Dockone technology Sharing (30): The new features of Docker 1.9

This is a creation in Article, where the information may have evolved or changed.
"Editor's words" November 4, Docker 1.9 officially released. With Docker Swarm and multi-span host networks officially available in production environments, Docker Engine provides a new storage volume management system, and Docker Compose provides better support for more environments. All of these have laid a solid foundation for distributed applications in large-scale deployments of production environments. This paper analyzes the new features of Docker 1.9 in detail.

@Container Conference, a top-tier container technology conference designed for frontline developers and operations engineers.

1. Introduction to New features

On November 4, Docker released 1.9, and a lot of interesting features were added to the new release, so I'll make a brief introduction to the new features in the new release.

• Cross-Host networking: New network devices can enable users to create virtual networks based on multiple hosts, enabling containers to communicate across networks.
• Persistent storage: Docker 1.9 includes a redesigned full storage volume management system that makes it easier for users to manage these data volumes from the front end.
• Docker Swarm 1.0: Fix bugs and make a lot of optimizations for them. Docker tested 30,000 containers on 1000 nodes, and the swarm can be run with a silky lubrication.
• Docker engine 1.9: The new Docker engine adds the following new features: Dockerfile build-time parameters, parallel mirror pull, custom stop signal, AWS CloudWatch logging driver, and disk I/O me Trics.
• Docker Compose 1.5:docker Compose is a tool for defining and running multi-container applications with the following updates: Support for environment variables in Windows, Compose files, better support for multiple environments, and networking Integrated and compose file checksum.
• Docker Toolbox: This tool enables Mac and Windows to support these new features.
• Docker Registry 2.2: The following updates were made: support for Google Cloud Storage, read-only mode, support for configurable host names, file-based presence configuration, configurable HTTP health checks, and configurable HTTP response headers.
  Detailed update instructions can be referenced in the Docker 1.9 release: Swarm and cross-host network into the Production-ready phase and announcing Docker 1.9:production-ready Swarm and Multi-hos T Networking.

2. Interpretation of new features and principles

Here are a few more interesting to me, do a detailed introduction.

First of all, the most compelling version of the release is Docker's cross-host network. At the Dockercon conference in June, Docker announced that it had begun experimenting with the Docker network. In 1.9, the Docker Network command was removed from the experimental branch and formally entered the distribution. With the new networking we can create a virtual network and then join the container to the virtual network for the network topology that best fits the deployed application.

Compared with the traditional links model, the new networking has the following three improvements:

1. You can connect different containers across different physical and virtual hosts.
2. The user can easily stop, open and restart the container without worrying about breaking the connection between the containers.
3. Users can create containers in any order.

After the new networking features are clear, let's take a look at the implementation principle of this section.

The cross-host portion of the networking is implemented using the OvS (Open vSwitch) and Vxlan tunnels. With regard to the isolation between containers, iptables is used.

To understand networking's execution flow, the first thing to be clear is the following three concepts:

1. Sandbox: A sandbox contains a network stack of containers. These include the container's management interface, routing table, and DNS settings. This is achieved mainly through namespace and cgroup. A sandbox can include multiple endpoint.
2. Endpoint: A Endpoint joins a network by adding a sandbox. Endpoint is the equivalent of a network card.
3. Network: A network consists of a group of directly interconnected endpoint. It is equivalent to a level two network.

After the three basic concepts are clear, let's take a look at the execution flow of the network.

1. Call Libnetwork After you specify the driver for the network and the relevant parameters. New () creates a Networkcontroller instance. This example provides a variety of interfaces that Docker can use to create new network and sandbox.
2. Through the controller. Newnetwork (Networktype, "Network1") to create a network of the specified type and name.
3. Through the network. Createendpoint ("Endpoint1") to create a endpoint. In this function docker assigns the IP and interface to the endpoint, and the configuration information in the corresponding network instance is used in endpoint, including configuration rules and port information for iptables.
4. By invoking the controller. Newsandbox () to create a sandbox. This function primarily calls namespace and cgroup to create a relatively separate sandbox space.
5. Call EP. Join (SBX) adds endpoint to the specified sandbox, and the sandbox is added to the network where the endpoint is created.

In general, endpoint was created by the network and belonged to the network that created it, and when endpoint was added to the sandbox, it was equivalent to adding the sandbox to the network. The following figure can briefly describe the relationship between the three.


