Shulou(Shulou.com)06/02 Report--

1 DOCKER basic structure

Docker client: Docker is the application architecture model of Cramp S. generally, the client and server are in the same binary file. So usually we can run the relevant operations through the Docker command.

But it can also be operated on the basis of API for programs.

The server side of Docker daemon:Docker, which usually represents a package of Docker Engine, accepts user requests and carries out related operations.

Container: equivalent to the concept of a virtual machine, but simplified to a mutually isolated operating system without the specific details of our relationship, we can just package it like a container.

Image: the basis of the container, through the Unionfs file system features to achieve different image stacking. Is a basis for starting the container. It can be easily customized with Dockerfile.

Registry: where the image is stored, we can pack and take the container image through Registry.

2 DOCKER common commands

2.1 Docker Image Management

1. Display the local image:

[root@test mnt] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Upstram_nginx latest f3c5dcc79825 9 days ago 669 MB

Lnmp/nginx 0.2 9fe8cdcb3e43 9 days ago 669 MB

Lnmp/mysql 1.0 2c612a810853 10 days ago 374 MB

Lnmp/php 1.0 fc59ef00ea8a 10 days ago 1.23 GB

2. Image search:

[root@test mnt] # docker search nginx

NAME DESCRIPTION STARS OFFICIAL AUTOMATED

Nginx Official build of Nginx. 5508 [OK]

Jwilder/nginx-proxy Automated Nginx reverse... 961 [OK]

Richarvey/nginx-php-fpm Container running Nginx 354 [OK]

Million12/nginx-php Nginx + PHP-FPM 5.5,5.6. 76 [OK]

3. Delete the image:

Docker rmi image id (cannot be deleted when the container exists, you should delete the image before deleting the container)

IV. Image pull and push

Docker pull is fine.

5. View the specific information of the image:

[root@test mnt] # docker inspect f3c5dcc79825 # # you can see the specific configuration and image layering.

2.2 Docker Container Management

First, create a container:

Docker create nginx (image name)

2. View the running container:

[root@node3 ~] # docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

3. View all containers:

Docker ps-a (shows all containers, including those that are not running)

4. Start the container

Docker start nginx (container name / id) starts the container

5. Run the container:

[root@test mnt] # docker run-d-name web (container alias) nginx (image name)

6. Delete container:

[root@test mnt] # docker rm-f web (Container name / id)-f forced deletion

7. Enter the container:

[root@test mnt] # docker exec-it nginx (container name / id) / bin/bash

2.3 Docker Volume

The concept of Docker Volume (volume), simply put, Volume is a directory or file, which can bypass the container system and exist on the host in the form of a normal file or directory. Suitable for persistent storage or sharing of files outside the container. Mount the file / directory to the container:

Docker run-itd-v / opt/webapps (local file or directory): / opt/apache-tomcat-7.0.55/webapps (file or directory in the container)-p 80pur8080-- name tomcat icfw/tomcat:1.0

Note: the default file is readable and writable, and you can refer to the docker manual to specify the mounting permission.

3 DOCKER Quick installation

3.1 Software version

Operating system: Centos 7.0

3.2 start installation

Http://www.daocloud.io/

Because the domestic source is relatively slow, we recommend using daocloud to call remote script and install it:

[root@test ~] # curl-sSL https://get.daocloud.io/docker | sh

# in order to pull the image quickly, you also need daocloud. Because in China, usually pulling the image of Docker hub is covered by the wall.

[root@test ~] # curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://681a96df.m.daocloud.io

Docker version > = 1.12

{"registry-mirrors": ["http://681a96df.m.daocloud.io"],"

"live-restore": true

}

Success.

You need to restart docker to take effect: sudo systemctl restart docker

# # in fact, the relevant configuration is written into / etc/docker/daemon.json: specify to go to this repository, because the image is downloaded from the official Docker hub by default.

[root@test ~] # cat / etc/docker/daemon.json

{"registry-mirrors": ["http://681a96df.m.daocloud.io"],"

"live-restore": true

}

# # Edit the configuration file (/ usr/lib/systemd/system/docker.service) to allow remote connections using docker clients.

ExecStart=/usr/bin/dockerd-H unix:///var/run/docker.sock-H tcp://0.0.0.0:2375

Then restart docker:

Systemctl restart docker

# # check the status of docker and which configuration file is read by docker:

[root@test ~] # systemctl status docker

Docker.service-Docker Application Container Engine

Loaded: loaded (/ usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)

Active: active (running) since Sat 2017-03-11 16:43:51 CST; 1min 11s ago

Docs: https://docs.docker.com

# here we know that centos reads the file / usr/lib/systemd/system/docker.service

3. Test whether the docker starts normally:

[root@master ~] # docker-H 127.0.0.1 images

4 DOCKER image production

4.1 DOCKER FILE instruction

DOCKER advocates the use of Dockfile to build images. Dockerfile is the interpretive language of Docker. You can build images by submitting Dockerfile.

Dockerfile ignores case and comments start with #

FROM directive:

FROM centos:centos7

# # indicates where the basic image comes from. If the local image is not obtained from the repository, the instruction must be placed first.

