This series of articles will introduce Docker knowledge:
Docker cpu usage
(1) Docker installation and basic usage
Docker container cpu
(2) Docker mirror
Docker container cpu usage
(3) Isolation of Docker containers-use Linux namespace isolate container's operating environment
Docker cpu
(4) Isolation of Docker containers-use cgroups to limit the resources used by the container
Docker check cpu usage
(5) Docker Network
1. Installation
1.1 Installing Docker on Ubuntu 14.04
Prerequisite Requirements: docker stats cpu usage
Kernel version must be 3.10 or above
Follow these steps in sequence: docker run cpu
sudo apt-get update
sudo apt-get install Apt-transport-https ca-certificates
sudo apt-key adv--keyserver hkp://p80.pool.sks-keyservers.net:80--recv-keys 58118e89f3a912897c070adbf76221572c52609d
Edit/etc/apt/sources.list.d/docker.list file, add Deb Https://apt.dockerproject.org/repo ubuntu-trusty main
sudo apt-get update
sudo apt-get purge Lxc-docker
Apt-cache Policy Docker-engine
Apt-get Upgrade
sudo apt-get install linux-image-extra-$ (uname-r) linux-image-extra-virtual
sudo apt-get install Docker-engine
The installation process is complete.
Run sudo service Docker start to start the Docker daemon.
Run Docker version to view Docker versions
root@devstack:/home/sammy# Docker--version
Docker version 1.12.1, build 23cf638
Start the first container:
1. Start the first Docker container Docker run Hello-world
root@devstack:/home/sammy# Docker Run Hello-world
Hello from docker!
This message shows the your installation appears to be working correctly.
The success of its operation also indicates that the previous installation steps are running correctly.
Refer to the above content from Docker official website:https://docs.docker.com/engine/installation/linux/ubuntulinux/
1.2 Docker to the current (2016/09/16) version history
Release date of version number release manager
Docker 1.12.1 08/18/2016
Docker 1.12.0 07/28/2016
Docker 1.11.0 04/12/2016 @mlaventure
Docker 1.10.0 02/04/2016 @thaJeztah
Docker 1.9.0 10/29/2015 @tiborvass
Docker 1.8.0 08/11/2015 @calavera
2. Basic operation of Docker
2.1 Docker Container State machine
A container may be in one of several states at some point:
Created: has been created (can be listed using the Docker ps-a command) but has not been started (using the Docker PS command is not yet listed)
Running: in operation
Paused: The process of the container has been paused
Restarting: The process of the container is being restarted
Exited: The stopped state in the figure above indicates that the container has run before but is now stopped (to distinguish it from the created state, which is a newly created container that has not been run). You can get it back into the running state with the start command
Destroyed: The container is removed and no longer exists.
You can view its detailed status in the output of the Docker inspect command:
' state ': {
' Status ': ' Running ',
' running ': true,
' paused ': false,
' restarting ': false,
' Oomkilled ": false,
" Dead ": false,
" Pid ": 4597,
" ExitCode ": 0,
" Error ":" ",
" Startedat ":" 2016-09-16t08:09:34.53403504z ",
" Finishedat ":" 2016-09-16t08:06:44.365106765z "
}
2.2 Docker Command Overview
We can classify the Docker order roughly as follows:
Mirroring operation:
Build builds an image from a dockerfile
Commit Create a new image from a container ' s changes
Images List Images
Load load an image from a tar archive or STDIN
Pull pull an image or a repository from a registry
Push push an image or a repository to a registry
RMI Remove one or more images
Search Search the Docker Hub for images
Tag tag an image into a repository
Save save one or more images to a tar archive (streamed to STDOUT by default)
History shows the history of a mirror
Inspect get the details of the mirror
Container and the life cycle operations applied in it:
Create Create a new container (creating a container)
Kill kill one or more running containers
Inspect return low-level information on a container, image or task
Pause pause all processes within one or more containers
PS List Containers
RM remove one or more containers (delete a container or multiple containers)
Rename Rename a container
Restart Restart a container
Run Run a command in a new container (create and start a container)
Start start one or more stopped containers (start a container in a stopped state)
Stats display a live stream of container (s) Resource usage statistics (display container real time resource consumption information)
Stop stop one or more running containers (stop a container in the running state)
Top Display The running processes of a container
Unpause unpause all processes within one or more containers
Update update configuration of one or more containers
Wait blocks until a container stops, then print its exit code
Attach attach to a running container
EXEC Run a command in a running container
Port List port mappings or a specific mapping for the container
Logs get the container's log
Container File system operations:
CP Copy files/folders between a container and the local filesystem
Diff Inspect Changes on a container ' s filesystem
Export export a container ' s filesystem as a tar archive
Import Import the contents from a tarball to create a filesystem image
Docker registry operation:
Login Log in to a Docker registry.
