Virtual machines? Doesn't Docker smell good


Nowadays, Docker is widely used, especially in front-line Internet companies. Using Docker technology can help enterprises expand services quickly and horizontally, so as to achieve the ability of elastic deployment of business. After the rise of the cloud service concept, the usage scenario and scope of Docker have further developed. Now, with the increasing popularity of micro service architecture, the perfect combination of micro service and Docker makes it easier for the operation and maintenance deployment of micro service architecture.

1, Docker overview

1. What is Docker?

Docker was originally an internal project initiated by Solomon Hykes, founder of dotCloud company, during his stay in France. It is an innovation based on cloud service technology of dotCloud company for many years. It was open-source under Apache 2.0 license agreement in March 2013. The main project code is maintained on GitHub. The docker project later joined the Linux foundation and established the open container Alliance (OCI).

Official website

  • Docker is the world's leading software container platform. Using docker, developers can eliminate the problem of "working normally on my machine" in collaborative coding. Operation and maintenance personnel can use docker to run and manage applications in parallel in isolated containers to obtain better computing density. Using docker, enterprises can build an agile software delivery pipeline and release new functions for Linux and Windows Server applications with faster speed, higher security and reliable reputation.

  • Docker is a kind of encapsulation of Linux container and provides a simple and easy-to-use container interface. It is currently the most popular Linux container solution. Docker packages the application and its dependencies in a file. Running this file will generate a virtual container. The program runs in this virtual container as if it were running on a real physical machine. With docker, you don't have to worry about environmental problems.

Overall, Docker's interface is quite simple. Users can easily create and use containers and put their applications into containers. The container can also perform version management, copying, sharing and modification, just like managing ordinary code.

2. Why Docker

In addition to running its applications, the container basically does not consume additional system resources, which makes the application performance very high and the system overhead as small as possible. Running 10 different applications in the traditional virtual machine mode requires 10 virtual machines, while Docker only needs to start 10 isolated applications.

  • Faster delivery and deployment
    For developers and operation and maintenance personnel, what they want most is to create or configure it at one time, and it can run normally anywhere.
    Developers can use a standard image to build a set of development containers. After development, operation and maintenance personnel can directly use this container to deploy code. Docker can quickly create containers, quickly iterate applications, and make the whole process visible, making it easier for other members of the team to understand how applications are created and work. Docker container is light and fast! The startup time of the container is seconds, which greatly saves the time of development, testing and deployment.

  • More efficient virtualization
    The operation of Docker container does not require additional hypervisor support. It is kernel level virtualization, so it can achieve higher performance and efficiency.

  • Easier migration and expansion
    Docker container can run on almost any platform, including physical machine, virtual machine, public cloud, private cloud, personal computer, server, etc. This compatibility allows users to migrate an application directly from one platform to another.

  • Simpler management
    Using Docker, you can replace a large number of previous updates with only a small modification. All modifications are distributed and updated incrementally, so as to realize automatic and efficient management.

3. Docker VS virtual machine

  • VM is a complete operating system running on the host. Running its own operating system will occupy more CPU, memory and hard disk resources.

  • Unlike VM, Docker only contains applications and dependent libraries. Based on libcontainer, it runs on the host and is in an isolated environment, which makes Docker lighter and more efficient. It only takes a few seconds to start the container. Because Docker is lightweight and occupies less resources, Docker can be easily applied to build standardized applications.

  • However, Docker is not perfect at present. For example, the isolation effect is not as good as VM, and some basic libraries of the host operating system are shared; The network configuration function is relatively simple, mainly in bridge mode; It is not convenient and flexible to view logs.

  • Docker further encapsulates the container, from file system, network interconnection to process isolation, which greatly simplifies the creation and maintenance of the container. This makes docker technology lighter and faster than virtual machine technology.

  • As a new virtualization method, docker has many advantages over traditional virtualization methods. The start of docker container can be realized in seconds, which is much faster than the traditional virtual machine method; Docker has a high utilization of system resources. Thousands of docker containers can be run on a host at the same time.

Starting speedSecond orderMinute level
Operational performanceClose to native, run directly in the kernelAbout 5% loss
Disk occupancyMBGB
quantityhundreds ofGenerally dozens
IsolationProcess levelSystem level, more thorough
operating systemMainly support LinuxAlmost all

4. Docker application scenario

  • Packaged application simple deployment
  • It can be migrated arbitrarily away from the underlying hardware (realizing the isolation of applications, splitting and decoupling applications), for example, the server can be migrated from Tencent cloud to Alibaba cloud
  • Continuous integration and continuous delivery (CI/CD): development to test release
  • Deploy microservices
  • Provide PAAS products (platform as a service)
    The virtual machine of OpenStack is similar to Alibaba cloud ECS and belongs to IAAS; Docker (K8S) belongs to PAAS

5. Docker engine

Docker Engine is a C/S client server application with the following main components

