1. What is docker
Containers in docker:
- lxc --> libcontainer --> runC
2. OCI&OCF
2.1 OCI
Open Container-initiative
- Led by the Linux foundation, it was founded in June 2015
- It aims to develop an open industrial standard around container format and runtime
- contains two specifications
- the Runtime Specification(runtime-spec)
- the Image Specification(image-spec)
2.2 OCF
Open Container Format
runC is a CLI tool for spawning and running containers according to the OCI specification
- Containers are started as a child process of runC and can be embedded into various other systems without having to run a daemon
- runC is built on libcontainer, the same container technology powering millions of Docker Engine installations
docker provides a site dedicated to container images: https://hub.docker.com/
3. docker architecture
4. docker image and image warehouse
Why is the name of the image repository Registry instead of repository? In docker, the name of the warehouse is named after the name of the application.
The image is static, while the container is dynamic. The container has its life cycle. The relationship between the image and the container is similar to that between the program and the process. The image is similar to the program file in the file system, while the container is similar to the state in which a program runs, that is, the process. Therefore, containers can be deleted. After a container is deleted, its image will not be deleted.
5. docker object
When you use docker, you are creating and using images, containers, networks, volumes, pluginns, and other objects.
-
IMAGES
- An image is a read-only template with instructions for creating a docker container.
- Often, an image is based on another image, with some additional customization.
- You might create your own images or you might only use those created by others and published in a registry.
-
CONTAINERS
- A conntainer is a runnable instance of an image.
- You can create, run, stop, move, or delete a container using the docker API or CLI.
- You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
6. Installation and use of docker
6.1 docker installation
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 470 0 0:00:04 0:00:04 --:--:-- 470
[root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@localhost yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo redhat.repo
[root@localhost ~]# yum -y install docker-ce
6.2 docker acceleration
The configuration file of docker CE is / etc/docker/daemon.json, which does not exist by default. We need to create and configure it manually, and the acceleration of docker is realized by configuring this file.
docker can be accelerated in many ways:
- docker cn
- Accelerator of China University of science and technology
- Alicloud accelerator (you need to register an account through alicloud Developer Platform and use your own accelerator for free)
[root@localhost ~]# mkdir -p /etc/docker
[root@localhost ~]# cat > /etc/docker/daemon.json <<EOF
> {
> "registry-mirrors": ["https://faq69nhk.mirror.aliyuncs.com"]
> }
> EOF
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://faq69nhk.mirror.aliyuncs.com"]
}
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]#
[root@localhost ~]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.11 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-193.el8.x86_64 Operating System: Red Hat Enterprise Linux 8.2 (Ootpa) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.602GiB Name: localhost.localdomain ID: 5YGS:R5WZ:KE2O:WC6B:FAUM:HYTR:DLHL:RA5T:ZYHD:XSC4:CZ3L:VFAE Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://faq69nhk.mirror.aliyuncs.com/ Live Restore Enabled: false [root@localhost ~]#
7. Common operations of docker
| command | function |
|---|---|
| docker search | Search for images in Docker Hub |
| docker pull | Pull an image or repository from the registry |
| docker images | List all mirrors |
| docker create | Create a new container |
| docker start | Start one or more stopped containers |
| docker run | Run the command in a new container |
| docker attach | Attach to a running container |
| docker ps | List running containers |
| docker ps -a | List all containers |
| docker logs | Get container log |
| docker restart | Restart a container |
| docker stop | Stop one or more running containers |
| docker kill | Kill one or more running containers |
| docker rm | Delete one or more stopped containers |
| docker exec | Run the command in the run container |
| docker info | Displays information for the entire system |
| docker inspect | Returns the low-level information of the Docker object |
| docker version | View Docker version information |
