What-is-Docker

Simple tutorial for the docker beginner.

Frank


Basic Knowledges About Operating Systems

Simple Operating System concept image:


Boot sequence


LVM

In Linux, Logical Volume Manager (LVM) is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

在linux中LVM是kernel提供邏輯卷軸管理的功能,負責device mapper,大多數現代Linux發行版都支持LVM,可以將其根文件系統放在邏輯卷上。

(form Wiki)

#
fdisk -l

UnionFS

OverlayFS是一個面向Linux的檔案系統服務,其實現一個面向其他檔案系統的聯合掛載。

可以想成是我們在操作git

$
docker pull ubuntu

Using default tag: latest
latest: Pulling from library/ubuntu

5ba4f30e5bea: Pull complete
9d7d19c9dc56: Pull complete
ac6ad7efd0f9: Pull complete
e7491a747824: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:46fb5d001b88ad904c5c732b086b596b92cfb4a4840a3abd0e35dbb6870585e4
Status: Downloaded newer image for ubuntu:latest

System D

systemd is a software suite that provides an array of system components for Linux operating systems.

Its main aim is to unify service configuration and behavior across Linux distributions; systemd’s primary component is a “system and service manager”—an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging.

systemd是一個軟件套件,為Linux操作系統提供了一系列系統組件。它的主要目的是統一Linux發行版之間的服務配置和行為。


namespace

Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.

namespace是Linux kernel的一項功能,該功能對kernel resources進行分區,以使一組processes看到一組resources,而另一組processes看到另一組resources。

Namespace   Constant          Isolates
Cgroup      CLONE_NEWCGROUP   Cgroup root directory
IPC         CLONE_NEWIPC      System V IPC, POSIX message queues
Network     CLONE_NEWNET      Network devices, stacks, ports, etc.
Mount       CLONE_NEWNS       Mount points
PID         CLONE_NEWPID      Process IDs
User        CLONE_NEWUSER     User and group IDs
UTS         CLONE_NEWUTS      Hostname and NIS domain name
$
docker run -it --rm busybox /bin/sh
ps

other terminal

$
ps -ef |grep busy

cgroup

cgroups (control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.

cgroups(控制組)是Linux kernel的一項功能,可限制,計算比重和隔離進程集合的資源使用(CPU,記憶體,硬碟I / O,網路等)。

#
mount -t cgroup


cd /sys/fs/cgroup/cpu
mkdir testlimit
ls testlimit/
cat /sys/fs/cgroup/cpu/testlimit/cpu.cfs_quota_us
cat /sys/fs/cgroup/cpu/testlimit/cpu.cfs_period_us
echo 30000 > /sys/fs/cgroup/cpu/testlimit/cpu.cfs_quota_us // cpu usage 30%

while : ; do : ; done &

top -p {PID}

echo {PID} > /sys/fs/cgroup/cpu/testlimit/tasks 

top -p {PID}

Hypervisor

A hypervisor (or virtual machine monitor, VMM) is computer software, firmware or hardware that creates and runs virtual machines.

hypervisor 是用來建立與執行虛擬機器的軟體或韌體,分為 type 1 and type 2。

(form Wiki)


About Docker

Docker is a set of platform as a service (PaaS) products that uses OS-level virtualization to deliver software in packages called containers.

Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. All containers are run by a single operating system kernel and therefore use fewer resources than virtual machines.

(form Wiki)


Container vs VM

A container runs natively on Linux and shares the kernel of the host machine with other containers. It runs a discrete process, taking no more memory than any other executable, making it lightweight.

By contrast, a virtual machine (VM) runs a full-blown “guest” operating system with virtual access to host resources through a hypervisor. In general, VMs incur a lot of overhead beyond what is being consumed by your application logic.

(form official)

History

LXC

Docker used LXC as its default execution environment.

LXC(Linux Container) is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.


containerd -> runC(past nsinit) -> libcontainer

$
docker run -d busybox sleep 1000;

pstree -a


Architecture

Docker Engine:
┌─Docker Daemon
│ └─Docker Server(Host)
│   └─Docker Engine API(SDK) -- Docker registries(Docker Hub)
└─Docker Client

As the docker deamon running in the systemD, then the Docker client can be used by us.


Work Flow


Getting Started

install

$
sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine;
                  
sudo yum install -y yum-utils;

sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo;
    
sudo yum install docker-ce docker-ce-cli containerd.io;

take out sudo

$
sudo groupadd docker;
sudo usermod -aG docker $USER;

reboot or relogin;


Run

$
sudo systemctl enable --now docker.service;

docker run hello-world

Resource