  • Server side: the server is a long-running program called daemon process (dockerd command)
  • CLIENT side: REST API, which specifies the interface that the program can use to communicate with the daemon and indicate its operation
adopt client Client incoming command
docker run: function
docker start: open
docker rm: delete
 And sever End to end interaction, control server The terminal shall operate according to the command

6. Docker three components

  • Mirror (Image)
    Docker image is the basis for creating containers, which is similar to the snapshot of virtual machine. It can be understood as a read-only template for docker container engine

  • Docker container
    Docker's container is the runtime state created from the image. It can be started, stopped and deleted. The container is a service;
    Each container created is isolated and invisible from each other, with strong isolation between each other, so as to ensure the security of the platform;
    The container can be regarded as a simple version of Linux environment. Docker can use the container to run and isolate applications

  • Warehouse (Docker reqistry)
    The Docker warehouse is used to store images in a centralized manner. After creating your own image, you can use the push command to upload it to a public warehouse or a Private warehouse. Then you need to use the image on another machine and pull it directly;
    The warehouse registration server Registry is the place where warehouses are stored. It contains multiple warehouses. Each warehouse stores a certain type of image and uses different tag s to distinguish them

At present, the largest public warehouse is Docker Hub

7. Namespaces

Docker uses a technology called namespaces to provide an isolated workspace for a container. When running a container, docker will create a set of namespaces for the container. These namespaces provide a layer of isolation. Each aspect of the container runs in a separate namespace, and its access is limited to the namespace

The docker engine requires the kernel version, at least 3.8 +, because docker requires the resource management function of cgroups

  • The container perfectly implements six namespace isolation (namespace resource isolation - encapsulated by containerization Technology)
    Mount: file system, mount point
    User: the user and user group of the operation process
    pid: process number
    uts: host name and host domain
    ipc: semaphore, message queue, shared memory (understand that different applications should use different memory space when calling)
    net: network equipment, network protocol stack, port, etc

  • Control groups: a resource management function that limits applications to a specific set of resources
    The control group allows the Docker Engine to share the available hardware resources to the container and selectively implement restrictions and constraints

2, Installing and deploying Docker

1. Environment configuration

systemctl stop firewalla
systemctl disable firewalld

vim /etc/selinux/config

vim /etc/resolv.conf

2. Install dependent packages

yum install -y yum-utils device-mapper-persistent-data lvm2

#yum utils -- enhanced yum tools
#Device mapper persistent data -- the driving engine of container
#lvm2 -- enhanced mode of logical volumes

3. Set alicloud image source

cd /etc/yum.repos.d/
yum-config-manager --add-repo

4. Install docker CE Community Edition

yum install -y docker-ce

systemctl start docker
systemctl enable docker

5. Configure image acceleration

The official image acceleration registration website, log in to the container image service console, select image Tools > Image accelerator in the left navigation bar, and the accelerator address independently assigned to you will be displayed on the image accelerator page

  • Use the accelerator by modifying the daemon configuration file / etc/docker/daemon.json
mkdir -p /etc/docker
 Enter the following directly from the command line:
tee /etc/docker/daemon.json <<-'EOF'
  "registry-mirrors": [""]
systemctl daemon-reload							#Overload daemon
systemctl restart docker						

6. Network optimization

vim /etc/sysctl.conf

sysctl -p
systemctl restart network
systemctl restart docker
docker images or docker image ls	 						#Query image list

7. Common commands

  • View docker version
docker -v		
docker version

  • Display the system level information of docker, such as kernel, number of images, number of containers, etc
docker info

8. Configuration file analysis

#The docker configuration file can also add the following setup configurations
vim /etc/docker/daemon.json		
"graph" : "/data/docker"				#Data location where docker images are stored / var/lib/docker
"storage-driver":"overlay2"  			#In the early days, the storage engine used the aufs overlay 2 storage engine
"insecure-registries": ["",""] 	#Private warehouse location
"bip" : "" 					#The docker network controls the location of the network segment. A new bridge needs to be created. The system default docker0 remains unchanged
"exec-opts" : [ "native.cgroupdriver=systemd" ] 					#Additional parameters at startup (drive, k8s use)
"live-restore":true						#When the docker container engine hangs, the container running with docker can still run (separate)

"Comparison" between docker's network recommendations and host IP
For example, the address of the host container can be modified to, which makes it easier to locate the fault node in case of fault

3, Docker image related operations

1. Run image

docker run hello-world		 		#Run the Hello world image

run representative
pull dockerhub	Items in warehouse/library/image
start hello-world image

The Docker client contacted the Docker daemon. dockerclient
 The client is connected to the server(The server runs in the operating system in the form of a daemon)restfulapi typical C/S framework

The Docker daemon pulled the "hello-world" image from the Docker Hub.(amd64)
from docker Server side daemon from docker hub Image downloaded on(The server will first check whether the local system has this image)

