Due to the epidemic in 2020, the company’s performance declined seriously, so it decided to slim down the team. After intense discussion, it was finally decided to start with operation and maintenance personnel. The reason is that we introduced Docker. It is much easier to deploy projects than before. Operations and maintenance can be replaced by development. Of course, our small company is such a situation, large companies or dedicated. I have also seen that companies are recruiting programmers recently. Those familiar with Docker are preferred.

Why is Docker so popular? Let’s look at how it differs from a traditional virtual machine.

A traditional VIRTUAL machine (VM) is a set of virtual hardware that has its own operating system and can run required application processes on it.

There are some downsides to this, like

It takes several minutes to start a VM. The vm occupies a large space, and the vm size is usually several GIGABytes. We really want to run programs, not virtual machines, but programs run on virtual machines. Just take the virtual machine with you. Resource consumption is relatively large, in addition to the program itself to consume system resources, virtual machine is also very consumption of resources. Wouldn’t it be nice if we could take the essence of virtual machines and discard the dregs? This is where containers come in. Linux Container is a kernel virtualization technology that provides lightweight virtualization to isolate processes and resources. Docker encapsulates it to provide more powerful functionality. The Docder model is shown below.Container technology is implemented by many vendors, but Docker is so popular that it is often used to refer to containers. As you can see from the figure above, Docker implements app-level isolation, not system-level isolation like traditional virtual machines. Each app is packaged in a container and runs directly on the host, faster than programs running on virtual machines.

In the case of virtual machines, we need to package the corresponding parameters, database configuration and so on to the operation and maintenance personnel for each application deployment. Just one less term can cause problems big and small. That’s not the case with Docker. As long as the files are packaged and sent directly to the operation and maintenance personnel, it can realize one packaging and multiple operation.

The bottom line is that Docker is able to separate applications from the infrastructure so that software can be delivered quickly.

Without further ado, let’s get Docker running and talk about how it works when we’re done.

Docker: Hello world!

  • Install yum-utils: Install toolkits to simplify installation.
yum install -y yum-utils device-mapper-persistent-data lvm2
Copy the code
  • Add docker repository location for Yum source: Aliyun Quick – CE is the open source community version
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Copy the code
  • Automatically checks which source block
yum makecache fast
Copy the code
  • Install the docker:
yum -y install docker-ce
Copy the code
  • Start the docker:
service docker start
Copy the code
  • Check whether the Docker is successfully installed. If the docker version is normal, the installation is successful.
[root@VM-0-8-centos ~]# Docker version Client: Docker Engine - Community version: 19.03.13 API version: 1.40 Go version: go1.13.15 Git commit: 4484c46d9d Built: Wed Sep 16 17:03:45 2020 OS/Arch: Linux/AMd64 Experimental: False Server: Docker Engine - Community Engine: Version: 19.03.13 API Version: 1.40 (minimum Version 1.12) Go Version: Go1.13.15 Git commit: 4484c46d9d Built: Wed Sep 16 17:02:21 2020 OS/Arch: Linux /amd64 Experimental: false containerd: Version: 1.3.7 GitCommit: 8 fba4e9a7d01810a393d5d25a3621dc101981175 runc: Version: 1.0.0 - rc10 GitCommit: Dc9208a3303feef5b3839f4323d9beb36df0a9dd docker - init: Version: 0.18.0 GitCommit: fec3683Copy the code
  • Hello-word: docker pull hello-world: docker pull hello-world
[root@VM-0-8-centos ~]# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete 
Digest: sha256:8c5aeeb6a5f3ba4883347d3747a7249f491766ca1caa47e5da5dfcf6b9b717c0
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
Copy the code
  • Start hello-world: docker run hello-world
[root@VM-0-8-centos ~]# docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/
For more examples and ideas, visit:
 https://docs.docker.com/get-started/
Copy the code

So far, one Docker container, Hello-World, is up and running. In this paper, we do not specifically talk about Docker practice, but simply experience the temperature of Docker. For the practical part, check out the official website, or wait for my next post to update.

How does Docker work

Docker uses the common client-server mode. The Client is responsible for accepting commands entered by the user, such as docker pull, run, and so on. The real command is executed by the Server, the Docker daemon. Clients and daemons communicate with each other using rest apis, either on the same machine or on different machines. Compare the client and server of mysql.In addition to client and Server, we also see Registry, which is where Docker images are stored, similar to Maven’s repository. Docker Hub is officially provided by the central repository, of course, can create their own private repositories.

  • It’s important to understand three concepts here
  1. Image: An executable file stored on a Docker Hub. Like our exe file in Windows, we call it a program.
  2. Container: is a running instance, which is a process. The image is going to run like a container.
  3. Dockerfile: is the source of image. Including dependencies and Docker commands. The important thing to note here is that the image is layered. Each line of instructions creates a layer in the image. When modifying the dockerfile rebuild, only the modified layer needs to be rebuilt. Like movable type printing, if you want to change a word on a page, you don’t need to change a new template, just replace the word to be changed.

How does Docker achieve isolation

At the beginning we mentioned that Docker is implemented based on LXC and is essentially a process on the host.

  • By implementing resource isolation through namespace, we know that PID, NET, IPC, MNT and UTS in the system are all global. Namespace privatized them. When the container is running, Docker will create a group of namespaces for the container (create their own namespaces for PID, NET, IPC, etc.), so that the resources between containers do not interfere with each other, just like a set of independent operating systems.
  • Resource restriction is implemented through cgroups (Control groups). Although the NameSpace implements resource isolation, it can still access the memory and CPU without restriction. Cgroups allow Docker to share available hardware resources with containers and selectively enforce restrictions and constraints. For example, you can limit the amount of memory available to a particular container.

Let’s review what we shared this time:

  • The difference between containers and virtual machines
  • Run Docker and implement Hello World.
  • How does Docker work
  • How does Docker achieve isolation

Back to the headline, why does Docker make things worse for operations? For some people, of course. Layoffs were severe during the pandemic. Combined with Docker’s simple deployment, many operations staff lost their jobs, especially in small companies, who were among the first to be laid off during the pandemic. Technological innovation is bound to sacrifice some interests. When artificial intelligence does arrive, will your job and mine be safe? Let’s wait and see.

The article has been included in the programmer’s book club