Introduction to docker
First, let's introduce the difference between container and virtualization
VM(VMware) creates virtual layer, virtualized operating system and virtualized warehouse on the basis of host machine and host machine operating system, and then installs applications;
Docker creates a docker engine on the operating system of the host machine and directly calls hardware resources on the operating system of the host machine, rather than virtualizing the operating system and hardware resources, so the operation speed is fast.
Docker is an open source project implemented in Go language, which allows us to easily create and use containers. Docker packages programs and all program dependencies into docker container, so that your programs can have consistent performance in any environment. The dependencies of program operation here are containers, just like containers, The operating system environment in which the container is located is like a cargo ship or port. The performance of the program is only related to the container (container), and has nothing to do with which cargo ship or port the container is placed (operating system).
Therefore, we can see that docker can shield environmental differences, that is, as long as your program is packaged in docker, the behavior of the program is consistent no matter what environment it runs in.
In addition, another advantage of docker is rapid deployment, which is the most common application scenario in Internet companies. One reason is that the container starts very fast, and the other reason is that as long as you ensure that the programs in a container run correctly, you can be sure that no matter how much you deploy in the production environment can run correctly.
Background of docker
The reason and background of a software or service is to solve the problems encountered in the production or working environment
The problems arising from production and work are different from the development and operation and maintenance environment or configuration, resulting in problems in the operation and maintenance environment for the deliverables with good development environment. Such problems are very annoying.
In the traditional operation and maintenance process, if there are ten machines on the line, each machine needs to be redeployed for repeated work.
The application environment cannot be configured across platforms.
Multiple applications installed in the environment may conflict, such as port conflict.
Traditional publishing process:
Package - > publish (app store) - > download package - > install available
docker publishing process:
Software package - > package with environment (image) - > docker warehouse: Store - > Download published image - > run directly available
docker mechanism solves these problems well
1. docker originates from the idea of container. It has its own isolation mechanism, and there is no interference between containers
2. Build once and run everywhere. Docker can package the written image file and run it in any docker service. This is derived from the container format of docker: the container format is used by the docker engine to package the namespace, control group and federated file system together. The default container format is libcontainer
3. The docker control group and the federated file system can set the cpu, memory and other usage limits of processes, while the federated file system can establish a federated mount point and share storage.
What is LXC
If we use the container function in the traditional way, we need to write our own code to make system calls to create the kernel. In fact, few people have this ability. LXC (LinuX Container) makes the container technology easier to use and makes the container functions needed into a set of tools, which greatly simplifies the trouble of users using container technology.
LXC is one of the first batch of schemes that really use the complete container technology with a set of simple tools and templates to greatly simplify the use of container technology.
Although LXC greatly simplifies the use of container technology, its complexity is not much reduced compared with using container technology directly through kernel call, because we must learn a set of command tools of LXC, and because the creation of kernel is realized through commands, it is not easy to realize data migration through batch commands. Its isolation is not as powerful as virtual machines.
Later, docker appeared, so to some extent, docker is an enhanced version of LXC.
|System version||IP address|
LXC installation and deployment
[root@localhost ~]# Yum - y install epel release / / install epel source code
Install LXC and its dependent packages
[root@localhost ~]# yum -y install lxc lxc-templates bridge-utils lxc-libs libcgroup libvirt perl debootstrap lxc-templat //LXC configuration template bridge-utils //This is a toolkit for bridge management lxc-libs //Library files required by LXC libcgroup //cgroup is a mechanism that provides task aggregation and partitioning for linux kernel. It organizes some tasks into one or more subsystems through a set of parameters. libvirt //Server side daemons required to manage linux virtualization functions. A driver specific hypervisor is required.
