Docker Myths and Recipes
People constantly talk about Docker. I know that you answer: “This is something about containers, virtualization, clouds,” “Everything works for us,” “This is all self-indulgence,” “It will not run on our old Linux kernel,” “You can prepare an image for the cloud and run it ”,“ You can simply configure LXC, chroot or AppArmor ”. You know that you do not need him. Another fashionable thing. In the end, just too lazy to understand. But curious! Then read. This is a series of six notes.
If you have not heard of containers in Linux, here is a list of pages that need to be read to understand what it is about:
Put the Docker, it's small. For Windows and Mac, you can simply install Toolbox: www.docker.com/toolbox . Create a virtual machine and configure better from the command line, rather than through a graphical wrapper. Read a few lessons from the manual. Here I am writing about what is not in the documentation.
')
This is what my Linux is:
I launch CentOS:
Docker is not chroot, their functionality overlaps. This is not a security system like AppArmor. Docker uses the same containers as LXC, but it is not interesting containers. Docker is nothing I thought about before reading the documentation.
The same core, memory, file system, and distributions, libraries and users are different.
The question regularly arises whether the nginx configuration is part of a web application. System administrators are arguing with the developers. But recently devops appeared in the world and wanted instead of a sequential-procedural call of commands from bash to think the usual OOP. Docker provides encapsulation, inheritance, and polymorphism to system components, such as a database and data. This means that it is possible to decompose the entire information system, select an application, web server, database, system libraries, work data into independent components, implement dependencies from configs, and make it all work as a group, the same on different computers.
This approach can be used to reduce the cost of working hours of expensive front-end developers to set up a database and Nginx. To get away from vendor lock-in. Do not break off when openssl on the server does not support cipher, which is used in the public institution API. For the application to work regardless of the version of PHP or Python on the customer’s server. Create open source not only in the form of code, but also setting up packages from several applications written in different languages, running on different OSI layers.
So, I opened docs.docker.com/mac/started , put Docker on, completed several exercises, and felt that I was being held for a doochie-losers, who are afraid to overload with information. The first question is: where did the damn docker put himself, where are his files in, in what format, how is it all arranged? Answers here: blog.thoward37.me/articles/where-are-docker-images-stored
In short, for working with the file system, Docker uses one of the drivers, usually AUFS , and all the container files are in / var / lib / docker / aufs / diff /. The / var / lib / docker / containers / service information, not the container files themselves.
Images are like classes in code. Containers are like objects created from classes. The main difference is that you can commit the container and make an image of it. Images consist of so-called layers, layers are folders that lie in / var / lib / docker / aufs / diff /. Typically, application images inherit some kind of ready-made official system images. When the Docker downloads an image, it needs only those layers that it does not have.
For example, I download the official nginx image: hub.docker.com/r/library/nginx/tags
They write that the image of nginx 1.9.4 is 52 mb in size, and in fact, I only have 3 mb downloaded. This is because nginx is built on the debian: jessie image , which I have “Already exists”. There are many images based on Ubuntu. Of course, it is worth collecting your system from images with one ancestor.
Containers are executed by a kernel mechanism called Cgroups . The docker service starts the container with a command received from the client application (for example, docker ) and stops it when the standard input / output stream is released in the container. Therefore, in the Nginx configuration for Docker they write:
When the work of the container ends, it is not deleted, unless it is specifically indicated. Each for $ launch of the container with the docker run command image_name without parameters --name or --rm creates a new container with a unique identifier that remains in the system until deletion. So Docker is a system prone to littering. The names of the containers in the system are unique. I recommend assigning a name to each permanent container being created, and I recommend creating containers with no need to save data with the --rm parameter. Containers are created by the docker run and docker create commands. You can view a list of all existing containers in the system with the docker ps -a command .
Accordingly, the Docker may hang. If you gave the command to download an image, the only way to interrupt the download process is to restart the service. The authors have long been discussing what to do about it, but things are still there.
For example, in version 1.8.1 there is a reproducible problem:
Press Ctrl-C, then immediately start the download again.
Repin's painting "Sailed". That is, stuck. You must restart the daemon.
It happens that the docker daemon does not want to die on its own and does not release the port, and the init-script has not yet handled the borderline cases. So do not forget to check sudo /etc/init.d/docker status , sudo netstat -ntpl , reach for a tambourine and dance.
You also have to remember that the order of operators for the docker command is important. If you write docker create nginx --name = nginx , --name = nginx will be considered a command to be executed in the container, and not the name of the container.
Now it will be easier for you to deal with official documentation.
Continued: habrahabr.ru/post/267451 and habrahabr.ru/post/267455
If you have not heard of containers in Linux, here is a list of pages that need to be read to understand what it is about:
- en.wikipedia.org/wiki/LXC
- en.wikipedia.org/wiki/UnionFS
- habrahabr.ru/post/253877
- www.docker.com/whatisdocker
Put the Docker, it's small. For Windows and Mac, you can simply install Toolbox: www.docker.com/toolbox . Create a virtual machine and configure better from the command line, rather than through a graphical wrapper. Read a few lessons from the manual. Here I am writing about what is not in the documentation.
')
Docker is not virtualization.