The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
The server creates a new container, then starts a container from the pulled image, and the container executes the script/The executable allows us to view/use

The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
docker The server Flows these information(transmit)Go back to the client and show it,(Display on terminal)
docker client It can take many forms, such as"docker"Terminal where the command tool is located

2. Search for images

docker search nginx		 			#Search image nginx
docker search centos: 7		 		#Search image centos:7

3. Download Image

docker pull Image name
docker pull nginx				#Download the latest image of nginx

4. View the image

docker  images	 						#View mirror list
docker images -q	 					#Query image filter ID, q: for filtering, only filter container ID

5. View the image details under the current docker

docker inspect image ID	 

6. Add image label

docker image tag image ID Image name:Version number
 You can customize the image name and version number

docker tag hello-world:latest hello-world:lamp

7. Delete image

When deleting a mirror, if there is a container, you need to delete the container first

docker rmi  Image name 					
docker rmi  Mirror label   		

 docker rmi `docker images -aq`     	#Batch delete image

  • delete a tap
docker rmi hello-world:lamp		   					#Delete the lamp tag of Hello world

8. Image import and export

  • export
docker save -o File name image name
docker load < 

docker save -o hello-world hello-world

  • Import
scp hello-world root@		 
docker load < hello-world						 #Mirror import 

Usage scenario: in some production environments, enterprises do not directly use the docker private warehouse, but store it in an ftp server and upload and download it on demand

4, Docker container related operations

1. Query container

docker ps -a									#Displays all containers, including those that are not running

docker ps -aq		 							#Query the id of the container
q: Represents filtration; only filter containers ID

2. Create container

docker create -it nginx:latest /bin/bash

-i:Leave the standard input of the container open
-t: Assign a pseudo terminal
-d: Run as a background daemon

3. Start the container

  • Start container
docker start container id 

  • Start container (one-time operation)
docker run nginx:latest /bin/bash
docker run centos:7 /usr/bin/bash -c ls /

After one execution, he quit directly

  • Continuous background operation
docker run -d centos:7 /bin/bash -c "while true;do echo hello world;done"

-The itd option indicates that a pseudo terminal is assigned to run as a background daemon

  • Several states of containers
created: Has been created (used) docker ps -a The command can be listed) but has not been started (used) docker ps Command cannot be listed yet)
running: In operation
paused: The process of the container was suspended
restarting: The process of the container is in the process of restarting
exited: stopped Status, which means that the container has run before but is now in the stopped state (to be different from created Status, which refers to a newly created container that has not been run. You can start Command to re-enter running state
destroyed: The container was deleted and no longer exists

4. Delete container

  • Delete container
docker rm container ID											 #You do not need to add - f to delete containers in exit status
docker rm -f container ID										 #Force deletion of running containers

  • Batch delete container (regular matching)
#Batch delete container (regular matching); $1: is the id of the container
docker ps -a | awk '{print "docker rm "$1}' | bash		 

#Batch delete containers with "exit" status (specified status)
for i in `docker ps -a | grep -i exit | awk '{print$1}'`; do docker rm -f $i;done
docker rm -f `docker ps -aq`							#Delete all containers 
docker rm -f `docker ps -q`								#It is mandatory to delete containers in non up status in batch. It is not recommended. If it needs to be deleted, select the id to delete

5. Stop the container

docker stop container ID				 
Status code 137: indicates actively exiting and stopping the container

6. Enter and exit the container

  • run command
docker run -it centos:7 /bin/bash

  • exec command
docker exec -it container ID /bin/bash

  • difference:

docker run -it: the foreground process will be created, but the process will be terminated after entering exit
docker attach: connect to the input / output stream in the container through stdin, and terminate the process after entering exit
docker exec -it: it will connect to the container. It can enter the container like SSH and operate. It can exit the container through exit without affecting the operation of the container

  • Exit container

7. Import and export of containers

docker export container ID > file name									
docker import Exported file name(container) Specify the mirror name(Label)
cat file name(container) | docker import - Specify the mirror name(Label)
cat centos_7 | docker import - centos:v2


  • Meaning of using docker
    Unified infrastructure environment - docker environment
    Unified program packaging method - docker image
    Unified application deployment method - docker container

  • Namespaces provide techniques for isolating workspaces for containers
    Mount: file system, mount point
    User: the user and user group of the operation process
    pid: process number
    uts: host name and host domain
    ipc: semaphore, message queue, shared memory (understand that different applications should use different memory space when calling)
    net: network equipment, network protocol stack, port, etc

Control groups: the resource management function limits the application to a specific group of resources. The control group allows the Docker Engine to share the available hardware resources to the container and selectively implement restrictions and constraints

Tags: Docker network rsync server VM

Posted on Thu, 25 Nov 2021 16:55:21 -0500 by barbgd