Logout Log out from a docker registry.
Volume Operation
Volume Manage Docker volumes
Network operations
Network Manage Docker Networks
Swarm related Operations
Swarm Manage Docker Swarm
Service Manage Docker Services
Node Manage Docker Swarm nodes
System Operation:
Version show the Docker version information
Events get real time events from the server (continuous return Docker event)
Info Display system-wide information (displays Docker host system-wide information)
Some of the more interesting commands:
(1) The life cycle of the container from birth to death
root@devstack:/home/sammy# Docker Create--name web31 training/webapp python app.py #创建名字为 web31 container 7465f4cb7c49555af329 29bd1bc4213f5e72643c0116450e495b71c7ec128502 root@devstack:/home/sammy# Docker Inspect--format= ' {{. State.status}} ' Web31 #其状态为 created created root@devstack:/home/sammy# Docker start web31 #启动容器 web31 root@devstack:/home /sammy# Docker Inspect--format= ' {{. State.status}} ' web31 #其状态为 running running root@devstack:/home/sammy# Docker pause web31 #暂停容器 web31 root@devstack:/home /sammy# Docker Inspect--format= ' {{. State.status}} ' Web31 paused root@devstack:/home/sammy# docker unpause web31 #继续容器 web31 root@devstack:/home/sammy# Docker Inspect--format= ' {{. State.status}} ' web31 running root@devstack:/home/sammy# docker rename Web31 newweb31 #重命名 root@devstack:/home/sammy# Docker Inspect--format= ' {{. State.status}} ' newweb31 running root@devstack:/home/sammy# Docker top newweb31 #在容器中运行 the top command UID PID PPI D C stime TTY time CMD root 5009 4979 0 16:28? 00:00:00 python app.py root@devstack:/home/sammy# docker logs newweb31 #获取容器的日志 * Running on Http://0.0.0.0:5000/(P Ress CTRL + to quit) root@devstack:/home/sammy# Docker stop Newweb31 #停止容器 Newweb31 root@devstack:/home/sammy# Docker Insp ECT--format= ' {{. State.status}} ' Newweb31 exited root@devstack:/home/sammy# Docker rm newweb31 #删除容器 newweb31 root@devstack:/home/sammy# Docker Inspect--format= ' {{.
State.status}} ' newweb31 error:no such image, container or task:newweb31
(2) Docker stop and Docker kill
When the Docker Stop command executes, it sends the system signal sigterm to the process of PID 1 in the container, and then waits for the application in the container to terminate execution if the wait time reaches the set timeout (the default is 10 seconds, the user can specify a specific timeout length). will continue to send sigkill system signals to forcibly kill the process. The application in the container can choose to ignore and not process the sigterm signal, but once the timeout is reached, the program is forcibly killed by the system because the Sigkill signal is sent directly to the system kernel and the application has no chance to handle it.
