Shulou(Shulou.com)06/02 Report--

Docker is an open platform for developing, delivering and running applications. Docker enables you to separate applications from infrastructure so that software can be delivered quickly; with Docker, you can manage infrastructure in the same way as managing applications; and by leveraging Docker's approach to quickly deliver, test, and deploy code, you can greatly reduce the latency between writing code and running it in a production environment.

Container Management run Container

1. Run a container example:

# start a httpd container to run in the background and map its port 80 to host port 80

Docker run-d-p 80:80 httpd

2. Run the container in the foreground:

# start a container of ubuntu 16.04and exit after printing "hello world"

Docker run ubuntu:16.04 / bin/echo "hello world"

# run the container in the foreground and enter the container to interact with the container

Docker run ubuntu:16.04 / bin/bash

It is important to note that containers are made for tasks. A container is recommended to run only one process, and the process needs to be run in the foreground of the container and cannot be run through daemon. If the process exits, the container will stop with it

3. Description of the startup process of the container:

Check whether the specified image exists locally, and if not, download it from the specified repository

Use the image to start a container

Assign a file system and mount a read-write layer outside the read-only mirror layer

Bridge a virtual interface to the container from the host configured bridge interface

Configure an IP from the address pool to the container

Execute the program specified by the user

Stop the container after execution

4. Put the container into the background to run:

Docker run-d ubuntu:16.04 / bin/bash-c "while true; do echo hello world; sleep 1 done"

5. Description of common options for docker run

-t: configure a pseudo terminal and bind it to the standard input of the container

-I: keep the standard input of the container open

-d: put the container into the background to run

-c: specifies the cpu shard to which the container is assigned

-m: specifies the amount of memory allocated to the container, in BMagens, Kpas, M, G

6. View the container status on the current node

Docker ps # View currently running containers

Options:

-a: view all containers, including stopped

-Q: show only container ID

-l: displays the last created container

7. Enter the container

Docker attach # when multiple windows attach to one window at the same time, it will be displayed synchronously, and the instruction has been discarded docker exec-it / bin/bash

8. Best practices for running containers

Containers can be roughly divided into two categories according to their purpose:

Service containers, such as webserver, database, etc.

Utility containers, such as curl containers, redis-cli containers, etc.

Generally speaking, the service container needs to run for a long time, so it runs in the way of daemon, while the work environment usually provides us with a temporary working environment, so it usually runs in the foreground in the way of run-ti.

Container start and stop operation # container creation: docker create # container startup: docker start # container stop: docker stop docker kill # container restart: docker restart # container deletion: docker rm option:-f: forcibly terminate and delete a running container-v : delete the volume mounted by the container # pause the container: docker pause # resume from the pause: docker unpause container import and export # regardless of whether the container is running or not Both can be directly exported to docker export > test_for_run.tar # to load to achieve container migration cat test_for_run.tar | docker import-test/ubuntu:v1.0 container life cycle management

Container resource limit

Several containers run on a docker host, each of which requires CPU, memory, and IO resources. For virtualization technologies such as KVM,VMware, users can control how much CPU and memory resources are allocated to each virtual machine. For containers, Docker provides a similar mechanism to prevent one container from consuming too much resources to affect the performance of other containers and even the entire host.

Memory limit

Start a ubuntu container, limit memory to 200m, and the sum of memory and swap is 300m:

Docker run-it-m 200m-- memory-swap 300m ubuntu:16.04

Option description:

-m: the amount of memory allowed to be allocated

-- memory-swap: the total amount of memory and swap allowed to be allocated

-- memory-swapiness: controls the ratio of memory to swap replacement

It should be noted that if the-- memory-swap parameter is enabled, which is equivalent to using swap, the actual memory limit does not take effect. For the limit to take effect, you can not start this parameter and set-- memory-swappiness to 0.

The following is an example of a stress test:

Docker run-it-m 200m-memory-swapiness 0 progrium/stress-- vm 1-- vm-bytes 180m

Options:

-- vm: sets the number of memory worker threads

-- vm-byptes: sets the amount of memory used by a single memory worker thread

In the above example, the-vm-bytes is 180m and the container is working properly; if you change it to 230m, the container OOM exits

More restrictions on memory resources can be found here: https://blog.opskumu.com/docker-memory-limit.html

CPU restriction

By default, all containers can use host cpu resources equally and without restrictions. Docker can set the permissions of the cpu used by the container through-c or-- cpu-shares. If not specified, the default is 1024.

