What is docker?
Is a lightweight virtual machine, is an engine
It is an open source tool for running applications in linux container.
docker is a lightweight virtualization solution based on container technology. docker is a container engine that perfectly encapsulates and abstracts the underlying container technologies such as cgroup and namespace of linux, and provides users with convenient interfaces (Cli, api, etc.) from creating and managing containers
What is the difference between docker and virtual machine?
Higher resource utilization docker, virtualization consumes resources
There is no need for mirroring, just encapsulating a proposed operating system
Do you need container technology for society?
With the development of technology, the overhead of virtualization technology is too large. Running a script still needs to install a system. docker does not need virtual hardware resources and uses the container engine directly, which is fast.
What is the core purpose of docker?
Isolation application: in fact, it is the isolation of resources
Only by implementing namespace isolation in the following 6 can it be regarded as a truly fully isolated application.
Mount file system mount point - a specified directory cannot be mounted repeatedly within a file system
User the user and user group of the operation process
pid process label
uts host name and host domain
ipc semaphore, message queue and shared memory (different applications call different semaphores, message queue and shared memory)
net network equipment, network protocol stack, port, etc
docker three elements
① Mirror image: template; Group resource collection, including application software packages, application related dependent packages, and the basic environment required to run applications (generally refers to the operating system environment), which can be understood as the template of the container
② docker container: a runtime state based on image
③ docker reqistry: store image image templates;
Warehouse classification: docker hub
Private warehouse
advantage
Docker engine unified infrastructure environment: docker environment - > Image - > encapsulate a simple operating system (3.0+G)
Docker engine unifies the packaging application (packing / packaging - similar to container): docker image - > image
The docker engine unifies the runtime environment: docker container - > based on image - > run as a container (runnable environment), realizing one-time construction, multiple times and multiple uses
install
// [root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 114.114.114.114 [root@localhost ~]# yum install -y yum-utils device-mapper=persistent-data lvm2
Set alicloud image source
// [root@localhost etc]# cd yum.repos.d [root@localhost yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Plug in loaded: fastestmirror, langpacks adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo
Install docker CE Community Edition
// [root@localhost yum.repos.d]# yum install -y docker-ce [root@localhost yum.repos.d]# systemctl start docker [root@localhost yum.repos.d]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@localhost yum.repos.d]#
Set mirror acceleration
Enter alicloud's official search image accelerator to display the independently assigned accelerator address
Use the accelerator by modifying the daemon configuration file / etc/docker/daemon.json
//
[root@localhost yum.repos.d]# mkdir -p /etc/docker
[root@localhost yum.repos.d]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://m1aaxlq9.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://m1aaxlq9.mirror.aliyuncs.com"]
}
[root@localhost yum.repos.d]# systemctl daemon-reload
[root@localhost yum.repos.d]# systemctl restart docker
network optimization
// [root@localhost yum.repos.d]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@localhost yum.repos.d]# systemctl restart network [root@localhost yum.repos.d]# systemctl restart docker [root@localhost yum.repos.d]# docker images #View mirror mode 1 REPOSITORY TAG IMAGE ID CREATED SIZE [root@localhost yum.repos.d]# docker image ls #View mirror mode 2
View related commands
View docker version
// [root@localhost yum.repos.d]# docker version Client: Docker Engine - Community #client Version: 20.10.8 #engine API version: 1.41 #Engine version Go version: go1.16.6 #go language version Git commit: 3967b7d #git tool Built: Fri Jul 30 19:55:49 2021 #Creation time OS/Arch: linux/amd64 #operating system Context: default Experimental: true Server: Docker Engine - Community #Server Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:54:13 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.9 #Container version GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 #initialization GitCommit: de40ad0
Used to display docker system level information
// [root@localhost yum.repos.d]# docker info Client:#client Context: default #Connection mode Debug Mode: false #Debug module Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) scan: Docker Scan (Docker Inc., v0.8.0) Server: Containers: 0 #capacity Running: 0 #Number of runs Paused: 0 #Base container Stopped: 0 Stop number Images: 0 #Number of mirrors Server Version: 20.10.8 #edition Storage Driver: overlay2 #Storage engine Backing Filesystem: xfs #file system Supports d_type: true #Supported types Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local #Local volume Network: bridge host ipvlan macvlan null overlay #Supported file types Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive #Support Manager Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2 Default Runtime: runc #Default runtime environment: runtime container Init Binary: docker-init #Data corresponding to the basic image containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 #Runtime container environment init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.683GiB Name: localhost.localdomain ID: CYBX:CGEA:7JQB:I7UB:LPNJ:KXDT:PCXU:DH3Z:LRB4:LAB5:NNDI:CNDW Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 #Private address network segment Registry Mirrors: https://m1aaxlq9.mirror.aliyuncs.com / # image warehouse address Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
Docker image related operations
Run mirror
// [root@localhost ~]# docker run hello-world Unable to find image 'hello-world:latest' locally ##There is no such image latest: Pulling from library/hello-world #Automatic download b8dfde127a29: Pull complete #Mirror id Digest: sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1 #Hash encryption Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly.