7.2 common operation examples of docker
7.2.1 docker search
//Search for nginx images in Docker Hub [root@localhost ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 15893 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con... 2098 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of... 819 [OK] jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho... 285 ······
7.2.2 docker pull
//Pull image [root@localhost ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx eff15d958d66: Pull complete 1e5351450a59: Pull complete 2df63e6ce2be: Pull complete 9171c7ae368c: Pull complete 020f975acd28: Pull complete 266f639b35ad: Pull complete Digest: sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest [root@localhost ~]#
7.2.3 docker images
//View installed images [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest ea335eea17ab 2 weeks ago 141MB [root@localhost ~]#
7.2.4 docker create
//Create a container [root@localhost ~]# docker create nginx 03aa723b790c92036c29cc2225d5a9b5e3ea63ea495a59df48009a9c7d15421f [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03aa723b790c nginx "/docker-entrypoint...." 19 seconds ago Created naughty_bardeen [root@localhost ~]#
7.2.5 docker start
//Start container [root@localhost ~]# docker start 03aa723b790c 03aa723b790c [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03aa723b790c nginx "/docker-entrypoint...." 2 minutes ago Up 3 seconds 80/tcp naughty_bardeen [root@localhost ~]#
7.2.6 docker stop
//Stop container [root@localhost ~]# docker stop 03aa723b790c 03aa723b790c [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]#
7.2.7 docker restart
//Restart container [root@localhost ~]# docker restart 03aa723b790c 03aa723b790c [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03aa723b790c nginx "/docker-entrypoint...." 5 minutes ago Up 5 seconds 80/tcp naughty_bardeen [root@localhost ~]#
7.2.8 docker kill
//Kill a container [root@localhost ~]# docker kill 03aa723b790c 03aa723b790c [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]#
7.2.9 docker run
//Run a container docker run [options] image [command] options: -a stdin: Specifies the standard input / output content type, optional stdin/stdout/stderr -d: Run a container, run or print the container in the background id -i: Run the container in interactive mode, usually with-t Simultaneous use -t: Reassign a pseudo input terminal to the container -P: Random port mapping: the internal port of the container is randomly mapped to the port of the host -p: Specify port mapping, for example: host port:Container port --name: Specify a name for the container --dns: Specifies the container to use DNS The server -v: Bind a volume [root@localhost ~]# docker run -it nginx /bin/sh # ls bin docker-entrypoint.d home media proc sbin tmp boot docker-entrypoint.sh lib mnt root srv usr dev etc lib64 opt run sys var # exit [root@localhost ~]# [root@localhost ~]# docker run -d httpd Unable to find image 'httpd:latest' locally latest: Pulling from library/httpd eff15d958d66: Already exists ba1caf8ba86c: Pull complete ab86dc02235d: Pull complete 0d58b11d2867: Pull complete e88da7cb925c: Pull complete Digest: sha256:1d71eef54c08435c0be99877c408637f03112dc9f929fba3cccdd15896099b02 Status: Downloaded newer image for httpd:latest d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 12 seconds ago Up 11 seconds 80/tcp awesome_swirles [root@localhost ~]#
7.2.10 docker inspect
//Get information about a container
[root@localhost ~]# docker inspect d224c77a7e87
[
{
"Id": "d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087",
"Created": "2021-12-01T11:30:44.627107396Z",
"Path": "httpd-foreground",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4626,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-01T11:30:45.604888464Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:ad17c88403e2cedd27963b98be7f04bd3f903dfa7490586de397d0404424936d",
"ResolvConfPath": "/var/lib/docker/containers/d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087/hostname",
"HostsPath": "/var/lib/docker/containers/d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087/hosts",
"LogPath": "/var/lib/docker/containers/d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087/d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087-json.log",
"Name": "/awesome_swirles",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/5832a07b782cf7272cee8a2a1ddb3582a1141afe780065b7c71905e0793160eb-init/diff:/var/lib/docker/overlay2/2ce6d18ceaf276ffd402767bd001187aa803d94b96d78e4349efa0caad71b9bd/diff:/var/lib/docker/overlay2/14548a9bb2246684399b70ac59f04475ba35bf698a9a7c8edc0d0197fe360a5a/diff:/var/lib/docker/overlay2/f44ab05a147f8558a3c19a1a6d07d262d459daa72d4c03cb1ee68f4ec0dd0233/diff:/var/lib/docker/overlay2/daf8a67763b43a5208b50ae739fe5643e9c79e06c31eb7f99a5b7bf9dfcb92aa/diff:/var/lib/docker/overlay2/336ff9a30043fb7aee33f99a279338b48b50d47932d5bb5b6f07cfe486a12e4c/diff",