This is what my Linux is:
Welcome to Ubuntu 15.04 (GNU/Linux 3.19.0-15-generic x86_64) Last login: Tue Aug 18 00:43:50 2015 from 192.168.48.1 gri@ubuntu:~$ uname -a Linux ubuntu 3.19.0-15-generic #15-Ubuntu SMP Thu Apr 16 23:32:37 UTC 2015 x86_64 x86_64 x86_64 GNU/ Linux gri@ubuntu:~$ free -h total used free shared buffers cached Mem: 976M 866M 109M 11M 110M 514M -/+ buffers/cache: 241M 735M Swap: 1.0G 1.0M 1.0G I launch CentOS:
gri@ubuntu:~$ docker run -ti centos [root@301fc721eeb9 /]# uname -a Linux 301fc721eeb9 3.19.0-15-generic #15-Ubuntu SMP Thu Apr 16 23:32:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@301fc721eeb9 /]# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) [root@301fc721eeb9 /]# free -h total used free shared buff/cache available Mem: 976M 85M 100M 12M 790M 677M Swap: 1.0G 1.0M 1.0G Docker is not chroot, their functionality overlaps. This is not a security system like AppArmor. Docker uses the same containers as LXC, but it is not interesting containers. Docker is nothing I thought about before reading the documentation.
The same core, memory, file system, and distributions, libraries and users are different.
Docker is an object-oriented design tool.
The question regularly arises whether the nginx configuration is part of a web application. System administrators are arguing with the developers. But recently devops appeared in the world and wanted instead of a sequential-procedural call of commands from bash to think the usual OOP. Docker provides encapsulation, inheritance, and polymorphism to system components, such as a database and data. This means that it is possible to decompose the entire information system, select an application, web server, database, system libraries, work data into independent components, implement dependencies from configs, and make it all work as a group, the same on different computers.
This approach can be used to reduce the cost of working hours of expensive front-end developers to set up a database and Nginx. To get away from vendor lock-in. Do not break off when openssl on the server does not support cipher, which is used in the public institution API. For the application to work regardless of the version of PHP or Python on the customer’s server. Create open source not only in the form of code, but also setting up packages from several applications written in different languages, running on different OSI layers.
Start
So, I opened docs.docker.com/mac/started , put Docker on, completed several exercises, and felt that I was being held for a doochie-losers, who are afraid to overload with information. The first question is: where did the damn docker put himself, where are his files in, in what format, how is it all arranged? Answers here: blog.thoward37.me/articles/where-are-docker-images-stored
In short, for working with the file system, Docker uses one of the drivers, usually AUFS , and all the container files are in / var / lib / docker / aufs / diff /. The / var / lib / docker / containers / service information, not the container files themselves.
Images are like classes in code. Containers are like objects created from classes. The main difference is that you can commit the container and make an image of it. Images consist of so-called layers, layers are folders that lie in / var / lib / docker / aufs / diff /. Typically, application images inherit some kind of ready-made official system images. When the Docker downloads an image, it needs only those layers that it does not have.
For example, I download the official nginx image: hub.docker.com/r/library/nginx/tags
docker@dev:~$ docker pull nginx latest: Pulling from nginx aface2a79f55: Pull complete 72b67c8ad0ca: Downloading [=============> ] 883.6 kB/3.386 MB 9108e25be489: Download complete 902b87aaaec9: Already exists 9a61b6b1315e: Already exists They write that the image of nginx 1.9.4 is 52 mb in size, and in fact, I only have 3 mb downloaded. This is because nginx is built on the debian: jessie image , which I have “Already exists”. There are many images based on Ubuntu. Of course, it is worth collecting your system from images with one ancestor.
Docker does not execute containers, but manages them.
Containers are executed by a kernel mechanism called Cgroups . The docker service starts the container with a command received from the client application (for example, docker ) and stops it when the standard input / output stream is released in the container. Therefore, in the Nginx configuration for Docker they write:
Be sure to include daemon off; Do you can track your tracker (if your container will stop immediately after
starting)!
When the work of the container ends, it is not deleted, unless it is specifically indicated. Each for $ launch of the container with the docker run command image_name without parameters --name or --rm creates a new container with a unique identifier that remains in the system until deletion. So Docker is a system prone to littering. The names of the containers in the system are unique. I recommend assigning a name to each permanent container being created, and I recommend creating containers with no need to save data with the --rm parameter. Containers are created by the docker run and docker create commands. You can view a list of all existing containers in the system with the docker ps -a command .
Docker is a client-server system service.
Accordingly, the Docker may hang. If you gave the command to download an image, the only way to interrupt the download process is to restart the service. The authors have long been discussing what to do about it, but things are still there.
For example, in version 1.8.1 there is a reproducible problem:
docker@dev:~$ docker pull debian Using default tag: latest latest: Pulling from library/debian 2c49f83e0b13: Downloading [===================> ] 19.89 MB/51.37 MB Press Ctrl-C, then immediately start the download again.
docker@dev:~$ docker pull debian Using default tag: latest Repin's painting "Sailed". That is, stuck. You must restart the daemon.
docker@dev:~$ sudo /etc/init.d/docker restart Need TLS certs for dev,127.0.0.1,10.0.2.15,192.168.99.104 ------------------- docker@dev:~$ sudo /etc/init.d/docker status Docker daemon is running docker@dev:~$ docker pull debian Using default tag: latest latest: Pulling from library/debian ... Status: Downloaded newer image for debian:latest It happens that the docker daemon does not want to die on its own and does not release the port, and the init-script has not yet handled the borderline cases. So do not forget to check sudo /etc/init.d/docker status , sudo netstat -ntpl , reach for a tambourine and dance.
You also have to remember that the order of operators for the docker command is important. If you write docker create nginx --name = nginx , --name = nginx will be considered a command to be executed in the container, and not the name of the container.
Now it will be easier for you to deal with official documentation.
Continued: habrahabr.ru/post/267451 and habrahabr.ru/post/267455
Source: https://habr.com/ru/post/267441/
All Articles