Docker is becoming a very popular in virtualization world.
What is Docker? It is an open-source project that automates the deployment of applications inside linux container.
What is Linux container? It provides “operation-system level virtualization” on Linux, i.e. it provides a way for user to create a userspace enviroment(root file system) on top of underlying host linux kernel.
What is needed from Linux kernel? In general, it requires kernel 3.10+, with namespace, cgroup, plus libcontainer.
The following diagram shows the overall picture of Docker.
In this post, I will share what I learned about Docker.
Docker main components
Host: the machine that is running the containers.
Image: a hierarchy of files, with meta-data for how to run a container.
Container: a contained running process, started from an image.
Registry: a repository of images.
Volume: storage outside the container.
Dockerfile: a script for creating images.
There a a few Linux distributions supports docker, such as ubuntu, centos, Redhat, Fedora, coreos.
Let’s take ubuntu 14.04 desktop system which runs kernel 3.16 as example.
In ubuntu, typically we can use apt-get to install application. However for Docker, the situation is a bit different. Because Docker is under actively development,
we want to install pretty new version, as we can see below, the Docker version in ubuntu 14.04 repository, it is a bit too old: version 1.0.1
The following shows how to configure to install the latest available Docker:
After installation, we can verify the status of Docker:
For system like Centos, to install latest, the following instructions are to be run to install binary directly:
For more information about installation of docker, check [here] (https://docs.docker.com/installation/)
How Does Docker Work?
Docker is implemented as a client-server mode; The Docker daemon runs on the Host and it is accessed via a socket connection from the client. The client may, but does not have to, be on the same machine as the daemon. The Docker CLI client works the same way as any other client but it is usually connected through a Unix domain socket instead of a TCP socket.
The daemon receives commands from the client and manages the containers on the Host where it is running.
In above, it show Docker daemon runs as regular linux host process 1311.
“/usr/bin/docker” is to be invoked as Docker client to send commands to Docker daemon.
When Docker daemon runs, it uses /etc/default/docker as a configuration file:
Run Docker container
The following are commands to for client to interact with containers:
For more details, use “docker help”.
Below is an example of starting a container using Fedora image:
Here there are a few points to make:
Command "docker run -it fedora /bin/bash" is invoked by user so that docker client send requests to docker daemon through UNIX socket to start a conatiner using fedora docker image, then run /bin/bash command.
In the output of first line "Unable to find image 'fedora:latest' locally", it means no fedora image available, then it goes to default docker registry to fetch fedora docker image, nice!
After fedora image is pulled and verified, container is started as instance ID c3cfa2c8ba3f, and runs command /bin/bash.
cat /etc/os-release does tell that container is running Fedora image.
"uname -a" tells it runs on top of kernel 3.16.0-30-generic from ubuntu build, which is host kernel.
"ls /dev" shows very limted number of device files, because these are only devices available to container by default. Additional device can be exposed to container by using "--device" option.
From another xterm, we can verify the container running:
It is interesting to note that even after exiting from container, the container is still there, meaning the configuration/meta-data about the conatiner is still
in the host, unless using “docker rm $containerID” to remove it. See example below “docker ps -a” shows all existing containers, even thoug only one container is active.
One of most amazing features of Docker to me is the Docker image management. It is done in an excellent fashion.
Docker containers are constructed by sequentially mounting a set of file systems from one or more images.
A Docker image is a file system layer with an optional parent image reference.
Layered images tend to supply one specific feature on top of parent image
Upper layer files mask files at lower layers with the same pathname
An image with no parent image is called a Base image, e.g. ubuntu, centos, Debian, fedora, cirros
Image file systems are immutable within container.
Allow one image to support multiple container instances with repeatable results
Reduces the disk and memory footprint of a given set of containers which share the same read only images
Conatiners have a writable file system
The container file system is initially empty
All writes go to this file system and overlay any matching underlying image files
In this way, container file systems contain only the delta between their file system state and that of their underlying images.
The view from the top down, including all file systems in the stack, is called the union file system.
Docker bootfs is a special layer.
Supplies the in memory file system interface to the kernel
Supplies the kernel library interface
Docker filesystem need backend support.
Docker depends on the efficient use of layered images. Various file system features in kernel implement file system layering.
Each container has two layers: 1. init layer : child of specified image; 2. child of init layer: container specific data.
Committing a container creates a new image layer based on the image the container was created from.
Docker backends file system supported (in preference order)
aufs: Advanced multi layered Unification FileSystem.
vfs: no shared storage
Container independant Volumes:
write-heavy IO (database, logs)
host volumes can be accessed across multiple concurrent containers
Docker Repositories & Registries
A repository is a hosted collection of tagged images that together create the file system for a container.
A registry is a service that stores repositories and provides an HTTP API for managing the upload and downloading of repositories.
Default registry used by docker engine is Docker hub public registry: http://hub.docker.com
Companies can deploy private registries using open source solution like Docker registry from Docker Inc, Artifactory.
Dockerfile is just like a shell script, and it is understood by docker, can build image by parsing Dockefile.