 获取容器IP docker inspect -f '{{.NetworkSettings.IPAddress}}' centos1 获取容器网关 docker inspect -f '{{.NetworkSettings.Gateway}}' centos1 获取容器 MAC docker inspect -f '{{.NetworkSettings.MacAddress}}' centos1 查看容器 IP 地址 docker inspect -f '{{.NetworkSettings.IPAddress}}' centos1 连接容器 ssh 容器的 IP 地址 输入密码：123456 容器运行后，可以通过另一种方式进入容器内部 docker exec -it centos /bin/sh 查看容器运行过程中的日志 docker logs centos1 列出一个容器里面被改变的文件或者目录，列表会显示出三种事件，A 增加的；D 删除的；C 被改变的 docker diff centos1 和初始容器镜像项目，用户或系统增加/修改/删除了那些目录文件，都可以查看到。 查看容器里正在运行的进程 docker top centos1 拷贝容器里的文件/目录到本地服务器 docker cp centos1:/etc/passwd /tmp/ls /tmp/passwd 通过网络 IP 地址也可以将容器的文件拷贝到服务器，这种方式比较方便。 停止容器 docker stop centos1 停止所有容器 docker kill $(docker ps -a -q) 启动容器 docker start centos1 删除单个容器 docker stop centos1docker rm centos1 删除容器之前要先停止该容器的运行。 删除所有容器 docker kill $(docker ps -a -q)docker rm $(docker ps -a -q) 3. 卷的概念 为了能够保存（持久化）数据以及共享容器间的数据，docker 提出了卷的概念。卷 Volume 就是容器的特定目录，该目录下的文件保存在宿主机上，而不是容器的文件系统内。 数据卷是一个可供一个或多个容器使用的特殊目录，它绕过容器默认的文件系统，可以提供很多有用的特性： （1）数据卷可以在容器之间共享和重用； （2）对数据卷的修改会立马生效； （3）对数据卷的更新，不会影响镜像； （4）数据卷默认会一直存在，即使容器被删除。 注意：数据卷的使用，类似于 Linux下对目录进行挂载 mount，容器中被指定为挂载点的目录中的文件会隐藏掉，能显示看的是挂载的数据卷。 创建、使用数据卷 mkdir -p /root/volume1mkdir -p /root/volume2docker run -d -v /volume1 --name='centos5' docker-centos6.10-hadoop-sparkdocker run -d -v /root/volume1:/volume1 --name='centos6' docker-centos6.10-hadoop-sparkdocker run -d -v /root/volume1:/volume1 -v /root/volume2:/volume2 --name='centos7' docker-centos6.10-hadoop-sparkdocker run -d -v /root/volume1:/volume1:ro --name='centos8' docker-centos6.10-hadoop-spark 使用docker run命令创建容器，指定 -v 标记来创建一个数据卷并挂载到容器里；可以挂载多个数据卷；可以设置卷的只读属性；可以不指定服务器映射的目录，由系统自动指定目录，通过 docker inspect 来查看映射的路径。 分别进入这些容器，查看 /volume1、/volume2目录。 数据卷共享 如果要授权一个容器访问另一个容器的数据卷，可以使用-volumes-from 参数来执行。 数据卷容器 如果有一些持续更新的数据需要在容器之间共享，最好创建数据卷容器。 数据卷容器，其实就是一个正常的容器，专门用来提供数据卷供其它容器挂载的。 （1）创建一个名为 dbdata 的数据卷容器 docker run -d -v /dbdata --name dbdata docker-centos6.10-hadoop-spark （2）在其他容器中使用--volumes-from来挂载 dbdata 容器中的数据卷 docker run -d --volumes-from dbdata --name db1 docker-centos6.10-hadoop-sparkdocker run -d --volumes-from dbdata --name db2 docker-centos6.10-hadoop-spark 这样就可以实现容器之间的数据共享。 分别进入这些容器，查看 /volume1、/volume2 目录。 4. 自制镜像并发布 保存容器修改，提交一个新的容器镜像 docker commit centos1 centos111 将现有的容器提交形成一个新的容器镜像，使用 docker images 可以看到 centos111 镜像。通过此方法，可以创建一个新的容器镜像。 查看镜像 docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEcentos111 latest d691a75ee371 23 minutes ago 501.5 MB 根据新容器镜像创建容器 docker run -d --name='centos111' centos111 查看容器 docker inspect centos111 导出和导入镜像 当需要把一台机器上的镜像迁移到另一台机器的时候，需要导出镜像与导入镜像。 机器A docker save docker-centos6.10-hadoop-spark >

Docker-centos6.10-hadoop-spark2.tar

Or

Docker save-o docker-centos6.10-hadoop-spark docker-centos6.10-hadoop-spark2.tar

Use the scp command to copy docker-centos6.10-hadoop-spark2.tar to machine B in other ways

Machine B

Docker load < docker-centos6.10-hadoop-spark2.tar

Or

Docker load-I docker-centos6.10-hadoop-spark2.tar

Publish Container Image

Docker push centos6.8-lamp1

Publish the container to the network.