"MergedDir": "/var/lib/docker/overlay2/5832a07b782cf7272cee8a2a1ddb3582a1141afe780065b7c71905e0793160eb/merged",
"UpperDir": "/var/lib/docker/overlay2/5832a07b782cf7272cee8a2a1ddb3582a1141afe780065b7c71905e0793160eb/diff",
"WorkDir": "/var/lib/docker/overlay2/5832a07b782cf7272cee8a2a1ddb3582a1141afe780065b7c71905e0793160eb/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "d224c77a7e87",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HTTPD_PREFIX=/usr/local/apache2",
"HTTPD_VERSION=2.4.51",
"HTTPD_SHA256=20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4",
"HTTPD_PATCHES="
],
"Cmd": [
"httpd-foreground"
],
"Image": "httpd",
"Volumes": null,
"WorkingDir": "/usr/local/apache2",
"Entrypoint": null,
"OnBuild": null,
"Labels": {},
"StopSignal": "SIGWINCH"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "5227fd3086201b8a16b03ce6351138a079b9fd54f29e0dac47c63a56b07cc1cd",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/5227fd308620",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "f849b710e5b40813bb76e4e81e244ee152df63bf5b916b6fd1945a23dd33737f",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "b312a3b5fc7278bcbb9438e3acea83300e3d0edc6553d49e08c9a98fa9dc3d11",
"EndpointID": "f849b710e5b40813bb76e4e81e244ee152df63bf5b916b6fd1945a23dd33737f",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]#
7.2.11 docker logs
//View a container's log [root@localhost ~]# docker logs d224c77a7e87 AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message [Wed Dec 01 11:30:45.613770 2021] [mpm_event:notice] [pid 1:tid 139883583319360] AH00489: Apache/2.4.51 (Unix) configured -- resuming normal operations [Wed Dec 01 11:30:45.613999 2021] [core:notice] [pid 1:tid 139883583319360] AH00094: Command line: 'httpd -D FOREGROUND' 172.17.0.1 - - [01/Dec/2021:11:33:15 +0000] "GET / HTTP/1.1" 200 45 [root@localhost ~]#
7.2.11 docker rm
//Delete a container [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 5 minutes ago Up 5 minutes 80/tcp awesome_swirles 4b50a8610a3a nginx "/docker-entrypoint...." 8 minutes ago Exited (0) 8 minutes ago intelligent_williams ae51fe7c633f nginx "/docker-entrypoint...." 9 minutes ago Exited (127) 8 minutes ago focused_elbakyan 98bfd6062ea9 nginx "/docker-entrypoint...." 9 minutes ago Exited (130) 9 minutes ago recursing_johnson 03aa723b790c nginx "/docker-entrypoint...." 19 minutes ago Exited (137) 12 minutes ago naughty_bardeen [root@localhost ~]# docker rm 4b50a8610a3a 4b50a8610a3a [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 5 minutes ago Up 5 minutes 80/tcp awesome_swirles ae51fe7c633f nginx "/docker-entrypoint...." 9 minutes ago Exited (127) 9 minutes ago focused_elbakyan 98bfd6062ea9 nginx "/docker-entrypoint...." 9 minutes ago Exited (130) 9 minutes ago recursing_johnson 03aa723b790c nginx "/docker-entrypoint...." 19 minutes ago Exited (137) 12 minutes ago naughty_bardeen [root@localhost ~]#
7.2.13 docker rm $(docker ps -aq)
//Delete multiple containers [root@localhost ~]# docker ps -aq d224c77a7e87 ae51fe7c633f 98bfd6062ea9 03aa723b790c [root@localhost ~]# docker rm $(docker ps -aq) ae51fe7c633f 98bfd6062ea9 03aa723b790c Error response from daemon: You cannot remove a running container d224c77a7e875f0696654592a45de6fc70ca4b8ad95fb17ce8cda8255a770087. Stop the container before attempting removal or force remove [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 7 minutes ago Up 7 minutes 80/tcp awesome_swirles [root@localhost ~]#
7.2.14 docker attach
//Connect to a running container [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5f81cac59be httpd "httpd-foreground" About a minute ago Up 13 seconds 80/tcp bold_bassi [root@localhost ~]# docker attach d5f81cac59be ^C[Wed Dec 01 11:42:07.244368 2021] [mpm_event:notice] [pid 1:tid 139743543156032] AH00491: caught SIGTERM, shutting down [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]#
7.2.15 docker exec
//Enter container [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 15 minutes ago Up 8 seconds 80/tcp awesome_swirles [root@localhost ~]# docker exec -it d224c77a7e87 /bin/bash root@d224c77a7e87:/usr/local/apache2# ls bin build cgi-bin conf error htdocs icons include logs modules root@d224c77a7e87:/usr/local/apache2# exit exit [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d224c77a7e87 httpd "httpd-foreground" 16 minutes ago Up About a minute 80/tcp awesome_swirles [root@localhost ~]#
8. docker event state
