Quick understanding of Docker

Author: Liu Xuhui Raymond reprinted. Please indicate the source

Email: colorant at 163.com

BLOG: http://blog.csdn.net/colorant/

What is

 

Simply put, Docker is a lightweight VM solution built on LXC Based on Processcontainer.

 

Taking the transportation of goods in the real world as an analogy, in order to solve the problem of transportation of goods of various types and sizes on a variety of transport tools, we invented the container

 

 

 

The original intention of Docker is to package various applications and their dependent runtime environments into standard iner/image, and then release them to different platforms for running.

 

 

 

Theoretically, this concept is not new, and various Virtual Machine images play a similar role.

 

The biggest difference between Docker container and a common virtual machine Image is that it does not contain the operating system kernel.

 

 

 

The general virtual machine runs the entire operating system on the virtual hardware platform to provide a complete running environment for running the program, while Docker directly loads and runs the application on the host platform. in essence, he uses LXC at the underlying layer to start a Linux Container, and uses cgroup and other mechanisms to isolate applications running in different container, including permission management and quota allocation.

 

Each container has its own namespace (I .e. resource), including:

PID process, MNT file system, NET network, IPC, UTS host name, etc.

 

 AndLXCWhat is the difference?

 

Basically, you can think that the current Docker is an advanced encapsulation of LXC, providing a variety of auxiliary tools and standard interfaces for you to use LXC, you can rely on LXC and various scripts to implement functions similar to docker, just as you can install software packages by yourself without using APT/yum or other tools, the key reason for using them is ease of use!

 

In actual use, you generally do not need to care about the details of the underlying LXC, and it is not possible to implement the non-LXC solution based on docker in the future.

 

Based on LXC, Docker provides additional Feature, including standard and unified packaging deployment and Running Solutions, historical version control, Image reuse, and Image sharing and publishing.

 

 

ContainerBuild Solution

 

In addition to LXC, the core idea of Docker is embodied in its running container build solution.

 

 

To maximize Image reuse, speed up operation, and reduce memory and disk footprint, the runtime environment constructed during Docker container Runtime is actually composed of multiple layers with dependency. For example, an apache runtime environment may be based on the Basic rootfs image, which overwrites the image containing tools such as Emacs, and then overwrites the image containing apache and its dependent libraries, these images are loaded by the AUFS file system and merged into the uniform path. They exist in read-only mode, and a Layer of writable white space is added to record the changes made to the current running environment.

 

With hierarchical images, different apps can share underlying file systems and related dependent tools, different instances of the same APP can also share the vast majority of data, and maintain the modified data in the form of copy on write.

 

History and Ecological Environment

 

The Docker project has been developing rapidly for more than a year since it was started.

 

2013.01 started as an internal dotcloud Project

Officially released as a public project

2014.1 selected by black duck as the top 10 open source projects of the year in 2013"

 

Current Status (2014.3)

 

Docker 0.8.1

10000 + github stars (top 50)

350 + contributors

1500 + fork

 

 

For specific applications, we can see that Baidu has successfully used Docker to support its Paas service on the BAE platform in at least October 2013.

 

Install, run, and use

 

Although Docker is called build once and runeverywhere. However, the engine dependency is actually restricted. The current version has specific requirements on the system:

 

• Linux Kernel 3.8 +
• LXCsupport
• 64 bitOS
• AUFS

 

The preceding requirements take ubuntu as an example. We need to upgrade 12.04 with 3.8kernel or ubuntu 13.04 +.

 

On ubuntu12.04, the basic installation steps are as follows:

 

Sudoapt-get update sudo apt-get install linux-image-generic-lts-raringlinux-headers-generic-lts-raring

Sudoapt-key adv -- keyserver keyserver.ubuntu.com -- recv-keys36A1D7869245C8950F966E92D8576A8BA88D21E9

Sudosh-c "echo deb http://get.docker.io/ubuntudocker main \>/etc/apt/sources. list. d/docker. list"

Sudoapt-get update

Sudoapt-get install lxc-docker

 

If you want to experience the basic docker operation commands before installing docker, try this online live tutorial https://www.docker.io/gettingstarted/#h_tutorial.

