Docker thought

  1. container

    Put everything you need into a different container, and whoever needs the environment can just get it.

  2. standardized

    1. Transportation is standardized. Docker has a dock where all uploaded containers are stored. When someone needs a certain environment, he or she can directly move the container.
    2. Command standardization, Docker provides some instructions to help us to operate to obtain.
    3. It provides REST apis that have spawned many graphical interfaces, Rancher.

  3. Isolation,

    Docker will create a separate space in the Linux kernel when running the contents of the container, which will not affect other programs.

Registry. (Superterminal, with containers on top)

The mirror. (Container)

The container. (Running image)

Install the docker

#1. Download the Docker dependency environment
yum -y install yum-utils device-mapper-persistent-data lvm2
#2. Set the image source to download docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 3. Install the docker
yum makecache fast
yum -y install docker-ce
#4. Start, and set the startup to automatically start, test
Start the Docker service
systemctl start docker
Set boot up
systemctl enable docker
# test
docker run hello-world
Copy the code

I have a few problems here

1. If the installation fails, run yum -y install docker-ce again.

If a request is repeated too quickly for a docker.service, run the following command: Error while creating Filesystem XFS on device Docker-8:3-34889290-Base: exit status 1 storage-driver=devicemapper. The version of the XFS file system management tool is too early. Run the yum update xfsprogs -y command to upgrade the tool. To start again. Check the status systemctl status docker.

3. Start after a successful run the hello world – fails, an error docker: always connect to the daemon at docker Unix: / / / var/run/docker. The sock., check a circle data feel are wrong. Restart the VM, restart the Docker, and run it again. Success.

Docker version 19.03.12, Build 48a66213FE

Docker central Repository

  1. Docker’s official central repository

  2. Domestic mirror warehouse, Netease Phoenix Nest, Daoclould….

    The hub. Daocloud. IO/recommendations

    The problems I have encountered with using this site:

    Docker pull daocloud. IO/library/tomcat: 8.5.15 – jre8 cannot download, at 509, certificate validation fails

    View the certificate for hub.daoCloud. IO/and download its secondary…

  3. Internal use of private server to pull (add configuration)

    /etc/docker/daemon.json /docker/daemon.json /etc/docker/daemon.json"registry-mirrors": ["https://registry.docker-cn.com"]."insecure-registries": ["ip:port"] -reload systemctl restart dockerCopy the code

Docker mirror

Docker Images allows you to view existing images

throughDocker pull image nameTo pull the specified image from the repository, passdocker search redisView available versions.

Let’s pull the latest image of Redis

Docker run-itd –name redis-test -p 6379:6379 redis

Parameter Description:

Options Mean
-i Run the container in interactive mode, usually with -t;
-t Reassign a pseudo-input terminal to the container, usually used in conjunction with -i;
-d Run the container in the background and return the container ID;
-p Map port 6379 of the container service to port 6379 of the host. External users can directly access the Redis service through host IP :6379.

Check container operation information by docker ps,docker ps -a command, query all containers

Enter our Redis container

Docker execit redis-test /bin/bash docker execit container ID /bin/bashCopy the code

And try to execute a command

Docker stop container id to stop a container, docker restart container ID to restart a container.

Delete the image using the docker rmI command, for example we delete the hello-world image:

Docker RMI Hello-world or Docker RMI image IDStop all containers
 docker stop $(docker ps -qa)
 Delete all containers
 docker rm $(docker ps -qa)
Copy the code

If the image is running, delete the container and docker rm container ID first. Otherwise, deletion fails

Image Import and Export

# export mirrorDocker save-o./test.images Image ID# import image
docker load -i test.images
# Change the image nameDocker tag Image ID New image name: version# export container
docker export. / test. The tar image idImport the image from the container and name the image
docker import ./test.tar mytest
Copy the code

Viewing container Logs

Docker logs -f Container IDCopy the code

Clear image files that are not being used by the container

docker image prune -af 
#Remove redundant data, including stopped containers, redundant images, unused volumes, and so on
docker system prune -f 
Copy the code

Container life cycle

The life cycle of a container is the possible state of the container. The life cycle of a container can be divided into five types.

