Docker introduction practice

Time:2022-5-4

Docker introduction

reference resources:Why docker?

Docker is an open source application container engine, which is based on go language and complies with Apache 2.0 0 protocol is open source.

The main application scenarios are as follows:

  1. Environmental isolation

    The environment between containers is independent and does not affect each other. Similar to virtual machines, but lighter than. Each container of docker shares an operating system kernel, and each virtual machine has a complete operating system.

  2. Overall deployment

    A complete set of environment can be built as a mirror for overall deployment, avoiding various problems caused by the online and offline development environment. At the same time, it also greatly improves the deployment efficiency and eliminates the need to configure the development environment repeatedly.

Docker architecture

Three important concepts of docker:

  1. Image

    It is equivalent to an operating system template. For example, the official image MySQL contains a complete operating system.

  2. Container

    A container is an entity running in an image, just as an object is an instance of a class in Java. Containers can be created, started, paused, stopped, and so on.

  3. Repository

    The repository for storing images is similar to the Maven repository for storing dependent jar packages.

Docker uses client server (C / s) architecture mode and remote API to manage and create docker container.

Docker introduction practice

  1. Docker_Client

    Communicate with the docker daemon through the command line.

  2. Docker_Host

    The host used to execute docker daemon.

  3. Registry

    Docker warehouse: a registry can contain multiple repository warehouses.

Docker installation

CentOS

Uninstall old version (if present)

yum remove docker docker-common docker-selinux docker-engine

Install dependent packages

yum install -y yum-utils device-mapper-persistent-data lvm2

Set Yum source

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Install docker

yum install -y docker-ce docker-ce-cli containerd.io

You may be prompted to require containerd due to the version IO > = 1.2.2-3, install the new containerd manually first io:

wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum -y install containerd.io-1.2.6-3.3.el7.x86_64.rpm

Then re execute the docker installation command.

Boot and join boot

systemctl start docker && systemctl enable docker

verification

docker version

Image acceleration

Run bash command;

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io

Then restart the docker service;

systemctl daemon-reload && systemctl restart docker

remote access

Modify the docker service script:

vi /lib/systemd/system/docker.service

stayExecStart=/usr/bin/dockerdAfter this line, add:

 -H tcp://0.0.0.0:2375

Then restart the docker service:

systemctl daemon-reload && systemctl restart docker

Verify operation results:

curl http://localhost:2375/version

Remote access (TLS)

The above-mentioned open remote access has great potential security risks. Without authentication and authorization, TLS authentication can be adopted to improve it;

#Create docker TLS certificate
#!/bin/bash

#Relevant configuration information
SERVER="106.13.180.17"
PASSWORD="123456"
COUNTRY="CN"
State = "Hubei Province"
City = "Wuhan City"
Organization = "company name"
ORGANIZATIONAL_UNIT="Dev"
EMAIL="[email protected]"

###Start generating files###
Echo "start generating file"

#Switch to the directory of the production key
cd /etc/docker   
#Generate CA private key (encrypted with aes256)
openssl genrsa -aes256 -passout pass:$PASSWORD  -out ca-key.pem 2048
#Generate CA certificate and fill in configuration information
openssl req -new -x509 -passin "pass:$PASSWORD" -days 3650 -key ca-key.pem -sha256 -out ca.pem -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$SERVER/emailAddress=$EMAIL"

echo "subjectAltName = IP:$SERVER" >> extfile.cnf
echo "extendedKeyUsage = serverAuth" >> extfile.cnf
#Generate server certificate private key file
openssl genrsa -out server-key.pem 2048
#Generate server certificate request file
openssl req -subj "/CN=$SERVER" -new -key server-key.pem -out server.csr
#Use the CA certificate, CA key and the above server certificate request file to generate the server self signed certificate
openssl x509 -req -days 3650 -in server.csr -CA ca.pem -CAkey ca-key.pem -passin "pass:$PASSWORD" -CAcreateserial -out server-cert.pem -extfile extfile.cnf

#Generate client certificate RSA private key file
openssl genrsa -out key.pem 2048
#Generate client certificate request file
openssl req -subj '/CN=client' -new -key key.pem -out client.csr

echo "extendedKeyUsage=clientAuth" > extfile.cnf
#Generate client self signed certificate (generated according to the above client private key file and client certificate request file)
openssl x509 -req -days 3650 -in client.csr -CA ca.pem -CAkey ca-key.pem  -passin "pass:$PASSWORD" -CAcreateserial -out cert.pem -extfile extfile.cnf

