Here comes the docker you want!

Keywords: Operation & Maintenance Docker


1, Background of container technology

In the case of linux, the linux operating system has a main process with pid=1, which derives other processes to control different services. For example, PID = 2 -- > Python PID = 3 – > java pid4 – > PHP, the three services may affect each other
Users expect these three different services to run in different runtime environments without affecting each other, and will not increase the server cost.

It extends whether these three services can be encapsulated separately - "KVM virtualization technology", which realizes that one operating system simulates multiple operating systems / different runtime environments.
With the development of technology, virtualization technology costs a lot (for example, as long as you run a python script, you need to install an operating system if you want to use virtualization, which is inconvenient / reasonable)
Extended container technology;
The abstraction layer (user layer) of the virtualization layer is stripped and replaced with docker engine (removed from the guest operating system). As long as the engine can be directly connected to the host operating system, the overhead is greatly reduced.
The docker engine requires a kernel version (at least 3.8 +)
docker requires the resource management function of cgroups (resource management module in Linux kernel state)

2, Introduction to docker Foundation

1.docker overview

Dcoker is a lightweight virtualization solution based on container technology. docker is a container engine that perfectly encapsulates the underlying container technologies such as cgroup and namespaces of linux, and abstracts it to provide users with convenient interfaces (command line Cli, api, etc.) for creating and managing containers

2. Advantages of. Docker

(1) The docker engine unifies the infrastructure environment: the docker environment ------ "image ------ > encapsulates a simple operating system (3.0+G)

(2) Docker engine unifies the packaging application (packing / packaging - similar to container): docker images

(3) Docker engine unifies the runtime environment: docker container - based on image - run as container (runnable environment)
It realizes one-time construction, multiple times and multiple uses

3. Usage scenario of docker

Process: War jar ------ > igithub gitlab private warehouse (code warehouse) -- -- > Jenkins (test)
(application encapsulation / image building) I. operation and maintenance uses image download and container technology for operation / release
Can achieve:

(1) Packaged application simple deployment
(2) It can be migrated arbitrarily away from the underlying hardware (realizing the isolation of applications, splitting and decoupling applications), for example, the server can be migrated from Tencent cloud to Alibaba cloud
(3) Continuous integration and continuous delivery (CI/CD): development to test release
(4) Deploy microservices
(5) The virtual machine providing PAAS products (platform as a service) {OpenStack is similar to Alibaba cloud ECS and belongs to IAAS; Docker (K8S) belongs to PAAS

4. The difference between docker and virtualization

3, docker architecture

Docker uses a client server architecture. Docker client and docker
The daemon talks, and the daemon completes the heavy work of building, running and distributing Docker containers.

Docker is different from traditional virtualization. It does not need virtual hardware resources and directly uses the container engine, so it is fast

Docker Client: client / provides a platform for interacting with users and displaying + a tool for managing and controlling docker server (function)

Docker client (docker) is the main way for many docker users to interact with docker. When you use commands such as docker run, the client will send these commands to dockerd to execute these commands. The docker command uses Docker APT. Docker clients can communicate with multiple daemons.
Docker daemon: daemon

The Docker daemon (dockerd)) listens to Docker API requests and manages Docker objects, such as images, containers, networks, and volumes. Daemons can also communicate with other daemons to manage pocker services.
Docker images: image

The place where the image is stored is found on the public Docker Hub by default, and can be used as a personal warehouse

Containers can be packaged as images
Docker container: container
Docker registry: image warehouse

The place where the image is stored is found on the public Docker Hub by default, and can be used as a personal warehouse

4, docker engine

Docker Engine is a C/S client server application with the following main components:

Server side: the server is a long-running program called daemon process (dockerd command)
CLIENT side: REST API, which specifies the interface that the program can use to communicate with the daemon and indicate its operation
Pass in commands through the client, such as the following:
docker run: run
docker start: Enable
docker rm: delete
Interact with sever end to control the server end to operate according to the command

5, docker three components

1. Mirror image

Formwork; A set of group resources, including application software packages, application related dependent packages, and the basic environment required to run applications (generally refers to the operating system environment), which can be understood as the template of the container

2. Docker container

A runtime state based on mirroring

3. Dock reqistry

Store image image template; Warehouse classification: 1. docker hub of public warehouse, 2. Private warehouse registry harbor

6, Underlying principle

cgroup and namespaces constitute the underlying principle of docker

1. Namespace

The container perfectly implements six name space isolation (namespace resource isolation - encapsulated with containerization Technology)
Mount: file system, mount point
User: the user and user group of the operation process
pid: process number
uts: host name and host domain
ipc: semaphore, message queue, shared memory (understand that different applications should use different memory space when calling)
net: network equipment, network protocol stack, port, etc

2. Control group

Docker engine on Linux also relies on another called control group
(cgroups). cgroup restricts applications to a specific set of resources. The control group allows dockers
The Engine shares the available hardware resources to the container and selectively implements restrictions and constraints. For example, you can limit the memory available for a particular container.

7, docker20 version deployment

1. Environment configuration

[root@localhost ~]# hostnamectl set-hostname docker
[root@localhost ~]# su
[root@docker ~]# systemctl stop firewalld
[root@docker ~]# systemctl disable firewalld.service 
Removed symlink /etc/systemd/system/
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@docker ~]# setenforce 0

2. Install dependent packages

[root@docker ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

3. Set alicloud image

[root@docker ~]# cd /etc/yum.repos.d/

[root@docker yum.repos.d]# ls
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Media.repo    CentOS-Vault.repo
CentOS-CR.repo    CentOS-fasttrack.repo  CentOS-Sources.repo

[root@docker yum.repos.d]# yum-config-manager --add-repo
 Plug in loaded: fastestmirror, langpacks
adding repo from:
grabbing file to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@docker yum.repos.d]# 

4. Install docker CE Community Edition

[root@docker yum.repos.d]# yum install -y docker-ce

5. Set image acceleration

[root@docker yum.repos.d]# mkdir -p /etc/docker

[root@docker yum.repos.d]# tee /etc/docker/daemon.json <<-'EOF'
> {
>   "registry-mirrors": [""]
> }
  "registry-mirrors": [""]
[root@docker yum.repos.d]# systemctl daemon-reload
[root@docker yum.repos.d]# systemctl restart docker
[root@docker yum.repos.d]# cat /etc/docker/daemon.json 
  "registry-mirrors": [""]
[root@docker yum.repos.d]# 

6. Network optimization

[root@docker yum.repos.d]# vim /etc/sysctl.conf


[root@docker yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 1
[root@docker yum.repos.d]# systemctl restart network

7. Start, basic general command

(1) Restart docker

[root@docker yum.repos.d]# systemctl restart docker

(2) View docker version

[root@docker yum.repos.d]# docker -v
Docker version 20.10.8, build 3967b7d

(3) View mirror

[root@docker yum.repos.d]# docker images
[root@docker yum.repos.d]# docker image ls
[root@docker yum.repos.d]# 

(4) View container

[root@docker yum.repos.d]# docker ps -a
[root@docker yum.repos.d]# docker ps -aq

(5) View docker system level information

It is used to display the system level information of docker, such as kernel, number of images, number of containers, etc

[root@docker yum.repos.d]# docker info

 Context:    default
 Debug Mode: false
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
  scan: Docker Scan (Docker Inc., v0.8.0)

 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.8
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.777GiB
 Name: docker
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
 Registry Mirrors:
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Posted by sukanya.paul on Sat, 04 Sep 2021 21:42:13 -0700