Docker is an open source project for the management of software containers that contain complete ecosystems to run software, with the main goal of isolating software components and simplify their deployment.
Accordingly, Docker provides a virtualization over the Linux kernel without the overhead of running virtual machines. This means that non-Linux systems run a Linux-based virtual machine Docker to run Docker containers. Docker exploits kernel namespaces and the cgroups to isolate and virtualize system resources for a collection of processes (e.g. process tree, CPU, network and mounted file systems), as well as union mounting which allows for the combination of separate directories into a one that is managed individually. This provides with a lightweight self-contained environment where software artifacts and their dependencies can be deployed.
A docker file is a text file that describes the steps that Docker has to undertake in order to prepare a Docker image. This includes for instance the installation and setup of third party packages and libraries, the creation of the runtime environment (e.g, variables, filesystem folders). An image can then be created from a Dockerfile using the command docker build. See this page for further information for the creation of a Dockerfile and Docker images.
A docker image is an immutable template defining a snapshot of execution environment in terms of parameters and filesystem, while a container is the running instantiation of an image.
The Docker engine translates the image to a running execution environment, by initializing requested resources (e.g., CPU, memory) and starting specified processes inside it.
This means that after stopping the container changes are lost, unless the container state is saved (i.e. committed) to an image.
We can run a container from a local or remote Docker image as follows:
docker run -i -t <containerImageName> /bin/bash
with -it starting the container in interactive mode providing a terminal. Alternatively, -d can be used to run the container as a background service. In this case, it is possible to later start an interactive session by using the docker attach <containerID> command. However, this connects to the same session used to start the processes in the container. To actually start a new shell on the container the exec command can be used (i.e., docker exec -it <containerId> bash). The container can be given a name, for instance --name <cname>. Using the --link and -p options, the container can be also started so as to reach the ports exposed by another container. The commands docker inspect and docker port can be used to list the port mappings of the container.
In addition, the -v option can be use to share a host folder as a specific folder on the Docker container. For instance, -v "$PWD":/current shares the current work directory (i.e., pwd) as the /current folder on the container.
Alternatively, data can be moved between a container and its host with:
docker cp <containerName>:/root/file.extension .
docker cp file.extension <containerName>:/root/file.extension
with the first copying from the host to the current work directory, and the second copying from the host to the container.
The processes running on a specific container can be monitored with:
docker top <containerId>
The process logs can instead be visualized using:
docker logs <containerId>
docker logs -f <containerId>
with f returning a continuous log stream. While this works well, in practice for several containers a solution like logspouts (https://github.com/gliderlabs/logspout) is preferable to collect logs on a log server.
Similarly, resource usage of the container can be retrieved with:
docker stats <containerId>
which provides a CLI stream that can be closed with a Ctrl-C.
The container also exposes a REST api which can be polled by any HTTP client.
The container can then be gracefully stopped (i.e, SIGTERM) with:
docker stop <containerId>
Alternatively, the container can be interrupted (i.e., SIGKILL) with:
docker killed <containerId>
All available containers can be listed with:
docker ps -a
List only the running Docker containers:
docker ps
List latest created containers:
docker ps -l
To show the changes made over a container:
docker diff <containerId>
The Docker container can be committed to a Docker image to possibly restore the state in future:
docker commit <containerId> <containerImageName>
Similarly, a container can be exported to a tarball as follows:
docker export <containerId> > tarball.tar
The tarball can consequently be imported with:
docker import <containerImageName> < tarball.tar
Alternatively, the container can be deleted with:
docker rm <containerId>
The following commands remove respectively all containers and all images available:
docker rm $(docker ps -a -q)
docker rmi $(docker images -q)
The list of Docker images available locally can be retrieved with:
docker images
An image can be looked on the Docker hub with:
docker search <containerImageName>
An image can be downloaded from the hub with:
docker pull <containerImageName>
A Docker image can be deleted from disk as follows:
docker rmi <imageId>
The list of Docker images available locally can be retrieved with:
docker images
An image can also be renamed and associated to tags (e.g., version) with:
docker tag <repository>:<currentTag> <newRepository>
docker tag <repository>:<currentTag> <newRepository>:<newTag>
To list all available commands
docker help
Docker provides a handy tool to ease the management of distributed systems.
Moreover, the introduced commands can be easily integrated into a continuous-integration (CI) / continuous-deployment (CD) pipeline, thus providing a complete solution for the setup, deployment and monitoring of distributed applications.
No comments:
Post a Comment