#Change key permissions
chmod 0400 ca-key.pem key.pem server-key.pem
#Change key permissions
chmod 0444 ca.pem server-cert.pem cert.pem
#Delete useless files
rm client.csr server.csr

Echo "generate file complete"
###End of generation###

Modify the docker service script at the same time:

vi /lib/systemd/system/docker.service

modifyExecStart=/usr/bin/dockerdThis behavior:

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \
         --tlsverify \
         --tlscacert=/etc/docker/ca.pem \
         --tlscert=/etc/docker/server-cert.pem \
         --tlskey=/etc/docker/server-key.pem \
         -H tcp://0.0.0.0:2376

Restart docker;

systemctl daemon-reload && systemctl restart docker

Connection verification;

docker --tlsverify --tlscacert=/etc/docker/ca.pem   --tlscert=/etc/docker/cert.pem --tlskey=/etc/docker/key.pem -H tcp://106.13.180.17:2376 version

Pay attention to the service IP and fill in the corresponding host IP.

Hello World

docker run hello-world

Run the Hello world image. First find it on the local host. If it does not exist, pull it from the image warehouse.

[[email protected] ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete 
Digest: sha256:9572f7cdcee8591948c2963463447a53466950b3fc15a247fcad1917ca215a2f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Common commands

reference resources:Docker command

docker run ubuntu:15.10 /bin/echo "Hello world"

Run a Ubuntu container, version 15.10, and execute / bin / echo “Hello world”.

docker exec -it centos /bin/bash

Enter a container named CentOS and jump to the bash terminal of the container.

Optional

  1. -i

    Interactive operation, usually combined with – t;

  2. -t

    Specify a pseudo terminal in the new container;

  3. -d

    Background operation;

  4. -e

    Setting environment variables;

  5. -p

    Port mapping,Host port: container port

container

  1. ps

    Obtain the container list;

  2. run

    Specify a container to run the image;

  3. start/stop/restart

    Start, stop or restart a container;

  4. rm

    Delete container;

  5. exec

    Execute commands in the container;

  6. logs

    Obtain the log in the container;

image

  1. images

    Obtain the local image list;

  2. rmi

    Delete the local image;

Some \ < none \ >: \ < none \ > images do not have any references and can be cleared through docker RMI $(docker images – F “dangling = true” – Q).

practice

time synchronization

In general, the host machine and docker container machine have different time, which can be solved by external mounting;

-v /etc/localtime:/etc/localtime:ro

MySQL installation

install

Create a MySQL container, map the local port 3306 to the container, and initialize the password to 123456;

docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql

Data persistence

Each time you re create the MySQL container, the relevant data will be initialized. You can specify the mounting path through – V;

docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -v /docker/mysql/data:/var/lib/mysql mysql

Add remote user

Enter MySQL container and Bash terminal interaction;

docker exec -it mysql /bin/bash

Connect to MySQL service;

mysql -uroot -p123456

Execute the following SQL;

create user 'caojiantao'@'%' identified with mysql_native_password by '123456';
grant all privileges on *.* to 'caojiantao'@'%' with grant option;
flush privileges;

Springboot deployment (idea)

Docker connection

Docker introduction practice

If the docker remote connection adopts TLS connection, the server’sca.pemcert.pemandkey.pemDownload three files locallyD:\dockerDirectory, and then set the docker connection as shown in the figure;

Docker introduction practice

Dockerfile

Create a dockerfile file to build an image and put it in the root directory of the project;

FROM java:8
ADD "/target/docker-0.0.1-SNAPSHOT.jar" "app.jar"
EXPOSE 8080
ENTRYPOINT [ "java", "-jar", "app.jar" ]

Mirror deployment

Add the image deployment configuration. Pay attention to the Maven command at the bottom, clean package – dskiptests, which is used to generate the jar package needed to build the image;

Docker introduction practice

External mount

It is usually necessary to mount the directories of “project configuration”, “static resources” and “service log”. It is also convenient to operate through idea, through theBind mountsset up;

Docker introduction practice