Created: created initially

Running: Indicates the running status

Stopped: Indicates the stopped state

Paused: paused

Deleted: indicates the deletion status

Docker application

Prepare project

Preparing the mysql container

--name specifies the name of the container, specifies the password of the root user, and specifies the version to run after the colon tag parameterDocker run - d - p - 3306-3306 the name mysql - e MYSQL_ROOT_PASSWORD = root daocloud. IO/library/mysql: 5.7.4Copy the code

Problems encountered

  1. Navicat failed to connect

Check the Internet. It’s about 2:00. Mysql > alter user permissions to allow remote connections; Open port 3306 of the host to allow external access. I have changed both of these two points, but I still can not connect, so I continue to change, and also found a service to open, so I open HTTP and mysql, and I still can not connect… After two hours, it’s gone. Decided to use tcpdump to capture the packet on port 3306 the next day, the local machine for Telnet access, to see whether in. Restart the next day, found that can be connected, can only prove one thing: restart the law good !!!!

  1. Attached are the relevant instructions:

The default firewall of centos7 is FileWall

  • Firewall – CMD –zone=public –add-port=3306/ TCP –permanent firewall- CMD –reload Check all open ports firewall- CMD –zone=public –list-ports

  • Put on the service

    View services that can be enabled firewall-cmd –get-services Add a service firewall-cmd –permanent –add-service= HTTP View services that can be enabled firewall-cmd –list-services

  • Mysql > grant remote permission to mysql

    Docker exec -it container id bash

    Mysql -uroot -p // Enter the mysql command line

    use mysql

    ALTER USER ‘root’@’%’ IDENTIFIED WITH mysql_native_password BY ‘root’; // Allow any client connection

    flush privileges; // Refresh permissions

    SELECT user,host FROM user //host is %

Preparing the Tomcat container

Start Tomcat, remember to open firewall port 8080Docker run - itd - name tomcat -p 8080:8080 daocloud. IO/library/tomcat: 8.5.15 - jre8Copy the contents of the host to the Tomcat container by command
Docker cp file name container id: internal path of container
docker cp test.tar f3:/usr/local/tomcat/webapps/
Copy the code

Data volume

Mapping a directory of the host machine to a directory of the container, manipulating files in the host machine, changes in the container

# Create a data volumeDocker Volume Create Data volume name/var/lib/docker/volumes/ _data
# View data volume details
docker volume inspect tomcat
# query all data volumes
docker volume ls
# Delete the data volumeDocker Volume Rm Data volume name# Apply data volume
# When mapping data volumes, docker will automatically create data volumes if they do not exist. In this way, the files in the container will also be stored in the default pathDocker run -v Data volume name: specifies the image ID of the internal path of the container# Specify a path for storing data volumes. This does not default to storing files in containers (recommended)Docker run -v Path: indicates the image ID of the internal path of the containerCopy the code

Specify a data volume mapping when running a mirror:

docker run -d -p 8080:8080 --name tomcat -v tomcat:/usr/local/webapps/ b43
Copy the code

Start tomcat in the data volume, we will be in the/var/lib/docker/volumes/tomcat/webapps _data while forming the found of things

Docker custom image

Create the Dokerfile file and specify the custom image information
#Dockerfile common content in the fileWorkdir: specifies the default working directory of the image. CMD: specifies the command to be executed. (For the command to be executed under workdir, CMD can be multiple, and only the last one prevails.)Copy the code

Example: Customize a Dockerfile file and package our HelloDocker. war deployment as your own image

# Dockerfile content
from daocloud.io/library/tomcat:8.5.15-jre8
copy hellodocker.war /usr/local/tomcat/webapps
Copy the code
Create an image of the Dockerfile file in the current directoryDocker bulid-t Image name: [tag].Copy the code

The diagram below:

Run our custom image:

The use of docker – compose

Previously, running an image required a lot of parameters, which can be written using docker-compose.

Docker-compose helps you batch manage containers, which is a container orchestration tool.

This is done with a docker-comemage. yml file.

