Docker Basics Cognition

00x0 Docker Concept

Docker consists of three basic concepts: mirroring (image), container (Container), Warehouse (Repository)

Mirror

On this basis, the image is modified two times, you can use the image to expand the development.

Container

You can think of a container as a simple version of the Linux environment (including root user rights, process space, user space, network space, and so on) and the applications running in it.

Warehouse

Domestic well-known warehouse Dockerpool and docker.cn.

docerpoll:http://www.dockerpool.com/

docker.cn:https://docker.cn/

00x1 Docker Basics

Docker supports the following Ubuntu versions

• Ubuntu trusty 14.04 (LTS) (64-bit)
• Ubuntu precise 12.04 (LTS) (64-bit)
• Ubuntu Raring 13.04 and saucy 13.10 (+ bit)

00x2 Docker Installation

1. Install all the required and optional packages, upgrade the Package Manager, and then install it.

sudo apt-get update; sudo apt-get install linux-image-generic-lts-trusty; sudo reboot

2. Get the latest version of the Docker installation package

$ wget-qo-https://get.docker.com/| sh

3. Verify that Docker is properly installed

$ sudo docker run Hello-world <== install Hello-world Mirror

$ sudo docker images <== view the installation situation.

4. How to turn on stop Docker

sudo stop/start/restart Docker

5. Upgrade Docker

$ sudo apt-get install-y lxc-docker

$ sudo docker version <== view Docker versions

6. Run Docker

sudo docker run-i-T Centos/bin/bash

-I: Open the stdin in the container
-T: Assigning a pseudo-TTY terminal to a container

Reference article:

Https://github.com/widuu/chinese_docker/blob/master/installation/ubuntu.md#Ubuntu%E5%AE%89%E8%A3%85Docker

http://blog.csdn.net/u010397369/article/details/40981673

Ubuntu Docker Optional Configuration

This section mainly describes the optional configuration items for Docker, which allows Docker to work better on Ubuntu.

• Create a Docker user group
• Adjust memory and swap space (swap accounting)
• Enable port forwarding for firewalls (UFW)
• Configure DNS services for Docker

Create a Docker user group

The Docker process replaces the TCP port by listening for a Unix Socket. By default, Docker's Unix socket belongs to the root user, and of course other users can access it in a sudo way. For this reason, the Docker process is always root user-run.

In order to docker stop using the command, sudo we need to create a named docker user group and add the user to the user group. Then docker , when the process starts, our docker group has the Unix socket ownership and can read and write to the socket file.

Note: The docker Group is equivalent to the root user. For details on the system security impact, see the Docker process surface attack details

Create a docker user group and add users

1. Use a sudo user with permissions to sign in to your Ubuntu. In this process, we assume that you are already logged in to Ubuntu.
2. Create a docker user group and add users.

   $ sudo usermod -aG docker ubuntu

3. Log out and log back in here to make sure that you run the user's permissions.
4. Verify that the docker user does not use the sudo command to open executionDocker

   $ docker run hello-world

Adjust memory and swap space (swap accounting)

When we use Docker to run an image, we may see the following message:

WARNING: Your kernel does not support cgroup swap limit. WARNING: Yourkernel does not support swap limit capabilities. Limitation discarded.、

In order to prevent the above error message from appearing, we need to enable memory and swap space in the system. We need to modify the system's GUN GRUB (GNU GRand Unified Bootloader) to enable memory and swap space. The opening method is as follows:

1. Use a sudo user with permissions to sign in to your Ubuntu.
2. Edit /etc/default/grub File
3. GRUB_CMDLINE_LINUXthe values set are as follows:

   GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"

4. Saving and closing files
5. Update GRUB

   $ sudo update-grub

6. Reboot your system.

Allow UFW Port forwarding

dockeruse UFW (a simple firewall) on the host host that you are running on. You need to do some extra configuration. Docker uses bridging to manage the network. By default, UFW filters all port forwarding policies. Therefore, when used with UFW enabled docker , you must set the UFW port forwarding policy appropriately.

By default, UFW is filtering out all inbound rules. If other hosts have access to your container. You need to allow all connections to Docker's default port (2375).

Set UFW to allow inbound rules for Docker ports:

1. Use a sudo user with permissions to sign in to your Ubuntu.
2. Verifying the installation and activation status of UFW

   $ sudo ufw status

3. Open and edit /etc/default/ufw files

   $ sudo nano /etc/default/ufw

4. Set DEFAULT_FORWARD_POLICY as follows: default_forward_policy= "ACCEPT"
5. Save the closed file.
6. Reload the UFW for the new rule to take effect.

   $ sudo ufw reload

7. Allow inbound rules for Docker ports

   $ sudo ufw allow 2375/tcp

Docker Configuration DNS Service

Whether it's Ubuntu or Ubuntu desktop reproduction, the 127.0.0.1 is used /etc/resolv.conf as the domain name server (nameserver) in the configuration file when the system is running. NetworkManager set DNSMASQ to use a real DNS server connection, and set the/ETC/RESOLV.CONF domain name service to 127.0.0.1.

When using these configurations to run Docker containers in a desktop environment, Docker users will see the following warning:

WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containerscan‘t use it. Using default external servers : [8.8.8.8 8.8.4.4]

This warning is because the Docker container cannot use the local DNS service. Instead, Docker uses a default external domain name server.

To avoid this warning, you can specify a DNS server for the Docker container. Or you can disable the NetworkManager dnsmasq . However, when dnsmasq a ban can cause DNS resolution for some networks to be slow.

Specifying a DNS server for Docker

1. Use a sudo user with permissions to sign in to your Ubuntu.
2. Open and edit/etc/default/docker

   $ sudo nano /etc/default/docker

3. Add settings

   DOCKER_OPTS="--dns 8.8.8.8"

   Replace the local DNS server, such as 192.168.1.1, with 8.8.8.8. You can specify multiple DNS servers, and multiple DNS servers use space splitting for example

   --dns 8.8.8.8 --dns 192.168.1.1

   Warning: If you are using a computer that needs to be connected to a different network, be sure to select a public DNS server.

4. Save the closed file.
5. Restarting the Docker process

   $ sudo restart docker  

Or, as an alternative to the previous procedure, disable NetworkManager dnsmasq (which slows down your network)

1. Open and edit/etc/default/docker

   $ sudo nano /etc/NetworkManager/NetworkManager.conf

2. Comment out DNS = DSNMASQ:

   dns=dnsmasq

3. Save Close File
4. Restarting NetworkManager and Docker

   $ sudo restart network-manager $ sudo restart docker

Upgrade Docker

wgetuse parameters at the time -N to install the latest version of Docker:

$ wget -N https://get.docker.com/ | sh

Docker Basics Cognition