delete mirror
You need to delete the container before deleting the mirror
// [root@localhost ~]# docker ps -a #View container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b7d6f31dae52 hello-world "/hello" 5 minutes ago Exited (0) 5 minutes ago happy_hodgkin [root@localhost ~]# docker rm b7d6f31dae52 #Delete container b7d6f31dae52 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 6 months ago 13.3kB [root@localhost ~]# docker rmi d1165f221234 #delete mirror [root@localhost ~]# docker rmi `docker images -q` #-q lists the image ID and deletes multiple images Untagged: hello-world:latest Untagged: hello-world@sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1 Deleted: sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726 Deleted: sha256:f22b99068db93900abe17f7f5e09ec775c2826ecfe9db961fea68293744144bd
search for images
// [root@localhost ~]# docker search nginx [root@localhost ~]# docker search centos:7
pull for downloading images
// [root@localhost ~]# docker pull nginx #The default is from docker hub Using default tag: latest #latest edition latest: Pulling from library/nginx a330b6cecb98: Pull complete 5ef80e6f29b5: Pull complete f699b0db74e3: Pull complete 0f701a34c55e: Pull complete 3229dce7b89c: Pull complete ddb78cb2d047: Pull complete Digest: sha256:a05b0cdd4fc1be3b224ba9662ebdf98fe44c09c0c9215b45f84344c12867002e Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest
Get image information
Details of encapsulating images
// [root@localhost ~]# docker inspect 822b7ec2aaf2
Add mirror label
// [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 822b7ec2aaf2 32 hours ago 133MB [root@localhost ~]# docker tag nginx:latest nginx:lamp [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx lamp 822b7ec2aaf2 32 hours ago 133MB nginx latest 822b7ec2aaf2 32 hours ago 133MB
Mirror export
// docker save -o File name image name docker save -o centos_7 centos:7 scp centos_7 192.168.142.142:/opt
Mirror import
// docker load < nginx
Summary:
[root@docker docker]# docker ps -a
[ root@docker ~]#Docker PS -aq# only filters out container ID S
16d885305462
[ root@docker ~]#Docker RM docker PS -aq# batch delete
CONTAINER ID: CONTAINER ID
IMAGE: IMAGE version
Critical: time of creation
STATUS: running time
PORTS: exposed PORTS
NAMES: name (definable)
docker command - container operation
Create container
// [root@localhost ~]# docker create -it nginx:latest /bin/bash e3047d0fa01866777b503d9b62e0360803a93c923432077ce3a611e0906672e2 -i Leave the standard input of the container open -t Assign a pseudo terminal -d Run as a background daemon
Start container start
// [root@localhost ~]# docker start e3047d0fa018 #Container id docker run centos:7 /usr/bin/bash -c ls /
// [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e3047d0fa018 nginx:latest "/docker-entrypoint...." About a minute ago Created stupefied_golick [root@localhost ~]# docker start e3047d0fa018 #Container id e3047d0fa018 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e3047d0fa018 nginx:latest "/docker-entrypoint...." 2 minutes ago Up 18 seconds 80/tcp stupefied_golick
Stop container
// docker stop container ID
// [root@localhost ~]# docker stop e3047d0fa018 e3047d0fa018
The container continues to run in the background
// [root@docker ~]# docker run -d centos:7 /usr/bin/bash -c "while true;do echo hello;done" [root@docker ~]# watch -n 2 docker ps -a [root@docker ~]# docker rm `docker ps -aq` #Running will not be deleted
Enter container
// use run docker run -it nginx:latest /bin/bash #One time, exit and close
// exec(The container must be open) docker exec -it container ID /bin/bash
// PS: docker run -it The foreground process will be created, but it will be entered exit Terminate the process after. docker attach Will connect via stdin,Connect to the input / output stream in the container, and exit Terminate process after. docker exec -it Will be connected to the container, which can be like SSH Enter the container and operate through exit Exit the container without affecting the operation of the container.
docker network mode
HOST mode
container mode
None mode
Bridge mode (default)
Characteristics of docker's four network modes
// host pattern -net=host Container and host sharing Network namespaceo container pattern -net=container:NAME_or_ID Multiple containers share one Network namespace. none pattern -net=none Containers have independent Network,namespace,However, there is no network setting, such as distribution veth pair And bridge connection, configuration IP Wait. bridge pattern -net=bridge ((default is this mode) No manual configuration is required for the above,What really needs to be configured is a custom network