# download docker - compose
# Since github website is too slow, you can use http://get.daocloud.io/ to download and modify the version according to the actual situationThe curl -l https://get.daocloud.io/docker/compose/releases/download/1.27.2/docker-compose- ` ` uname - s - ` uname -m ` > / usr /local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Copy the code

Docker-compose manages mysql and Tomcat containers

Write yml configuration information, version version control: docs.docker.com/compose/com…

My directory and data store: /opt/docker_mysql_tomcat

version: '3.8'
services:
  mysql:            # service name
    restart: always   # means that only the Docker is started, so the container is started
    network_mode: bridge   The default network will not be generated
    image: Daocloud. IO/library/mysql: 5.7.4    # select mirror
    container_name: mysql   # specify the container name
    ports:
      - 3306: 3306   Port number mapping
    environment:
      MYSQL_ROOT_PASSWORD: root   # Specify the password of user root
      TZ: Asia/shanghai     # specify time zone
    volumes:
      - /opt/docker_mysql_tomcat/mysql_data:/var/lib/mysql   # Map data volume
  tomcat:
    restart: always
    network_mode: bridge
    image: Docker - tomcat: 1.0.0
    container_name: docker-tomcat
    ports:
      - 8080: 8080
    environment:
      TZ: Asia/shanghai
    volumes:
      - /opt/docker_mysql_tomcat/tomcat_webapps:/usr/local/tomcat/webapps
      - /opt/docker_mysql_tomcat/tomcat_logs:/usr/local/tomcat/logs
Copy the code

Use the docker-compose command to manage the container

When using the docker-compose command, the docker-compose. Yml file will be found in the current directory by default

The docker-compose file is in the docker-compose directory for the first time
docker-compose up -d
# stop
docker-compose stop
# open
docker-compose start
# to restart
docker-compose restart
# Stop and delete
docker-compose down
# check
docker-compose ps
# check log
docker-compose logs -f 
Copy the code

Problems encountered

  1. It starts with the above configuration and everything is fine, but it is not accessible and there are no requests coming in from the listening port

Troubleshooting: Check whether the host is faulty. For example, when you stop the doker-compose container and start an image using the command line mode, you can access it (for example, I started the tomcat mapped host port 8081, which is not released, but can be accessed locally), indicating that there should be no problem with the service virtual machine.

  1. Docker-compose: docker-compose: docker-compose: docker-compose: Docker-compose: Docker-compose: Docker-compose I remember reading a little bit earlier that docker containers generate their own set of net-related things, and that different network modes make them inaccessible.

    Query the configured network
docker network ls
Docker_mysql_tomcat_default is officially generated by default
NETWORK ID          NAME                          DRIVER              SCOPE
2a460ca90250        bridge                        bridge              local
3e0eb402b8e4        docker_mysql_tomcat_default   bridge              local
cc495b89bd29        host                          host                local
a300f2ee0209        none                          null                local
Docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-composeDocker inspect Container IDDocker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose
network_mode: bridge
Copy the code

  2. View the network configuration information

    #docker network lsDocker network Inspect Network nameCopy the code

  3. If no network is configured, a new bridge will be created by default. Why cannot the new bridge communicate with the host?

    The problem tormented me for a long time and was finally solved. Conclusion first, the reason is that the Linux kernel version is too low and needs to be upgraded.

    I got inspired from this blog: blog.csdn.net/coolfishbon…

    After the upgrade, create a new bridge again. Start an image at random, use the bridge to enter the container, ping its gateway, and ping its virtual machine address.

Docker-compose is used with Dockerfile

Yml and Dockerfile files are used to start the current image while generating the custom image, and docker-compose is used to manage the container.

# yml file
version: '3.8'
services:
  hello:
    restart: always
    build:              Build a custom image
      context: ../      # specify the directory where the Dockerfile file resides
      dockerfile: Dockerfile
    image: Hello: 1.0.0
    container_name: hello
    ports:
      - 8081: 8080
    environment:
      TZ: Asia/shanghai

Copy the code

Dockerfile file

The from daocloud. IO/library/tomcat: 8.5.15 - jre8 copy hellodocker. War/usr /local/tomcat/webapps
Copy the code
Docker-compose and Dockerfile
docker-compose up -d
If the custom image does not exist, it will be built, if it already exists, it will be run directly
To rebuild, use the following commandDocker-compose bulid or docker-compose up-d --bulidCopy the code
# my directory structure
/root/docker-tomcat/docker-compose   -------docker-compose.yml
/root/docker-tomcat   ----docker-compose  -------Dockerfile  ------hellodocker.war
Copy the code

Docker network

Network interfaces in Docker are all virtual interfaces by default. Sandbox, Network and Endpoint form the core model of Docker Network, that is, container Network model. Let’s take a look at docker’s network model

Starting Docker will create a default bridge of Docker0, which is used to communicate with the host and container. There is an address segment and gateway on the bridge, and the IP of each container is obtained from the address segment.