MAINTAINER (used to specify the information of the image creator)

MAINTAINER admin admin@icfw.com.cn

# # Information about the author of Image Construction

RUN (execute relevant system commands)

Format: RUN or RUN ["executable", "param1", "param2"]

RUN yum install supervisor-y

CMD (instructions are executed when the system starts, but will be overwritten by the first boot)

CMD ["executable", "param1", "param2"] is executed using exec, recommended

CMD command param1 param2 is executed in / bin/sh and provided to applications that need to interact

Default parameters provided to ENTRYPOINT by CMD ["param1", "param2"]

# # CMD specifies that the container starts to execute commands. There can be only one CMD command per Dockerfile. If more than one command is specified, only the last command will be executed. If you also specify the command when you start the container, the CMD command in the image built by Dockerfile will be overwritten.

ENTRYPOINT (also the system startup execution command)

Format:

ENTRYPOINT ["executable", "param1", "param2"]

ENTRYPOINT command param1 param2 (executed in shell).

# # like CMD, the last command is executed, but unlike CMD, the CMD command is overridden by the command executed in docker run. Of course, the two can be combined:

ENTRYPOINT ["python", "/ test.py"]

CMD ["sleep", "10"]

# # it will be executed at startup, python / test.py sleep 10

# # Note

When used alone, if you also use the CMD command and CMD is a complete executable command, then the CMD instruction and ENTRYPOINT will override each other and only the last CMD or ENTRYPOINT is valid.

EXPOSE (specifies the port that the container needs to map to the host machine)

EXPOSE [...]

# # expose the port of the container when writing Docker, but only internally. If you want to map externally, you need-p option

VOLUME (specify mount point)

VOLUME ["]

# # Files can be persisted, or data can be shared between containers.

ENV (used to set environment variables)

ENV

# # you can use both build image and container startup

ADD and COPY

ADD

# # both copy native files to the image. The difference is ADD. If the file is in a recognizable compression format, docker will help decompress it.

WORKDIR

WORKDIR / path/to/workdir

# # switch the current working directory. It is recommended to write the absolute path, and the relative path will be superimposed.

11. ONBUILD (executed in the child image)

ONBUILD

# # the command specified by ONBUILD is not executed when building an image, but is executed in its child image.

USER (the user who set up the container container)

User nginx

# # the user specified during the execution of the container. Default is root:

Arg

Format: ARG [=]

# # explanation: ARG specifies a variable to be used in docker build. You can use-- build-arg = to specify the value of the parameter, but an error will be reported if it is not specified during construction.

4.2 build an example of a tomcat image

First, create a directory, create a new Dockerfile and related packages:

[root@docker-registry images] # tree tomcat/

Tomcat/

├── apache-tomcat-7.0.55.tar.gz

├── Centos-7.repo

├── Dockerfile

├── epel-7.repo

├── jdk1.8.0_181.tar.gz

├── server.xml

└── supervisord.conf

Second, write Dockerfile:

[root@docker-registry tomcat] # cat Dockerfile

# pull down centos image

FROM centos:centos7

MAINTAINER chenjixiong@icfw.com.cn

ADD epel-7.repo / etc/yum.repos.d/

ADD Centos-7.repo / etc/yum.repos.d/

RUN yum install-y net-tools

RUN yum install-y iputils

RUN yum install-y supervisor

RUN mkdir-p / var/log/supervisor

ADD. / apache-tomcat-7.0.55.tar.gz / opt

ADD. / server.xml / opt/apache-tomcat-7.0.55/conf

ADD. / jdk1.8.0_181.tar.gz / opt

# set environment variable

ENV JAVA_HOME / opt/jdk1.8.0_181

ENV PATH $JAVA_HOME/bin:$PATH

ENV CATALINA_HOME / opt/apache-tomcat-7.0.55

ENV PATH $PATH:$CATALINA_HOME/bin

EXPOSE 8080

COPY supervisord.conf / etc/supervisor/supervisord.conf

CMD supervisord-c / etc/supervisor/supervisord.conf

3. Use supervisor to manage the process:

[root@docker-registry tomcat] # cat supervisord.conf

[supervisord]

Nodaemon=true

[program:tomcat]

Command=/opt/apache-tomcat-7.0.55/bin/catalina.sh run

4. Start building:

[root@docker-registry tomcat] # docker build-t icfw/tomcat:1.0.

5. Run:

[root@node3 tomcat] # docker run-dit-p 8080-name tomcat i/tomcat:1.0

C29c5aaf63a73126e6976c02b1c9bd06e0a0af6514d9c697e1128ddb3a27

[root@docker-registry tomcat] # docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

Fdc4e4f09938 icfw/tomcat:1.0 "/ bin/sh-c 'supervi..." 33 seconds ago Up 32 seconds 0.0.0.0 supervi 8080-> 8080/tcp tomcat

6. Make a visit

IP:8080 is fine.

