Shulou(Shulou.com)06/02 Report--

This article mainly talks about "what is the fragment knowledge of Docker management". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next, let the editor take you to learn "what is the fragment knowledge of Docker management"?

I. Overview

The purpose of this paper is to summarize and sort out the knowledge fragments of the daily management of Docker.

2. Application example 2.1.Namespace isolated by Docker container

Namespace: the main core technology of Linux that container virtualization relies on for isolation between containers. This is mainly achieved through the following six isolation technologies: there are two pseudo file systems: / proc and / sys/

● UTS: allows each container to have its own hostname (hostname) and domainname (domain name), so that it can be treated on the network as a separate node rather than a process on the Host.

Process interaction in ● IPC:contaner still uses the common inter-process interaction methods of linux, including common semaphores, message queues and shared memory. The inter-process interaction of container is actually the process interaction in the same pid on host.

● PID: processes of different users are isolated by pid namesapce, and different namespace can have the same pid. The parent process of all LXC (linux containers) processes in docker is the docker process, and each LXC process has a different namespace.

● NET:

● MNT: the mount point of the file system.

● USRE: each container can have different user and groupid, which means that programs can be executed within the container with users within the container instead of users on the Host.

2.2.The freedom restriction of Docker cgroup

Eg1:docker run-it-m 200m-- memory-swap 300m centos / /-m or-memory: set memory usage limit,-memory-swap: set swap (swap partition) usage limit

Eg2: docker run-it-- name containerB-c 512 centos / / containerB,cpu weight is limited to 512 centos or-cpu-shares to set the weight of container experiment cpu. If it is not set, the default is 1024.

Eg3: docker run-it-- name testA-- device-write-bps / dev/sda:30MB centos / / Container testA limits the number of writes to this disk per second to 30MB

Other parameters:

-bps: the amount of data read and written per second. Byte per second

-iops: the number of io per second. Io per second

-- device-read-bps: sets the bps of the reading device

-- device-write-bps: sets the bps of the writing device

-- device-read-iops: sets the iops of the reading device

-- device-write-iops: sets the iops of the writing device

2.3. Set port mapping for running containers

Sometimes we want to adjust the container mapping port without stopping the container, so how to map the service port applied in the container to the local host machine?

When some network applications are running in the container, the port mapping can be specified by-P or-p parameters to allow external access to these applications. When using the-P (large) parameter, Docker randomly maps a host local port to a network port open by the internal container; when using the-p (small) parameter, you can specify the port to be mapped, and only one container can be bound on a specified port. Supported formats are:

IP:HostPort:ContainerPort

IP:ContainerPort

HostPort:ContainerPort

Let's give some examples:

If you look at eg1:docker run-d-P nginx / / docker ps, you will find that the local port of the host is randomly assigned a port of 3 hosts, which is mapped to port 80 of the container. When the local browser accesses http://localhost:3****, the nginx welcome page will appear.

Eg2:docker run-d-p 8080 nginx / / using docker ps, you can see that port 8080 of the local host is mapped to port 80 of the container

Validation: command format: docker port CONTAINER [PRIVATE_ Port [/ PROTO]]

Use docker inspect + Container ID to get the specific information of the container:

Eg3: add a mapped port to a running container

Docker inspect\ `container_ name` | grep IPAddress / / change container_name to the container name in the actual environment Obtain the IP address of the container iptables-t nat-A DOCKER-p tcp-- dport 8001-j DNAT-- to-destination 172.17.0.19 tcp 8000 / / Map port 8000 of the container to port 8001 of the docker host or: docker commit container_id foo/live / / submit a running container as a mirror docker run-d-p 8000 foo/live / bin/bash / / run a mirror and add a port mapping Host 8000 to container 800.2.4, modify the contents of the running docker container

Host and container (container) copy and transfer files to each other in docker

Docker cp mycontainer:/opt/testnew/file.txt / opt/test/ copy the file from the container to the host docker cp / opt/test/file.txt mycontainer:/opt/testnew/ copy the file from the host to the container sudo docker commit-m "description content"-a "author name" 32555789dd00 aipaper/devinz83:v2 / /-m to specify the submitted description information, just like the version control tool we use;-a can specify updated user information This is followed by the ID; used to create the image container and finally specifies the repository name and tag information of the target image. After the image is successfully created, the ID information of this image will be returned docker images / / verify that REPOSITORY TAGaipaper/devinz83 vault modifies the container configuration file yamlvi / opt/docker/yml/docker-compose-resty-redis.ymldocker stack deploy-- compose -file=/opt/docker/yml/docker-compose-resty-redis.yml resty_redis / / deploy the docker application using the newly modified image

Note: docker cp takes effect regardless of whether the container is started or not; when finished, use the docker commit command to submit the updated copy.

