Use of Docker Containers

Keywords: Docker Linux CentOS less

Catalog

Docker container and KVM virtualization

Installation and Use of Docker

The Use of Vulhub in Vulhub Vulhub Based on Docker

Docker container and KVM virtualization

Docker Container is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish them to any popular one. Linux On the machine, it can also be implemented. Virtualization . The docker container is a lightweight, portable, self-contained software packaging technology that enables applications to run almost anywhere in the same way. Developers create and test containers on their laptops that can run on virtual machines, physical servers or public cloud hosts of production systems without any modifications. Containers are fully used sandbox Mechanisms, which have no interfaces with each other and almost no performance overhead, can easily run in machine and data centers. Most importantly, they do not depend on any language, framework, or system. Simply put, a container is a process running in an isolated environment. If the process stops, the container will be destroyed. The isolated environment has its own system files, IP address, host name, etc.

Docker technology introduction: Docker provides container resource isolation and security through kernel virtualization technology (namespaces and cgroups cpu, memory, disk io, etc.). Because Docker is isolated by virtualization of the operating system layer, the Docker container does not need additional operating system overhead similar to the virtual machine (VM) to improve resource utilization.

The difference between Linux container technology, container virtualization and kvm virtualization:

  • Container: Shared host kernel, running service, less wastage, fast start-up, high performance
  • Container virtualization: Hardware support is not required. No need to simulate hardware, share the host's kernel, boot time in seconds (no boot start process)
  • kvm virtualization: need hardware support, need to simulate hardware, can run different operating systems, start-up time minutes (boot-up start process)

Advantages of Docker and KVM virtualization

  • Docker solves the dependence between software and operating system environments and enables independent services or applications to achieve the same results in different environments. The docker image has its own file system.
  • Kvm solves the dependence between hardware and operating system, Kvm independent virtual disk, xml configuration file.

Installation and Use of Docker

curl -s https://Get.docker.com/| sh# Install Docker with root privileges. Reference link: https://vulhub.org/#/docs/install-docker-one-click/

docker version                  #View the docker version

#Configure docker image acceleration
vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}    


#Use of docker
systemctl start docker              #start-up
systemctl daemon-reload             #Daemon restart
systemctl restart  docker           #Restart docker service 
systemctl stop docker               #Close docker 
   

#Management of docker image
docker images -a               #Look at all the mirrors
docker rm    #Delete mirror example: docker image rm centos:latest    
docker save  #Export mirror examples: docker image save CentOS > docker-centos 7.4. tar. GZ  
docker load  #Import mirror example: docker image load-i docker-centos7.4.tar.gz  


#Container management

#Start container
    docker run image_name
    docker run -it image_name CMD
    
    docker run ==== docker create  + docker start

#Stop container
    docker stop CONTAINER_ID
#Kill containers
    docker kill container_name
#View Container List
    docker ps
    docker ps –a 
    
#Enter the container (purpose, debugging, troubleshooting)
***    docker exec  (A new terminal will be assigned tty)
        docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
        
    docker exec -it  container id Or container name /bin/bash(/bin/sh)
        
    docker attach(Use the same terminal)
        docker attach [OPTIONS] CONTAINER
        
    nsenter(install yum install -y util-linux Abandoning)

#Delete containers
    docker rm
#Batch Delete Containers
    docker rm -f `docker ps -a -q`

//Note: The first process (initial command) in the docker container must always be in the foreground running state (must be rammed), otherwise the container will be in the exit state!

The Use of Vulhub in Vulhub Vulhub Based on Docker

vulhub's address: https://vulhub.org

Vulhub is a collection of vulnerability environments based on docker and docker-compose. Entering the corresponding directory and executing a statement can start a new vulnerability environment.

How to install Docker and Docker-compose is no longer discussed. Start the container of the corresponding target machine directly.

Start Docker: system CTL start docker

Enter the corresponding target directory, here I choose weblogic CVE-2017-10271 vulnerability, direct one-click start: docker-compose up-d

After the vulnerability replication is completed, the environment is removed under the directory of the vulnerability. Command: docker-compose down

Reference article: Installation and Use of Docker Container 

 

Posted by sherri on Sat, 17 Aug 2019 01:39:52 -0700