A deep understanding of the link mechanism of Docker

What is the link mechanism of Docker

If you want to communicate between multiple Docker containers on the same host, you can communicate by using the IP address of the container, or you can communicate through the host IP plus the port number exposed by the container, which will cause the IP address to be hard coded, inconvenient to migrate, and the IP address will change after the container restarts, Unless a fixed IP is used, the latter communicates in a single way, relying only on the process of monitoring the exposed ports for limited communication. The link mechanism through Docker can communicate with another container through a name, which facilitates the container to discover other containers and can safely pass some connection information to other containers. It is used in the following ways:

1. Run a container, specifying a memory-friendly name by –name, which is called the source container, which is the container to be connected

Docker run--name db-e mysql_root_password=server-d MYSQL

The above pass environment variable mysql_root_password=server to set the MySQL service password to server

2. Run another container and link to the container that was started above, this container is called received container

sudo docker run-d--name web--link db:aliasdb nginx

The above container, named DB, is connected by--link, and an alias is set for it Aliasdb
After completing the two steps above, you can use DB or ALIASDB as the connection address in the Nginx container to connect to the MySQL service, even if the container reboots, the address changes without affecting the connection between the two containers. connection information Transmission of link mechanism

Although it is possible to communicate with MySQL by using the link mechanism nginx, how to know what the MySQL port is, though it is fixed
3306, however, it does not rule out the problem of changing the port number, and for some applications that are not fixed ports, as long as the port information of the container to be connected is particularly important, the link mechanism provides this information through the way of the environment variables, and in addition to the DB password, the information is provided through the Docker imports the environment variables defined in source container into the received container, where the connection information can be obtained through the environment variable in received container the environment variables provided in DB are below:

path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/mysql/bin:/usr/local/mysql/ Scripts
hostname=c1a7c7f091eb
mysql_root_password=server
mysql_major=5.5
mysql_version=5.5.48
Home=/root

Note: Use the Docker EXEC db env command to get the results above
Let's take a look at how these variables are imported in the Web container.

Path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hostname=6337c0044215
ALIASDB_PORT= tcp://172.17.0.8:3306
aliasdb_port_3306_tcp=tcp://172.17.0.8:3306
aliasdb_port_3306_tcp_addr= 172.17.0.8
aliasdb_port_3306_tcp_port=3306
aliasdb_port_3306_tcp_proto=tcp
aliasdb_name=/web/ Aliasdb
aliasdb_env_mysql_root_password=server
aliasdb_env_mysql_major=5.5
aliasdb_env_mysql_ version=5.5.48
Nginx_version=1.9.10-1~jessie
home=/root

The above variables are divided into five parts: the first part is the environment variables provided by the Web container itself, such as Nginx_version,hostname,home,path. The second part is the variable that begins with the aliasdb_env, which is imported from the source container, from variables that are defined in Dockerfile using the ENV command, or environment variables added by-e when Docker run. The third part is aliasdb_name this variable, which records the combination of the two containers of link, where the fourth part of the/WEB/DB is a series of variables that begin with the Aliasdb_port, which have a very group, and each group of variables is named in the following format

<alias>_PORT_<port>_<protocol>
<alias>_port_<port>_<protocol>_port
<alias>_port_<port>_<protocol>_proto
<alias>_port_<port>_<protocol >_addr

Where <port> is using expose exported ports in Dockerfile, and ports that are exported using-p when Docker run. <protocol> is the corresponding protocol for these ports. The fifth part is the Aliasdb_port variable, which is the corresponding connection URL for the first port in the expose exported port.
If there is a expose exported port, and Docker run-p specifies the exported port, then the port specified through-p is the first exported port link mechanism and/etc/hosts

After using the link mechanism, you can communicate with the target container by the name you specify, which is actually done by adding a resolution relationship to the name and IP in the/etc/hosts, which is the/etc/hosts information in the container named Web.

172.17.0.10 6337c0044215
127.0.0.1   localhost
:: 1 localhost
ip6-localhost ip6-loopback fe00::0 Ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.8  ALIASDB C1A7C7F091EB DB

As you can see from the above information, the link mechanism adds a name resolution on the DB container to received container (here is a container called the web). With this name resolution can not use IP to communicate with the target container, in addition when the target container restart, Docker will be responsible for updating the/etc/hosts file, so you can not worry about the container restart after the IP address has changed, resolve the problem can not be effective. Unfortunately, however, environment variables cannot be updated, and the link mechanism, mentioned above, imports information from some DB containers into the Web container through environment variables, which is one-time, and the container updates information about environment variables that cannot be updated in the Web container. link mechanism and new network features

Through the introduction of link mechanism above, we can find that the link mechanism provides the following function name resolution to link the container can use the alias security to connect the communication environment variables between containers

Secure communication between containers, this need to combine the Docker daemon-icc=false this option, the default of all containers on the same host can communicate with each other, when the use of-icc=false when all containers are unable to communicate with each other ( The reason for this is a separate article analysis, but with the link mechanism, port based communication can take place even with the-icc=false two containers. Unfortunately, when Docker introduced new features of the network, the link mechanism became redundant, but in order to be compatible with earlier versions, the –link mechanism remained unchanged on the default network, Docker introduced a new feature of the network and built a DNS Server, However, this DNS server does not work until the user creates a custom network. Before the new features of the network are introduced, there are three kinds of networks, the first is DOCKER0 this bridge network, with the most, the second is a multiplex host network, called Host Network, the third is the None network, only created an empty network namespace, no network interface, can not communicate with the outside, Allows users to build their own networks. When the new features of the network are introduced, there is a overlay network and a user-defined network. User-defined network, the user can create a custom bridging network through the Docker Network command, which is consistent with the basic functionality of the default DOCKER0 bridging network, but has some features in the custom bridging network that can replace the link mechanism. These features include the following: DNS-based name auto-resolution security isolation environment dynamically append or detach from a network support use –link to set aliases

In the user-defined network, do not use the link mechanism can implement the name resolution function, no longer through the link mechanism appended name resolution related to/etc/hosts file. And the effect of using the link mechanism under the default DOCKER0 bridging network and the custom network is different, and in the custom network the link mechanism is only responsible for setting the alias and no longer provides the function of environment variable injection. The custom network also provides the same--net-alias functionality as the link mechanism provides alias functionality. The link mechanism is reserved for compatibility purposes. Reference Documents

Legacy Container Links
Linking containers in user-defined networks