5. Build a private warehouse for DOCKER

5.1 download Image Warehouse

[root@docker-registry test] # docker pull registry

5.2 start and mount the image repository to the local disk

[root@docker-registry test] # docker run-d-p 5000 restart=always-v / registry:/var/lib/registry registry

5.3 upload image

1. Configure the image registration address and restart the docker service:

[root@docker-registry ~] # vi / etc/docker/daemon.json

{"registry-mirrors": ["http://681a96df.m.daocloud.io"],"insecure-registries":["http://192.168.20.20:5000"]}"

2. Tag the local image and upload it:

[root@docker-registry test] # [root@docker-registry test] # docker tag icfw/tomcat:1.0 192.168.20.20:5000/icfw/tomcat:1.0

# 192.168.20.20 5000 indicates the address of the warehouse, icfw/tomcat represents the name of the image, and 1.0 represents the version number.

3. Upload directly:

[root@docker-registry test] # docker push 192.168.20.20:5000/icfw/tomcat:1.0

4. After the upload is completed, we can check whether there is an image in the mount directory:

[root@docker-registry test] # ls / registry/

DockerDocker

5. View the local image:

[root@docker-registry test] # curl http://192.168.20.20:5000/v2/_catalog

{"repositories": ["icfw/tomcat"]}

6. When we see that there are two images, we need to obtain his tag information for download:

[root@docker-registry test] # curl http://192.168.20.20:5000/v2/icfw/tomcat/tags/list

{"name": "icfw/tomcat", "tags": ["1.0"]}

7. Then we download the image directly:

[root@docker-registry test] # docker pull 192.168.20.20:5000/icfw/tomcat:1.0

6 choreographed using Docker compose container

Docker Compose is a Docker tool for defining and running complex applications. With Compose, you can define a multi-container application in a file, and then use a command to launch your application and do all the preparatory work.

It is very easy to build relevant container choreography through compose. You can refer to the official:

Https://docs.docker.com/compose/gettingstarted/#step-4-build-and-run-your-app-with-compose

6.1 compose installation:

[root@dev-app-server] # sudo curl-L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname-s)-$(uname-m)"-o / usr/local/bin/docker-compose

[root@dev-app-server ~] # chmod + x / usr/local/bin/docker-compose

Docker-compose version 1.23.2, build 1110ad01

Docker-py version: 3.6.0

CPython version: 3.6.7

OpenSSL version: OpenSSL 1.1.0f 25 May 2017

Related syntax:

Build builds or rebuilds services

Help Command help

Kill, kill the container.

Logs displays the output of the container

Port print bound open port

Ps display container

Pull pulls the service image

Restart restart service

Rm deletes stopped containers

Run runs an one-time command

Scale sets the number of containers for the service

Start enables the service.

Stop out of service

Up creates and starts the container

6.2Construction syntax of compose

The docker compose construction syntax and related format are very simple, similar to docker-related commands. Let's go directly to the actual combat section and build a test environment for the security code system:

# # one must exist for image and build. In order to save time, we did not build an image with dockerfile. The remaining instructions are basically the same as docker run, so I won't talk about it here.

6.3 start building and launching

1. Configuration file

[root@dev-app-server vcs-project] # cat docker-compose.yml

Version: "2"

Services:

Framework:

Image: 192.168.20.20:5000/icfw/tomcat:1.0ports:-8080:8080environment: ICFW_FRMEWORK_HOME: / opt/envvolumes:-/ opt/vcs-project/framework:/opt/apache-tomcat-7.0.55/webapps-/ opt/vcs-project/env/icfw-framework:/opt/env-/ opt/vcs-project/icfwfiles:/opt/icfwfiles

Vcs:

Image: 192.168.20.20:5000/icfw/tomcat:1.0ports:-8081:8080environment: VCS_HOME: / opt/envvolumes:-/ opt/vcs-project/vcs:/opt/apache-tomcat-7.0.55/webapps-/ opt/vcs-project/env/vcs-home:/opt/env-/ opt/vcs-project/icfwfiles:/opt/icfwfileslinks:-framework

2. Create and launch

[root@dev-app-server vcs-project] # docker-compose-f docker-compose.yml up-d

Creating vcs-project_framework_1... Done

Creating vcs-project_vcs_1... Done

3. Delete the specified container: stop the container first, and then delete:

Docker-compose-f docker-compose.yml stop vcs

Docker-compose-f docker-compose.yml rm vcs # # is fine.

6.4 View logs

1. View the startup log

[root@dev-app-server vcs-project] # docker-compose-f docker-compose.yml logs

2. View the relevant status:

[root@dev-app-server vcs-project] # docker-compose-f docker-compose.yml ps

Name Command State Ports

Vcs-project_framework_1 / bin/sh-c supervisord-c... Up 0.0.0.0 8080-> 8080/tcp

Vcs-project_vcs_1 / bin/sh-c supervisord-c... Up 0.0.0.0 8081-> 8080/tcp

6.5 access testing

1. Framework-web.war,vcs-web.war has been added to the mapping web directory, and the test can be accessed through http://192.168.20.15:8080/frmamework-web.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.