Then update the container's yml file and update image to the new object:

2.5.Migration of Docker containers to other servers

Sometimes we need to migrate the current docker container to another resource pool or host due to various reasons, such as hardware upgrades, data center changes, resource constraints, and so on.

1) Export and import containers:

Export container: that is, to create a compressed file from the container's file system, save the exported file as a "gzip" file, and then copy the compressed file to the new server through a file transfer tool such as scp or rsync. Then in the new server, import the gzip file into a new container.

Docker export container-name | gzip > container-name.gzzcat container-name.gz | docker import-container-namedocker run-d container-name / bin/bash / / use the "docker run" command to access the new container created in the new server

Note: one disadvantage of the Export Container tool is that it does not export the port and variables of the container, nor does it export the underlying data that contains the container. This may cause an error when you try to load a container on another server. In this regard, we can also consider using Docker image migration to migrate containers from one server to another.

2) Container image migration:

That is, we migrate the image to which the container is associated to a new resource pool, which is the most common way to migrate the Docker container to another server. For the container to be migrated, first use the "Docker commit" command to save its Docker image to a compressed file.

The image generated by docker commit container-id image-name / / will be compressed

The above image is then uploaded to a new server, where a new container is created using "docker run".

Using this method, the data volume is not migrated, but it retains the data of the application created in the container.

3) Save the image before loading it

Docker images are packages of application code, libraries, configuration files, and so on. The Docker container is created from these images.

You can use docker save to compress the image and migrate it to a new server. Then in the new server, use "docker load" to use the compressed image file to create a new image.

Docker save image-name > image-name.tarcat image-name.tar | docker load

4) migrate the data volume:

The data volumes in the Docker container are shared directories that contain container-specific data. The data in the volume is persistent and will not be lost during container recreation.

When you use the export or commit tool to migrate a Docker container or image from one server to another, the underlying data volumes are not migrated. In this case, the directory that contains the data is manually migrated to the new server. Then create a container on the new server and reference the directory as its data volume.

Another simple way is to back up and restore data volumes by passing the "- volumes from" parameter in the "docker run" command.

Docker run-rm-- volumes-from datavolume-name-v $(pwd): / backup image-name tar cvf backup.tar / path-to-datavolumedocker run-- rm-- volumes-from datavolume-name-v $(pwd): / backup image-name bash-c "cd / path-to-datavolume & & tar xvf / backup/backup.tar-- strip 1"

Of the above command: datavolume-name is / path/to/volume, which provides a backup of the data volume. To specify working directories, you can also specify-w/backup. Backups made in the / backup folder can be copied to the new server through the scp or ftp tool. Then extract the replicated backup and restore it to the data volume in the new container.

5) migrate the entire Docker container:

The above methods apply only to a single container. But in the case of migrating all containers from one server to another, we take a different approach. This method includes copying the entire docker directory ("/ var/lib/docker") to the new server. For this approach to succeed, several key points need to be identified.

1. Retain the permissions and ownership of the folder.

2. Stop the Docker service before migration.

3. Verify whether the Docker versions in the two servers are compatible.

4. Verify the container list and functions before and after migration.

5. Paths to environment variables and other configuration files.

6. If this method does not work due to any failure, we will configure a custom script to migrate containers and images from one server to another.

2.6. to view the file docker attach ContainerID / / in the docker image, the corresponding container is running, not in the stop state # # for those that are not running, you can copy the files in the Docker image to the host. Examples are as follows: sudo docker cp nginx-ubuntu-container:/etc/apt/sources.list ~ / Documents/2.7, running container: common options for docker run

Syntax: docker run [option] Image name [commands passed into the startup container]

Commonly used optional parameters description:

-I means to run the container in "interactive mode"

-t indicates that the container will enter its command line when it starts. After adding these two parameters, the container creation can be logged in. That is, assign a pseudo terminal.

-- name names the created container

-v represents the directory mapping relationship (the former is the host directory, and the latter is the directory mapped to the host, that is, the host directory: the directory in the container). You can use multiple-v to map multiple directories or files. Note: it is best to do directory mapping, make changes on the host, and then share them on the container.

-d add the-d parameter after run, and a guardian container will be created to run in the background (in this way, the container will not be automatically logged in after it is created. If only-I-t is added, the container will be automatically entered after creation).

-p indicates the port mapping. The former is the host port, and the latter is the mapped port in the container. You can use multiple-p for multiple port mapping

-e set the environment variable for the container

-- network=host means to map the network environment of the host to the container, which has the same network as the host.

At this point, I believe you have a deeper understanding of "what is the fragment knowledge of Docker management?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.