For example, after running the Docker stop web5-t 20 command:
2016-09-16t16:01:18.206540853+08:00 container Kill b3256ef1400a7f6a6f242e377a77af5e25d3b12237c4ee7c2e9b31a5f6437868 (Image=training/webapp, NAME=WEB5, signal=15)
2016-09-16t16:01:38.212352224+08:00 container Kill b3256ef1400a7f6a6f242e377a77af5e25d3b12237c4ee7c2e9b31a5f6437868 (Image=training/webapp, NAME=WEB5, signal=9)
2016-09-16t16:01:38.235021315+08:00 container die b3256ef1400a7f6a6f242e377a77af5e25d3b12237c4ee7c2e9b31a5f6437868 (exitcode=137, Image=training/webapp, NAME=WEB5)
can see:
1. First Docker send sigterm signal to container (signal=15)
2. Wait 20 seconds (01:18 to 01:38)
3. Resend SIGKILL system signal (signal = 9)
4. Then the container was killed (die)
The Docker kill command emits a sigkill system signal to force the operation of the program in the container to be terminated. After running the Docker kill WEB5 command:
2016-09-16t16:06:44.351086471+08:00 container Kill b3256ef1400a7f6a6f242e377a77af5e25d3b12237c4ee7c2e9b31a5f6437868 (Image=training/webapp, NAME=WEB5, signal=9)
2016-09-16t16:06:44.365116100+08:00 container die b3256ef1400a7f6a6f242e377a77af5e25d3b12237c4ee7c2e9b31a5f6437868 (exitcode=137, Image=training/webapp, NAME=WEB5)
Visible directly emitted is the SIGKILL signal, the container was immediately killed.
(3) Use Docker CP to copy files or directories between host and container
root@devstack:/home/sammy# Docker cp/home/sammy/mydockerbuild/dockerfile web5:/webapp #从 host copy files to container
root@devstack:/home/sammy#
root@devstack:/home/sammy# Docker CP Web5:/webapp/dockerfile/home/sammy/dockerfile #从 container inside copy files to host
root@devstack:/home/sammy# ls/home/sammy
chroot devstack dockerfile mongodbdocker Mydockerbuild WebApp
(4) Docker Export and import
Docker Export: Package A container's file system as a compressed file
root@devstack:/home/sammy# Docker export Web5-o./web5
root@devstack:/home/sammy# ls
chroot devstack Dockerfile mongodbdocker mydockerbuild Web5 webapp
Docker import: Create a mirror from a compressed file
root@devstack:/home/sammy# Docker import web5 web5img-m "imported on 0916"
sha256 : 745bb258be0a69a517367667646148bb2f662565bb3d222b50c0c22e5274a926
root@devstack:/home/sammy# Docker History Web5img
IMAGE CREATED CREATED by SIZE COMMENT
745bb258be0a 6 seconds ago 324 MB imported on 0916
2.3 Docker Run command
The Docker Run command creates a container and starts it, and it also contains a number of parameters that are categorized by purpose as follows:
Cgroups and Namespace Related:
--blkio-weight value block Io (relative weight), between and 1000--blkio-weight-device value block io Weig HT (relative device weight) (default [])--cgroup-parent string Optional parent Cgroup for the container--cpu-pe rcent int CPU percent (Windows only)--cpu-period int Limit CPU CFS (completely Fair-Scheduler) period- -cpu-quota int Limit CPU CFS (completely Fair Scheduler) quota-c,--cpu-shares int CPU shares (relative Wei ght)--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)--cpuset-mems string MEMS in which to
Allow execution (0-3, 0,1)--device-read-bps value Limit Read rate (bytes per second) from a device (default []) --device-read-iops value Limit Read rate (IO/second) from a device (default [])--device-write-bps value Limit Write rate (bytes per second) to a device (default [])--device-write-iops value Limit Write rate (IO/second) to
A device (default []) --IPC string IPC namespace to Use-m,--memory string memory limit--memory-reservation string memory Soft limit--memory-swap string swap limit equal to memory plus swap: '-1 ' to enable unlimited swap--MEMORY-SW
appiness int tune container memory swappiness (0 to MB) (default-1)--kernel-memory string kernel memory limit -U,--user string Username or UID (format: <name|uid>[:<group|gid>])--userns string user n Amespace to use--uts string UTS namespace to Use-h,--hostname string Container host name--pid str ing PID namespace to use--pids-limit int tune container PIDs limit (set-1 for unlimited)--isolation String Container Isolation technology--io-maxbandwidth string Maximum IO bandwidth for the system limit
(Windows only)--io-maxiops uint Maximum IOps limit for the system drive (Windows only)