Unlike the memory limit, the cpu share set with-c is not the absolute number of CPU resources, but a relative weight value. The CPU resources that a container can eventually be allocated depend on its cpu share as a percentage of the total cpu share of all containers.

In other words: through cpu share, you can set the priority for the container to use CPU.

For example, two containers are started in host:

Docker run-name container_A-c 1024 ubuntudocker run-- name container_B-c 512 ubuntu

Container_A 's cpu share 1024 is twice that of container_B. When both containers require CPU resources, container_A can get twice as much CPU as container_B.

It is important to note that this weighted CPU only occurs when CPU resources are tight. If container_A is idle, container_B can also be allocated to all available CPU in order to make full use of CPU resources.

The following is an example of a stress test:

#-cpu is used to set the number of cpu worker threads, which can be set to several cores

Docker run-name "container_A"-c 1024 progrium/stress-cpu 1docker run-name "container_B"-c 512 progrium/stress-cpu 1

After the two containers are running, you can see the cpu consumption of both containers by using top on the host to view the resource consumption of cpu.

More restrictions on cpu resources can be found here: https://blog.opskumu.com/docker-cpu-limit.html

Io restriction

Block IO is another resource that can limit the use of containers. Block IO refers to the read and write of the disk. Docker can control the bandwidth of the read and write disk of the container by setting weights and limiting bps and iops, as discussed below.

It should be noted that the Block IO quota is currently only valid for direct IO (no file caching)

Here are the parameters that limit bps and iops:

-- device-read-bps, which restricts reading the bps of a device.

-- device-write-bps, which restricts writing to the bps of a device.

-- device-read-iops, which restricts reading the iops of a device.

-- device-write-iops, which restricts writing to the iops of a device.

Bps is byte per second, the amount of data read and written per second.

Iops is io per second, the number of io per second

Simple exampl

# create a container with a limit of 30m bps

Docker run-it-- device-write-bps / dev/sda:30MB ubuntu

# in the container, perform the following actions to view the effect, and then you can view the comparison effect by removing the restriction:

Time dd if=/dev/zero of=test.out bs=1M count=800 oflag=direct

More restrictions on io resources can be found here: https://blog.opskumu.com/docker-io-limit.html

Mirror management

Image naming convention

No matter what we do with the mirror, it has to have a name first. When we used docker run to run the container earlier, we needed to pass a name of the image on which the container would run.

Repository contains the following contents:

[Docker Registry address /] [project directory /] so a complete image is named as follows: [Docker Registry address /] [project directory /]: [label] example: hub.breezey.top/op-base/openresty:1.11.2.4hub.breezey.top/op-base/openresty-php:1.11.2.4-7.0.27mysql:5.6ubuntu

When the mirror tag is not specified, the default is latest, but latest does not have any special meaning. On docker hub, many repository use latest as the alias of the latest stable version, but this is only a convention, not a mandatory stipulation. A repository can have multiple tag, and multiple tag may also correspond to the same image.

Basic Operation of Mirror

1. Obtain the image

Docker pull centos:6.6 # get the image directly from docker hub docker pull dl.dockerpool.com:5000/centos:6.6 # get the image from dockerpool

2. View image information

Docker imagesdocker inspect centos:latest # get the details of the image

3. Create a tag for the image

Docker tag centos:latest dl.dockerpool.com:5000/centos:6.6

4. Search for images

Docker search mysql # search for mysql images

5. Delete the image (Note: if the image is generated by a container, you need to delete the container first)

# if a mirror has multiple tag, only the specified tag will be deleted, but the image itself will not be deleted. If the image ID is specified after the docker rmi, all tag will be deleted

Docker rmi centos:6.6

# Delete untagged image (i.e. none)

Docker rmi $(docker images-Q-- filter "dangling=true")

6. Export and load images

# Export a local image

Docker save-o centos_6.6.tar centos:6.6

# Import the local file into the image

Docker load-input centos_6.6.tar

7. Submit a new image via docker commit

Docker commit-m "Add a new file"-a "Breeze" a925cb40b3f0 test # uses the a925cb40b3f0 container to generate an image called test

-a: specify the author

-m: related description information

-p: pauses the container on submission

Original address: https://www.linuxprobe.com/container-image-management.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.