Docker’s default network

$ docker network ls
NETWORK ID          NAME                DRIVER
7fca4eb8c647        bridge              bridge
9f904ee27bf5        none                null
cf03ee007fb4        host                host
Copy the code

Docker network mode one has the following:

1) Bridge mode, --net=bridge(default) This is the default setting for dokcer networks, creating a separate network namespace for containers, containers with separate network cards and all separate network stacks, is the most common use. This network mode is used by default when docker run starts the container without the --net parameter. After docker is installed, the system will automatically add a bridge docker0 for docker to use. When we create a new container, the container obtains an IP address on the same network segment as Docker0 through DHCP, and connects to the Docker0 bridge by default, so as to achieve network communication between the container and the host. --net=host --net=host --net=host It does not have its own independent Network Namespace, that is, there is no independent Network environment. It uses the IP and port of the host. 3) None mode, --net= None Creates a separate network namespace for the container, but does not do any network configuration for it. Only LO is in the container, and users can customize the container network based on this. In this mode, Dokcer does not do any network configuration for the container. We need to add network cards and configure IP for the container ourselves. Therefore, if you want to use Pipework to configure the IP address of the Docker container, you must be in None mode. 4) Overlay mode, -- NET = Overlay container Uses Overlay network for communication between two hosts. If you use host, you can also use the physical IP address to communicate. 5) User-defined: A new feature added after Docker 1.9 allows containers to use third-party networks or create separate Bridge networks to provide network isolation capabilities.Copy the code

Network-related operations

Create network segment, gateway,-d specify what modeDocker network create -d bridge --subnet=172.22.0.0/24 --gateway=172.22.0.1 my_net# br-{networkId} # br-{networkidDocker network create -d bridge --subnet=172.22.0.0/24 --gateway=172.22.0.1 my_net -o com.docker.network.bridge.name=my_net# Check your existing network
docker network ls
# Delete a networkDocker network Indicates the rm network name# Check the networkDocker network Inspect Network nameCopy the code

Docker CI, CD

CI is introduced

Continuous Integration (CI)

Continuous integration: Write code, commit git, rebuild the project and test it.

Set up gitLab server

  1. Create a new VIRTUAL machine with at least 4 gb of memory

  2. Install Docker and Docker-compose

  3. Write docker-comemage. yml file, change the port number of virtual machine SSH, because Gitlab will occupy port 22

    Image address: github.com/CCC1004/git… The whole download process can be lengthy

    version '3'
services:
  gitlab:
    image: 'twang2218 / gitlab - ce - useful: 11.1.4'
    container_name: 'gitlab'
    restart: always
    privileged: true
    hostname: 'gitlab'
    environment:
      TZ: 'Asia/shanghai'
      GITLAB_OMNIBUS_CONGIG: | external_url 'http://192.168.199.110 # hosting IP gitlab_rails [' time_zone] =' Asia/Shanghai ' gitlab_rails['smtp_enable']=true gitlab_rails['gitlab_shell_ssh_port']=22    ports:
      - 80: 80
      - 443: 443
      - 22: 22
    volumes:
      - /opt/docker_gitlab/config:/etc/gitlab
      - /opt/docker_gitlab/data:/var/opt/gitlab
      - /opt/docker_gitlab/logs:/var/log/gitlab
Copy the code

Install gitlab – runner

The CD is introduced

Continuous delivery, continuous deployment

The server environment was deployed in real time through Gitlab-Runner, and the test environment was deployed through Jenkins after there was no problem in the self-test, which was tested by testers and finally released to the production environment. This is the CI, CD model.

Build Jenkins

Write the docker – compose. Yml

version '3'
services:
  jenkins:
    image: jenkins/jenkins
    restart: always
    container_name: jenkins
    ports:
      - 8888: 8080
      - 5000: 5000
    volumes:
      - ./data:/var/jenkins_home    Grant 777 permission to the data directory
Copy the code

[publish SSH] [git parameter]

summary

For this tutorial, I found a video in B station and studied it. I found a lot of problems in the whole practice process, fortunately, they were solved at last. The e gains were there, but the company didn’t use container technology and now I’ve forgotten all about it.