Linux process capabilities Related parameters:
--cap-add value add Linux capabilities (default [])
--cap-drop value drop Linux capabilities (default [])
Container operation mode and environment Related:
-D,--detach Run container in background and print container ID
-E,--env value Set environment variables (def Ault [])
--env-file value Read in a file of environment variables (default [])
DNS Related:
--dns Value Set custom DNS servers (default [])
--dns-opt value set DNS options (default [])
--dns-se Arch value Set custom DNS search domains (default [])
Health Check Related:
--health-cmd string Command to run to check health
--health-interval duration time between the running c4/>--health-retries int Consecutive failures needed to, unhealthy--health-timeout Maximum time to allow one check to run
--no-healthcheck Disable any container-specified healthcheck
IP and Port:
--ip string Container IPv4 address (e.g. 172.30.100.104)
--IP6 string Container address IPv6.2001: db8::33)-
p,--publish value publish a container ' s port (s) to the host (default [])-
p,--publish-allpublish all exposed ports to random ports
--expose value expose a port or a range of ports (default [])-
- Mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33)
--add-host value Add a custom Host-to-ip Mapping (HOST:IP) (default [])
Volume Related:
-V,--volume value Bind mount a volume (default [])
--volume-driver string Optional volume driver for the Cont Ainer
--volumes-from Value Mount volumes from the specified container (s) (default [])
--storage-opt value< C7/>storage driver Options for the container (default [])
Network about:
--network string Connect a container to a network (default "default")
--network-alias value Add network-scoped alias for the container (default [])
--link value Add link to another container (default [])--link-local-ip value Container ipv4/ipv6 link-local addresses (default [])
Log Related:
--log-driver string Logging driver for the container--log-opt value L OG driver Options (default [])
Interactivity Related:-A,--attach value attach to stdin, STDOUT or STDERR (default [])-I,--interactive Keep STDIN op En even if not attached OOM about:--oom-kill-disable disable OOM killer--oom-score-adj int tune host ' s OOM preferences ( -1000 to 1000) others (to be further sorted):--cidfile string Write the container ID to the file--det Ach-keys string Override The key sequence for detaching a container--device value ADD a host device to the Container (default [])--disable-content-trust Skip image Verification (default true)--entrypoint string Ov Erwrite The default entrypoint of the image--group-add value add additional groups to join (default [])--hel P Print usage-l,--label value Set meta data on a container (default [])--label-file value R EAD in a line delimited file of labels (default [])--name string Assign-a name to the container--privilege D Give extendedprivileges to this container--read-only Mount the container ' s root filesystem as read only--restart Strin G Restart policy to apply when a container exits (default "no")--rm automatically remove the contain Er when it exits the--runtime string runtime to the for this container--security-opt the value security Options (default [])--shm-size string size Of/dev/shm, default value is 64MB--sig-proxy Proxy received sig Nals to the process (default true)--stop-signal string signal to stop a container, sigterm by default (default) SI Gterm ")--sysctl value sysctl options (default map[])--tmpfs value Mount a TMPFS directory (default [])-T,--tty Allocate a pseudo-tty--ulimit value ulimit options (default [])-W,--workdir Strin
G Working directory inside the container
The specific content will be analyzed in a special document later.
3. Basic structure of Doker platform
The Docker platform is basically composed of three parts:
Clients: Users use the tools provided by Docker (CLI and APIs, etc.) to build, upload mirrors and publish commands to create and launch containers
Docker host: Download mirror from Docker registry and start container
Docker Registry:docker mirrored warehouse for storing mirrors and providing mirrored uploads and downloads
The following article will be specific analysis.
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.