[root@localhost ~]# systemctl start lxc [root@localhost ~]# systemctl start libvirtd [root@localhost ~]# LxC checkconfig / / check the configuration Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.10.0-862.el7.x86_64 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled newuidmap is not installed newgidmap is not installed Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled Bridges: enabled Advanced netfilter: enabled CONFIG_NF_NAT_IPV4: enabled CONFIG_NF_NAT_IPV6: enabled CONFIG_IP_NF_TARGET_MASQUERADE: enabled CONFIG_IP6_NF_TARGET_MASQUERADE: enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled --- Checkpoint/Restore --- checkpoint restore: enabled CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
Create virtual machine
// View the LXC template containers available in the current system [root@localhost ~]# ls /usr/share/lxc/templates/ lxc-alpine lxc-archlinux lxc-centos lxc-debian lxc-fedora lxc-openmandriva lxc-oracle lxc-sshd lxc-ubuntu-cloud lxc-altlinux lxc-busybox lxc-cirros lxc-download lxc-gentoo lxc-opensuse lxc-plamo lxc-ubuntu
Create LXC host
[root@localhost ~]# LXC create - t CentOS - n myhost1 / / create LXC host, - t specify template container, - N specify host name to create Copying rootfs to /var/lib/lxc/myhost1/rootfs ... #Generate the root of the virtual system. The default path of the file is / var/lib/lxc/myhsot1 /var/lib/lxc/myhost1/tmp_root_pass' #This file holds the initial root password of the host chroot /var/lib/lxc/myhost1/rootfs passwd #You can use this command to change the initial root password
The default path of files generated by LXC host is in / var/lib/lxc / hostname / directory
[root@localhost myhost1]# pwd /var/lib/lxc/myhost1 [root@localhost myhost1]# ls config rootfs tmp_root_pass // config is a configuration file // rootfs is the root directory // tmp_root_pass root password storage location
[root@localhost myhost1]# chroot /var/lib/lxc/myhost1/rootfs/ passwd / / modify the initial password Change user root Your password. New password: Re enter the new password: passwd: All authentication tokens have been successfully updated. [root@localhost myhost1]# lxc-start -n myhost1 systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to CentOS Linux 7 (Core)! Running in a container, ignoring fstab device entry for /dev/root. Cannot add dependency job for unit display-manager.service, ignoring: Unit not found. [ OK ] Reached target Remote File Systems. Omitted here N that 's ok myhost1 login: root #Log in as root Password: #Enter the set root password
View some system information of lxc host
[root@myhost1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 50G 2.3G 48G 5% / devtmpfs 1.4G 0 1.4G 0% /dev tmpfs 1.4G 0 1.4G 0% /dev/shm tmpfs 1.4G 17M 1.4G 2% /run tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup tmpfs 280M 0 280M 0% /run/user/0 [root@myhost1 ~]# ip a / / view the network card information 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether fe:9f:2e:9a:ff:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.122.118/24 brd 192.168.122.255 scope global dynamic eth0 valid_lft 3403sec preferred_lft 3403sec inet6 fe80::fc9f:2eff:fe9a:ffb5/64 scope link valid_lft forever preferred_lft forever lxc-start -n myhost1 -d #Adding the - d option at startup can prevent the host from running in the background lxc-console -n myhost1 #Connect using LxC console [root@localhost ~]# ssh firstname.lastname@example.org email@example.com's password: //You can connect Using ssh
View the running status of the host
[root@localhost myhost1]# lxc-info -n myhost1 Name: myhost1 State: RUNNING PID: 1741 IP: 192.168.122.118 CPU use: 0.17 seconds BlkIO use: 15.54 MiB Memory use: 8.04 MiB KMem use: 0 bytes Link: veth55YWH2 TX bytes: 1.42 KiB RX bytes: 6.19 KiB Total bytes: 7.61 KiB
Stop LXC host
[root@localhost myhost1]# lxc-stop -n myhost1
[root@localhost myhost1]# LxC clone - O myhost1 - n myhost2 / / Clone myhost1 as myhost2 Created container myhost2 as copy of myhost1
[root@localhost myhost1]# lxc-destroy -n myhost1 [root@localhost ~]# lxc-start -n myhost2 systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to CentOS Linux 7 (Core)! Omitted here N that 's ok myhost2 login: root Password: //The password is the same as myhost1