Docker first Knowledge

"docker--from Getting started to practice" is an introductory tutorial for Docker technology, two days of learning, and now the key points are as follows:

1. What is Docker?

The lightweight operating system virtualization solution, the Go language implementation, and a good illustration of the features of Docker shared kernel:

2. Three basic concepts.

Image Image: Read-only template, can be understood as a preset development platform

Warehouse repository: Centrally stored image, push pull available

Container container: Run app, is an instance of image

3. Install.

Docker is based on the Linux kernel, so it is easier to install on Linux-like systems, and the installation process for each platform is stamped here. Microsoft will provide native Docker-enabled Windows Server, but in recent years it is not expected to be seen, so it is installed with an installer that integrates the Docker client, VirtualBox, Msys-git, Boot2docker and other components. After installation, Docker is actually running on a virtual machine running a Linux kernel system, as shown in:

After installation, add the following values in the System environment variable path:

C:\Program Files (x86) \git\bin

Open cmd and use the following command to start Docker

Boot2docker start

It can be seen that DOCKER requires setting docker_host, Docker_gert_path, docker_tls_verify Three environment variables, the three set copy and paste down to run. You can then use the various commands for Docker in CMD.

However, if the IP address changes, or sometimes Boot2docker restarts, the following error occurs when you enter the Docker command:

This means that the previously generated certificate is not valid for the current IP address and therefore cannot be used. A solution is given in GitHub's discussion posts:

SSH sudo ntpclient-s-H pool.ntp.org

The pro-test is available as shown in:

4. Sudo docker pull ubuntu:14.04

The pull command is a command to download the image from a repository such as the Docker hub, which, when executed, first looks for a ubuntu:14.04 image in the local, or, if not, the default login to the Docker hub to download the image.

5. Sudo docker images

Displays the local image, where the image ID of each image is unique.

6. Sudo docker run-t-I ubuntu:14.04/bin/bash

Create and run a container: run for running;-T for assigning a pseudo terminal and binding to the container's standard input;-I means keeping the container's standard input open; ubuntu:14.04 means that the container is based on the mirror;/bin/bash means that the Bash app is running in the container; Represents running in a daemon state, where you can view the container's output information through Docker logs < container name >, and move into the container via Docker attach < container name >.

Standard operations that Docker run runs in the background include:

1) Check that there is a specified image locally, and that it does not exist. Download from public repository

2) Create and launch a container using the image

3) Assign a file system and mount a layer of read-write layers outside of the mirrored layer

4) bridging a virtual interface into a container from the bridge interface configured by the host host

5) Configure an IP address from the address pool to the container

6) Execute user-specified application

7) The container is terminated after execution of the program is completed

7. Dockerfile

Create a new directory Dira, create a new file under this directory Dockerfile,dockerfile content similar to the following:

#This is a dockerfilecreated by Openxxsfrom Ubuntu:14.04Maintainer Openxxs<[email protected]>RUN Apt-get-QQ Updaterun Bash-C'echo "Hello Docker"'
RUN groupadd-r girlfriend && Useradd-r-g girlfriend Lily
USER Lily
EXPOSE5900CMD/bin/Bashcmd ["/bin/ls"," -A"]add Mylocalpath/myfile/usr/www

You can now use the sudo docker build-t myimage:v1 Mypath/dira to create your own image.

Common commands:

From <image>:<tag> dockerfile First command

Maintainer <name>

RUN <cmd> equivalent to/bin/sh-c;run ["Executable", "param1", "param2"] equivalent to exec

CMD container is executed at startup, only one valid, as in the above dockerfile only CMD ["/bin/ls", "-a"] valid and Cmd/bin/bash invalid

EXPOSE <port> containers exposed to the outside port number

ENV <key> <value> Specify environment variables

Add <src> <dest> Copy Local directory (relative path relative to dockerfile) or network directory or tar file to the container's specified directory; copy is similar but only local directory can be copied

EntryPoint container starts and executes, only one valid

VOLUME ["/data"] creates a mount point that can be mounted from a local host or other container

User daemon Specifies the username or UID when the container is run

Workdir Workdir Specify the working directory for subsequent naming

Onbuild [The instructions listed above can] the image as the underlying image of the other newly created image, the instruction executed is equivalent to the from after the execution of the onbuild specified instruction

8. Image Management

Import a mirror locally from a template using OpenVZ download sudo cat ubuntu-14.04.tar.gz | Docker import-ubuntu:14.04

Upload image sudo docker push Ubuntu:openxxs

Save mirrored docker Save-o Ubuntu_openxxs.tar UBUNTU:OPENXXS

Load photographed like Docker load--input Ubuntu_openxxs.tar

9. Removal

Docker RM remove container; Docker RMI Remove mirror

Remove all containers that depend on the image before removing the mirror

Ten. Union FS

Each image is made up of many layers, and Docker uses union FS to combine these different layers into one image for incremental modification and maintenance.