Then it's about volumes, the one that persists, and Docker makes a big change. The first and most obvious is that--volume is no longer just a flag for Docker run, but also appears in Docker as a separate subcommand. The bottom layer also adds APIs for volume, such as LS, create, inspect, and RM volume subcommands. The new Volume subcommand allows the user to create the volume first and then mount it at the start of the container, which facilitates volume management.

A simple example to help you get started with new features quickly:

$ docker Volume Create--name Hello
Hello
$ docker run-d-V Hello:/world busybox Ls/world

This example allows you to create a volume named Hello, and then mount it to the/world directory within the container.

There are also some interesting and useful features in Docker Engine 1.9.

The previously mentioned disk I/O metrics is a useful feature. This new feature calculates the I/O to the disk by grabbing information from the Blkio ioservicebytesrecursive inside the system and printing it through the Docker State command. So now the container information obtained through Docker state becomes the following form:


Parallel mirroring pull is also an interesting new feature. Now you can do this if the user pull's mirror is being pulled by another process, the progress bar displays this information and exits correctly. The previous version of Docker engine was in the process of handling the user pull's image being pull from another process, using a pipe, which would easily clog up the pipe and would snap to "Layer already being pulled by another". Client ".
A toolkit named Progressreader is used in the new version, and if this is the case, Docker engine can call this toolkit to read the progress of the mirror specified by the other process pull user through the shared broadcaster, showing the progress, And make the right return.

Finally, the custom stop signal in Docker Engine 1.9 is spoken. This feature can be added to the Dockerfile directive stopsignal, by using this command Docker allows the user to customize the signal received by the application upon receiving Docker stop. This new feature supports the delivery of custom signals by rewriting the stopsignal in the signal library in Docker, and then passing the user-defined signal to the underlying function when the upper layer is called.

Q&a

Q: Do OvS and Vxlan have performance loss in terms of throughput and latency, and are there any test indicators?

A: The loss is certain, but the specific indicators, Docker did not give the test results.

Q: How does localization create images, OvS is localized, how much bandwidth does the physical network card require?

A: This update is not mentioned. The configuration of the OvS will be localized, and the specific physical NIC does not give a description of how big Docker is.

q:1.9 after the container's network stack was configured before the container started or started, before the previous version of Docker, network initialization before or after the start of the container?

A: The network stack is configured before it starts and is loaded when it starts. The same is true of previous Docker.

q:docker Daemon What configuration items are added to the cross-host network, and where are the information stored across the host network?

A: This question is too specific, need to look at the code carefully to know, I just probably looked at, after all, the network this part of the update too much.

Q: Does Docker support OvS from the 1.9 start, OvS still need to install it yourself?

a:1.9 starts using OvS to implement the networking part, the underlying or the OvS of the call. OvS need to install it yourself.

Q: That is to say, since 1.9 OvS is directly through the tunnel, rather than through the route to achieve, right?

A: This can be understood.

Q: Does the volume feature now have a function similar to kubernetes persist volume, docking third party storage?

A: Now the volume or docking local folder, has a sub-command, more convenient to use and management.

q:1.9 version features, is it easier to build a container for fixed IP class virtual machines?

Yes.

Q: Is the container network for cross-hosts maintained by Docker Daemon?

A: It is maintained through the daemon.

What are the improvements to q:docker1.9 's CRIU scheme compared to the previous versions, and what are the pits for the new version using hot migration?

A:docker still can't heat transfer, Runc can.

Q: Does the cross-host network function be all implemented in Docker engine, or does it depend on the installed OvS-related environment?

A: The underlying or call OvS.

Q: What if a container restart or rebuild has an impact on a virtual network that has already been built?

A: no impact.

can q:d give an example of the actual use of a new 1.9 network feature?

A: The execution flow I gave above is probably similar to the actual example used, which is to create the network, create the EP, create the sandbox, and load the EP into the sandbox. Examples of actual use can be found in the official Docker documentation.

Q: How can multiple containers share a single storage solution for simultaneous write issues?

A: In fact, the Docker data volume is a bindmount, and it works in accordance with the principle of shared volumes on the Linux host.

===========================
The above content is organized according to the November 5, 2015 Night Group sharing content. Share people Kao Sanglin, a graduate of the SEL lab at Zhejiang University, currently works in research and development at the Cloud Platform team. With a deep research and two development experience in PAAs, Docker, big Data and mainstream open source cloud computing, the team is now working with the community to contribute to some of the technical articles in the hope that it will help readers. Dockone Weekly will organize the technology to share, welcome interested students add: LIYINGJIESX, into group participation, you want to listen to the topic can give us a message.