5. Docker network

When docker starts, it creates a virtual network interface called docker0 on the host machine. It randomly selects an address and subnet mask that the host does not use from the private address defined by RFC 1918 and assigns it to docker0. By default, 172.18.0.1 docker0 is selected. A 16-bit subnet mask provides the container with 65534 IP addresses.

Docker0 is not a normal network interface, but a virtual Ethernet bridge that automatically forwards packets between other network cards bound to it, which enables containers and hosts to communicate with each other, containers and containers to communicate with each other.

Each time docker creates a container, it creates a pair of peer-to-peer interfaces (Peer Interface), similar to the two ends of a pipe, where you can receive packets sent by the other. Docker connects one of the peer interfaces to the container as an eth0 interface and holds the other with a unique name like vethAQI2QT, depending on the host's namespace. By binding all veth* interfaces to the docker0 bridge Nic, docker creates a shared virtual subnet between the host and all docker containers.

Docker NAT network

The docker container accesses the network through nat by default. When docker starts, it creates a virtual network interface called docker0 on the host host. Docker0 is just a virtual Ethernet bridge that automatically forwards packets among other network cards bound to it. It enables containers and hosts to communicate with each other and containers to communicate with each other.

The docker0 gateway address is 172.18.0.1, the mask is 16 bits, and 65534 IP addresses are provided.

In NAT mode, the virtual container can access the external network (other than the host), but the machines outside the host cannot access the private network of the container.

Docker Bridage network

The docker container can access the network through bridge.

In bridge mode, the virtual container can access the external network (other than the host), and the machines outside the host can also access the container's private network.

6. Docker pipework

The network function of docker itself is relatively simple, which can not meet many complex application scenarios. Therefore, there are many open source projects to improve the network functions of docker, such as pipework, weave, flannel and so on.

Pipework is a docker network configuration tool developed by docker engineer J é r ô me Petazzoni. It is implemented by more than 200 lines of shell and is easy to use.

Install pipework

Git clone https://github.com/jpetazzo/pipeworkcp pipework/pipework / bin/

Or

Wget [http://172.17.1.240/docker/software/pipework](http://172.17.1.240/docker/software/pipework)chmod axix pipeworkcp pipework / bin/

Run the container

Docker run-d-- net='none'-- name='centos9' docker-centos6.10-hadoop-spark

Configure the container network and connect to the bridge docker0; the gateway is specified with @ after the IP address.

Pipework docker0 centos9 172.18.0.100 Compact 16mm 172.18.0.1

7. Docker network port mapping

If the container uses the docker0 virtual network, then the container's network is 172.17.0.0ub16, and the container can access the public network through NAT, but the public network cannot access the private network. If the container uses the br0 virtual network, the container and the server can be in the same network address range; the container can access the public network; and the public network can also access the container network.

For containers that use docker0 virtual networks, you can let the public network access some ports of the container by port mapping.

Run the container

Docker run-d-p 38022 22-- name='centos10' docker-centos6.10-hadoop-spark

Connect the container

Ssh localhost-p 38022

On other servers, you can access the container by accessing the physical server and adding ports, and you can map multiple ports at a time.

Run the container

Docker run-d-p 38022 22-p 38080 80-- name='centos11' docker-centos6.10-hadoop-spark

The implementation principle is realized through iptables forwarding on the server. Of course, you can also forward the entire container IP address through iptables.

4. Summary

Because containers are process-level, they have many advantages over virtual machines.

(1) start up quickly

The application in the container is directly a process of the underlying system, not a process within the virtual machine. Therefore, booting the container is equivalent to starting a process on the machine, rather than starting an operating system, which is much faster.

(2) take up less resources

The container only occupies the resources needed and does not occupy those resources that are not used; because the virtual machine is a complete operating system, it is inevitable to occupy all resources. In addition, multiple containers can share resources, and virtual machines are exclusive resources.

(3) small size

The container only needs to contain the components used, and the virtual machine is the package of the entire operating system, so the container file is much smaller than the virtual machine file.

In short, containers are a bit like lightweight virtual machines, providing a virtualized environment, but at much lower cost.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.