Union FS can be implemented without LVM, RAID multiple disk to the same directory; A read-only branch and a writable branch can be combined together.

Union fs Masks different file system differences, unifying them into unique file systems, and the contents of different file systems under the same path are merged into a new, virtual file system.

The different branches is either read-only and Read-write file systems, so then writes to the virtual, merged copy is Directed to a specific real file system. This allows a file system to appear as writable, but without actually allowing writes to change the file system, also know N as Copy-on-write. This was desirable when the media was physically read-only, such as in the case of Live CDs.

One . Docker PS

View the containers that are running;-A will list all the container information that has been run, and the-l parameter lists the container information that was last run.

12. Import and export of containers

Docker Export < container id> > Ubuntu.tar

Cat Ubuntu.tar | Docker Import-ubuntu:openxxs

13. Data Volume Volumes

is a special directory that can be used by multiple containers with the following features:

1) Data volumes can be shared and reused between containers

2) changes to the data volume will take effect immediately

3) updates to data volumes do not affect mirroring

4) The volume will persist until no container is used

Docker run -v/webapp ubuntu:openxxs python app.py creates and loads a data volume into the/webapp directory of the container.

Docker run -v/src/webapp:/opt/webapp ubuntu:openxxs python app.py loads the/src/webapp directory of the host into the/opt/webapp directory of the container. "-v/src/webapp:/opt/webapp:ro", the default permission is read and write, plus ro can be mounted as read-only.

14. Data Volume container Volume Container

A data volume container is a normal container that is designed to provide data volumes to be mounted by other containers to enable the sharing of continuously updated data between containers.

sudo docker run-d-v/data--name dbdata ubuntu:openxxs Create data volume container dbdata.

sudo docker run-d --volumes-from dbdata--name db1 ubuntu:openxxs container DB1 mount data volumes in Dbdata.

If you want to delete a data volume, you must use Docker rm-v to specify that the associated container is deleted at the same time when you delete the last container that also mounts it.

. Docker inspect < container name >

View all variable information for a container.

16. Port Mapping

-P randomly maps a 49000~49900 port to an internal container open network port.

The-p 5,000:5,000 local 5000 port is mapped to port 5000 of the container.

-P 127.0.0.1:5000:5000 binds the 5000 port of localhost to port 5000 of the container.

-P 127.0.0.1::5000 binds any one port of localhost to port 5000 of the container.

-P 127.0.0.1:5000:5000/UDP default to TCP, using UDP tokens to specify UDP ports.

Docker PS can see the mapping situation, Docker Port < container name > < container port number > can also view the mapping situation. Multiple-P can be used in a Docker run.

17. Container Interconnection

Creates a tunnel between the source container and the receiving container, and the receiving container can see the information specified in the source container.

sudo docker run--name Web --link db:dblink ubuntu:openxxs python app.py Create a connection named Dblink from the container named Web sink to the container named DB from the source container.

18. Network Configuration

When Docker starts, it automatically creates a Docker0 virtual bridge on the host and randomly assigns an address to the Docker0 interface in a locally unoccupied private network segment.

When you create a container, you generate a pair of veth interfaces to the connection container and Docker0. When a packet is sent to an interface, the other interface can also receive the same packet.

By default, the container can proactively access connections to the external network, but the external network cannot access the container when-p or-p is not set. Container all connections to the external network, the source address will be NAT cost to the system's IP address, which is implemented using Iptables's source address spoofing operation.

19. Bottom-level implementation of core technologies

1) Namespace namespace: Each capacity has its own separate namespace, ensuring that the containers do not affect each other. Namespaces include PID (the process of isolating different users), net (Network of isolated containers), IPC (interprocess communication, inter-process interaction, isolation of IPC resource requests), MNT (Isolation of the file directory structure seen by processes in each namespace) , UTS (UNIX time-sharing System, which allows each container to have a separate host name and domain name so that it can be treated as a separate node on the network rather than a process for the host), User (You can use users within the container to execute programs without using users on the host), and so on.

2) Control groups: Isolate, restrict, and audit shared resources.

3) Use Aufs (Anotherunionfilesystem) in Union Fs:docker.

4) Container formats container format.

Docker first Knowledge