 

Common commands

 

List common CLI commands by category

 

• Warehouse Problems

 

Search/pull/push/login etc.

For example, docker pull ubuntu downloads ubuntuimage from the repository.

 

• Images operations

 

Images/rmi/build/export/import/save/load etc.

For example, docker images-t lists the current local Image in a tree structure.

 

• Running Problems

 

Run/start/stop/restart/attach/kill etc.

Run docker-I-t ubuntu/bin/bash to start ubuntu image and run the shell interactively.

 

• Miscellaneous

 

Docker diff/commit

Dockerinfo/ps/inspect/port/logs/top/history etc.

 

 

For more information about how to use docker commands, see http://docs.docker.io/en/latest/reference/commandline/.

 

FAQs

 

• Non root User

 

The current version of docker uses Socket for communication, so the root user permission sudo xxx is required, or the user who needs to use Dockerclient must be added to the docker user group.

Sudogpasswd-a $ {USER} docker

 

• Network Problems

 

When you need to connect to the docker index database through a proxy behind the gateway, You can manually add the http_proxy environment variable to start dockerdaemon

 

HTTP_PROXY = http: // proxy_server: port docker-d &

 

A better way is to modify/etc/default/docker (on ubuntu) and add exporthttp_proxy = proxy_server: port

 

Similarly, if docker container cannot automatically and correctly obtain DNS configurations from the host environment, you need to manually specify the DNS server address, which can be achieved through docker-run -- dns = xxx, you can also modify/etc/default/docker to add such as DOCKER_OPTS = "-dns 8.8.8.8"

 

• Privileged Mode

 

Under normal circumstances, you do not have the permission to operate the device within the container. In the current version, some files inside the container, such as/etc/hosts;/etc/hostname;/etc/resolve. files such as conf are dynamically loaded in read-only mode through mount, theoretically, you should find a proper method to ensure the correctness of these automatically generated and loaded files (for example, setting resolve through -- dns. conf), but if you need to manually modify it for special reasons, you can start docker client: docker run -- privileged in privileged mode, and then you can uninstall these files and create new versions by yourself.

 

• Excessive hierarchical dependency

 

Implementing cheap reuse and fast update for apps and related libraries in Layer mode is the key to Docker, but it is restricted by the current AUFS file system, the default Layer level can only reach up to 127 (once only 42). In actual use, there are many situations that may cause the level relationship of your container to rapidly increase to this limit value, the efficiency of AUFS after so many layers are put aside. In more cases, you cannot update and build your image.

 

1. When using Dockerfile to build an Image, each command adds a layer dependency to the final Image.
2. Update your Image by changing, submitting, modifying, and submitting
3. Others' images downloaded from the repository already contain many hierarchical dependencies, and you need to update them to create your own version.

 

The first two may be controlled by yourself to a certain extent, and the last case won't work. This problem will eventually affect the actual availability of Docker. The current solutions include:

 

• Use Dockerfile to merge as many operations as possible: for example, use "&" or ";" to merge and run multiple shell commands, and write multiple shell commands as scripts, add and run this script in dockerfile
• Import Image again through Export, discard all historical information and dependencies, and create a brand new image

 

Possible solutions in the future include:

 

• Add support for merging and submitting multi-step operations in Dockerfile
• The external image Flat tool supports retaining historical information.
• Other Storage solutions for non-AUFS

 

 

 

Future development

 

Although Docker currently uses LXC and AUFS by default, the core idea of Docker itself is not forced to bind the two. BTRFS can be used in version 0.8, the entire Docker framework has also been changed to a plug-in architecture to facilitate addition and replacement of various functional modules

 

 

 

For example, more Storage solutions are supported to avoid the current problems of AUFS and more virtualization solutions besides LXC.