docker three elements
Mirroring: templates for containers
Container: a runtime state of an application environment
Warehouse: used to store images
How to create a mirror
Create based on an existing image
Create based on local template
Create based on Dockerfile
What are the components of a mirror
1. Basic image --------- centos
2. Dependent environment ---- gcc make jdk gd, etc
3. Application service package
4. Application service related profiles
5. Startup mode / script / command to run when container is opened
docker image hierarchy
Based on AUFS, it is a stackable file system.
The docker image is located above the bootfs, and the next layer of each layer image becomes the parent image
Each layer of image is called bash image (operating system environment image)
The container layer is readable and writable. At the top layer (writable), all below the container layer are readonly
Specific technology
1. bootfs(boot file system) is integrated in kernel space
It mainly includes bootloader and kernel
bootloader is mainly used to boot and load the kernel. When linux starts, bootfs file system will be loaded. Bootfs is at the bottom of docker image.
This layer is the same as our typical Linux/Unix system, including boot loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs
In the linux operating system (different versions of linux distribution), when loading bootfs, linux will set rootfs to read-only. After the system self-test, read-only will be changed to read-write, so that we can operate in the operating system
2. rootfs (root file system) is integrated in kernel space
On top of bootfs (bash images, such as centos and Ubuntu)
It contains standard directories and files such as / dev /proc, /bin /etc in a typical linux system
rootfs is a variety of operating system distributions, such as ubuntu,centos, etc
3. Summary: why is the centos image of docker only a little more than 200M
bootfs + rootfs: it is used to load and boot kernel programs + mount some key directory files such as linux operating system (centos ubantu)
For a compact OS, rootfs can be very small. It only needs to include the most basic commands, tools and program libraries. Because the underlying layer directly uses the Host kernel, it only needs to provide rootfs. Therefore, for different linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs
4. AUFS and overlay / overlay 2 (docker later)
AUFS is a federated file system. It uses multiple directories on the same Linuxhost to stack them one by one to present a unified file system. AUFS uses this feature to realize the layering of pocker images
docker uses overlay / overlay 2 storage drivers to support hierarchical structure. Overlay FS combines two directories on a single Linux host into one directory. These directories are called layers, and the unified process is called joint mount
overlay structure:
// overlayfs stay linux There are only two layers on the host. One directory is on the lower layer to save the image(docker),Another directory is on the upper level to store container information 1,rootfs base image 2,lower Lower level information(Mirror layer,container) 3,upper Upper level directory(Container information, writable) 4,worker Working directory of the run( copy-on-write Copy on write prepares the container environment) 5,mergod "View layer(Container view)
Note: when modifying, if the upper layer does not, the files of the lower layer will be copied to the upper layer for modification and the results will be saved
docker image hierarchy
// 1.base image :base image 2.image:It solidifies a standard operating environment and the function of the image itself-Encapsulate a group of functional files and provide them in a unified way and file format(read-only) 3.container:Container layer(Reading and writing) 4.docker-server end 5.Present to docker-client(view)
A concise overview of mirror tiering:
// This is from top to bottom container Container layer image (s) Image layer (applied image layer - upper image layer)) image (s) Mirror layer(Environment dependent mirror layer - lower mirror layer) base image Base mirror layer( linux Release operating system rootfs) kernel Kernel layer( aufs + bootfs ) Because each linux The distribution version shares one set bootfs Boot and load the file system (provided by the host kernel)) meanwhile vm The operating system of the virtual machine needs to be completely simulated So the container's operating system is better than vm The operating system of the virtual machine is more lightweight (the difference is that the container shares the host kernel))
Joint mount
// [root@localhost demo]# mkdir work [root@localhost demo]# mkdir mergod
// [root@localhost demo]# mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work mergod
dockerfile operation instruction
Difference between ADD and copy
Both can be copied
However, ADD also has the function of decompression. add nginx-1.12.tar.gz /root/nginx
The compressed package will be decompressed into the container at the same time of copying, which is nginx-1.12/
The objects copied by add can be URLs and cross node data (URLs)
Difference between CMD and entrypoint
Are commands to be loaded when the container starts
① cmd is the command loaded by default when the container environment starts
② entrypoint is the first command program / script init loaded when the container environment starts
// If ENTRYPOINT Used shell pattern, CMD The command is ignored. entrypoint ["sh","-c", "echo $HOME"] cmd [ "restart" ] #CND will be ignored If ENTRYPOINT Used exec pattern, CMD The specified content is appended as ENTRYPOINT Specifies the parameters of the command. entrypoint ["/etc/init.d/nginx"] cmd [ "restart"] #CMD as the parameter of entrypoint If ENTRYPOINT Used exec pattern, CMD It should also be used exec pattern. For example: Same dockerfile Multiple in cmd If so, which one will take effect? A: the last one takes effect If dockerfile Multiple in cmd At the same time, docker build -t nginx:new /bin/bash Which takes effect? answer:docker build Effective date of designation If dockerfile in cmd and entrypoint Which is effective at the same time A: depending on the situation, if all types are loaded by default: cmd :Command loaded by default/Execution procedure entrypoint:First loaded environment exec If the mode is started, then entrypoint Will be overwritten, or cmd As entrypoint Incoming parameters shell If the mode is started,Directly entrypoint take effect exec Mode and shell pattern: exec:The first task process to start when the container is loaded shell:The first used when the container is loaded bash
Write dockerfile,nginx image
Dockerfile is a file composed of a set of instructions. The dockerfile structure consists of four parts:
① Basic image information (specify the image and version of the operating system image)
② Maintainer information
③ Mirror operation instruction
④ Execute instructions when the container is started (scripts / command parameters executed when the container is started, etc.)
Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and comments starting with "#" are supported
// [root@localhost ~]# mkdir nginx [root@localhost ~]# cd nginx [root@localhost nginx]# vim dockerfile #Base image centos should be lowercase FROM centos:7 MAINTAINER THIS IS NGINX IMAGE #Add environment package RUN yum -y update RUN yum install -y pcre-devel zlib-devel gcc gcc-c++ make RUN useradd -M -s /sbin/nologin nginx #decompression ADD nignx-1.12.2.tar.gz /usr/local/src #Specify the working directory, which is equivalent to cd WORKDIR /usr/local/src WORKDIR nginx-1.12.2 RUN ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module && make && make install #Setting environment variable values ENV PATH /usr/local/nginx/sbin:$PATH #Specify the httpd port EXPOSE 80 RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf CMD nginx
// [root@localhost nginx]# ls dockerfile nginx-1.12.2.tar.gz ##Incoming compressed package
Build an image based on the dockerfile file
// [root@localhost nginx]# docker build -f dockerfile -t nginx:new . docker build :be based on dockerfile Build mirror -f :appoint dockerfile File (if it is not written by default, it refers to the current directory) -t : (tag)Labeling - nginx:new . :It refers to the context in which the image is built, which is easy to understand:Refers to the files in the current directory environment
Created successfully
Visit web page
Summary: building nginx images
① Create a corresponding directory (mkdir nginx)
② Write a Dockerfile file (the simplest way is to put the nginx deployment script into it, execute each command with RON, use ENV as the environment variable, move to the corresponding directory, use workdir, and finally use CMD for startup settings)
③ Upload nginx-1.12.2.tar.gz package and other files in nginx directory
④ docker build creation
⑤ docker run container
⑥ Check
Building a tomcat image
// [root@localhost ~]# mkdir tomcat [root@localhost ~]# cd tomcat [root@localhost tomcat]# vim dockerfile FROM centos:7 MAINTAINER build image tomcat EXPOSE 8080 ADD jdk-8u91-linux-x64.tar.gz /usr/local/src WORKDIR /usr/local/src ENV JAVA_HOME /usr/local/src/jdk1.8.0_91 ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar ENV PATH $JAVA_HOME/bin:$PATH ADD apache-tomcat-9.0.16.tar.gz /usr/local/src RUN mv apache-tomcat-9.0.16/ /usr/local/tomcat &> /dev/null ENV PATH /usr/local/tomcat/bin/:$PATH ADD tomcat.run.sh /usr/local/src RUN chmod 755 /usr/local/src/tomcat.run.sh &> /dev/null CMD ["/usr/local/src/tomcat.run.sh"]
// [root@localhost tomcat]# cat tomcat.run.sh #!/bin/bash /usr/local/tomcat/bin/catalina.sh run
Build image based on dockerfile
// docker build -t tomcat:new .
Start container
visit
Tomcat image optimization
// [root@localhost tomcat]# cat dockerfile FROM frolvlad/alpine-oraclejdk8 ADD apache-tomcat-9.0.16.tar.gz /usr/local/ WORKDIR /usr/local/ RUN mv /usr/local/apache-tomcat-9.0.16 /usr/local/tomcat &>/dev/null RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && sed -i "s#securerandom.source=file:/dev/random#securerandom.source=file:/dev/urandom#g" $JAVA_HOME/jre/lib/security/java.security EXPOSE 8080 ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]
// docker build -t tomcat:new . ##Forgot to change the label
400 megabytes less than before optimization
Open the container and expose the port randomly
// [root@localhost tomcat]# docker run -d -P tomcat:new
