Docker Client and Daemon

The above is the Docker's C/s frame composition, from which to extract the Docker client and daemon relationship as follows:

• Docker Host hosts:

  Virtual machines for Docker operations

  • Docker Daemon Daemon:

    A core program responsible for a wide variety of Docker operations, such as downloading or running a Docker container

• Client clients:

  We interact with the Docker daemon via the client and move, and docker build dcoker pull Daemon, to the docker run Docker. The main two kinds of interfaces are as follows:

  • Command line interface Console API, this does not speak much
  • The remote interface remotes API supports the following:
    • RESTful Style API
    • STDIN STDOUT STDERR, so users can interact with Docker with a custom program
    • Version information can be viewed using commands docker version

Connection of client and daemon

There are three main ways to connect to the socket:

• Unix:///var/run/docker.sock
• Tcp://host:port
• Fd://socketfd

Use the following command to connect the Docker.sock in the first form

nc -U /var/run/docker.sock

Initiate a GET request Docker information

GET /info HTTP1.1

will return data in JSON format

Configuration and operation of Daemons

After you install Docker, you need to confirm that the Docker daemon is running. Docker runs its daemon as root to handle actions that ordinary users cannot complete (such as mounting a file system). The Docker program is the client program for the Docker daemon and also needs to run as root.

When the Docker package is installed, the Docker daemon is started immediately by default. The daemon listens to/var/run/docker.sock this UNIX socket file to obtain Docker requests from the client. If a user group named Docker is present in the system, Docker sets the owner of the socket file to that user group. All users of the Docker user group can run Docker directly without using the sudo command.

Using a non-root user

1. $ sudo groupadd docker
2. $ sudo gpasswd -a ${USER} docker
3. $ sudo service docker restart
4. login again

As mentioned earlier, although the Docker user group facilitates the use of Docker, it is a security risk after all. Because the Docker user group has the same permissions as the root user for Docker, the Docker user group should only add users and programs that do need to use Docker.

• Two ways to view daemons

  • $ ps -ef | grep docker

  • In Ubuntu, if Docker is installed through a package, we can run the upstart status command to check if the Docker daemon is running

    $ sudo status docker

• Use the following commands in the life cycle of the Docker service

  • sudo service docker start
  • sudo service docker stop
  • sudo service docker restart

• Docker's startup options

  • docker-d [OPTIONS] common way to daemon

  • Run Related:

    -D，     --debug = false-e,      --exec-driverynative"-g,      -graph="/var/lib/docker" -icc=true-l,      --log-level="info"         --label=[]-p,      -pidfile = "/var/mn/docker.pid"

  • Docker Server Connection Related:

    -G,     -group="docker"-H,     -host=[]        --tls=false        --tlscacert="~/.docker/ca.pem"         --tlscert="~/.docker/cert.pem" -tlskey="~/.docker/key.perrT -tlsverify=false

  • REMOTAPI Related:

    --api-enable-cors=false

  • Storage Related:

    -s,     -storage-driver=""        -selinux-enabled=false        --storage-opt=[]

  • Registry Related:

    --insecure-registry=[]--registry-mirror=[]

  • Network Settings related to:

    -b,-bridge="" -bip=""--fixed-cidr=""--fixed-cidr-v6=""--dns=[] --dns-search=[]-ip=0.0.0.0-ip-forward=true-ip-masq=true--iptables=true

• Boot configuration file/etc/default/docker

  The various parameters described above are set in the configuration file.

Instance Modification Daemon Network

$ sudo /usr/bin/docker -d -H tcp://0.0.0.0:2375

This command binds the Docker daemon to all network interfaces on the host. The Docker client does not automatically monitor changes to the network, and we need to specify the address of the server through the-H option. For example, if you change the daemon port to 4200, you must specify DOCKER-H: 4200 When you run the client. If you do not want to add the-H flag each time you run the client, you can omit this step by setting the Docker host environment variable, as

$ export DOCKER_HOST="tcp://0.0.0.0:2375"

By default, Docker's client-server communication is not certified. This means that if you bind Docker to an externally exposed network interface, anyone can connect to the Docker daemon. The Docker 0.9 and later versions provide TLS authentication.

We can also specify a UNIX socket path through the-h flag, for example, specify Unix://home/docker/docker.socket,

$ sudo /usr/bin/docker -d -H unix://home/docker/docker.sock

Of course, we can also specify multiple binding addresses at the same time.

$ sudo /usr/bin/docker -d -H tcp://0.0.0.0:2375 -H unix://home/ docker/docker.sock

Debugging related

When the daemon is started, we can also output more detailed information by specifying the debug=1 parameter before the command. Currently, Docker's log output is still relatively small. The log output generated by the Docker daemon is saved in the/var/log/upstart/docker.log file under the Ubuntu system using upstart

DEBUG=1 /usr/bin/docker -d

To make these changes permanent, you need to edit the startup configuration item. In Ubuntu, we need to edit the/etc/default/docker file and modify the d0cker_0pts variable.

In Fedora and Red Hat releases, you need to edit the/usr/lib/systemd/system/docker.service file and modify the Execstart configuration items in it.

In other platforms, the boot configuration of the Docker daemon can be managed and updated with the appropriate init system.

Daemon configuration file does not take effect

Problem description: After adding options to the profile, it /etc/default/docker DOCKER_OPTS=" --label name=docker_whoami " does not take effect.

The workaround: Open the /lib/systemd/system/docker.service file
Add a row

EnvironmentFile=-/etc/default/docker-代表ignore error

and modify

ExecStart=/usr/bin/docker daemon -H fd://

Change into

ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS

This allows you to use /etc/default/docker the docker_opts parameter defined in the

sudo systemctl daemon-reload 重载

After the overload completes and the configuration file is modified and the service restarts, the following takes effect:

Labels:  name=docker_whoami

docker infoor ps -ef | grep docker you can see the above options.

Docker Client and Daemon