Docker base

https://docs.docker.com/introduction/understanding-docker/

How to Install Docker on Ubuntu 14.04

Introduction

Docker is a container-based software framework for automating deployment of applications. “Containers” are encapsulated, lightweight, and portable application modules.

Pre-Flight Check

• These instructions are intended for installing Docker.
• I’ll be working from a Liquid Web Core Managed Ubuntu 14.04 LTS server, and I’ll be logged in as root.

Step 1: Installation of Docker

First, you’ll follow a simple best practice: ensuring the list of available packages is up to date before installing anything new.

apt-get update

Let’s install Docker by installing the docker-io package:

apt-get -y install docker.io

Link and fix paths with the following two commands:

ln -sf /usr/bin/docker.io /usr/local/bin/docker
sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io

Finally, and optionally, let’s configure Docker to start when the server boots:

update-rc.d docker.io defaults

Step 2: Download a Docker Container

Let’s begin using Docker! Download the fedora Docker image:

docker pull ubuntu

Step 3: Run a Docker Container

Now, to setup a basic ubuntu container with a bash shell, we just run one command. docker run will run a command in a new container, -i attaches stdin and stdout, -t allocates a tty, and we’re using the standardubuntu container.

docker run -i -t ubuntu /bin/bash

That’s it! You’re now using a bash shell inside of a ubuntu docker container.

To disconnect, or detach, from the shell without exiting use the escape sequence Ctrl-p + Ctrl-q.

There are many community containers already available, which can be found through a search. In the command below I am searching for the keyword debian:

Understand the architecture

What is Docker?

Docker is an open platform for developing, shipping, and running applications.Docker is designed to deliver your applications faster. With Docker you canseparate your applications from your infrastructure AND treat yourinfrastructure like a managed application. Docker helps you ship code faster,test faster, deploy faster, and shorten the cycle between writing code andrunning code.

Docker does this by combining a lightweight container virtualization platformwith workflows and tooling that help you manage and deploy your applications.

At its core, Docker provides a way to run almost any application securelyisolated in a container. The isolation and security allow you to run manycontainers simultaneously on your host. The lightweight nature of containers,which run without the extra load of a hypervisor, means you can get more out ofyour hardware.

Surrounding the container virtualization are tooling and a platform which canhelp you in several ways:

• getting your applications (and supporting components) into Docker containers
• distributing and shipping those containers to your teams for further developmentand testing
• deploying those applications to your production environment,whether it be in a local data center or the Cloud.

What can I use Docker for?

Faster delivery of your applications

Docker is perfect for helping you with the development lifecycle. Dockerallows your developers to develop on local containers that contain yourapplications and services. It can then integrate into a continuous integration anddeployment workflow.

For example, your developers write code locally and share their development stack viaDocker with their colleagues. When they are ready, they push their code and thestack they are developing onto a test environment and execute any requiredtests. From the testing environment, you can then push the Docker images intoproduction and deploy your code.

Deploying and scaling more easily

Docker’s container-based platform allows for highly portable workloads. Dockercontainers can run on a developer’s local host, on physical or virtual machinesin a data center, or in the Cloud.

Docker’s portability and lightweight nature also make dynamically managingworkloads easy. You can use Docker to quickly scale up or tear down applicationsand services. Docker’s speed means that scaling can be near real time.

Achieving higher density and running more workloads

Docker is lightweight and fast. It provides a viable, cost-effective alternativeto hypervisor-based virtual machines. This is especially useful in high densityenvironments: for example, building your own Cloud or Platform-as-a-Service. Butit is also useful for small and medium deployments where you want to get moreout of the resources you have.

What are the major Docker components?

Docker has two major components:

• Docker: the open source container virtualization platform.
• Docker Hub: our Software-as-a-Serviceplatform for sharing and managing Docker containers.

Note: Docker is licensed under the open source Apache 2.0 license.

What is Docker’s architecture?

Docker uses a client-server architecture. The Docker client talks to theDocker daemon, which does the heavy lifting of building, running, anddistributing your Docker containers. Both the Docker client and the daemon canrun on the same system, or you can connect a Docker client to a remote Dockerdaemon. The Docker client and daemon communicate via sockets or through aRESTful API.

The Docker daemon

As shown in the diagram above, the Docker daemon runs on a host machine. Theuser does not directly interact with the daemon, but instead through the Dockerclient.

The Docker client

The Docker client, in the form of the docker binary, is the primary userinterface to Docker. It accepts commands from the user and communicates back andforth with a Docker daemon.

Inside Docker

To understand Docker’s internals, you need to know about three components:

• Docker images.
• Docker registries.
• Docker containers.

Docker images

A Docker image is a read-only template. For example, an image could contain an Ubuntuoperating system with Apache and your web application installed. Images are used to createDocker containers. Docker provides a simple way to build new images or update existingimages, or you can download Docker images that other people have already created.Docker images are the build component of Docker.

Docker registries

Docker registries hold images. These are public or private stores from which you uploador download images. The public Docker registry is calledDocker Hub. It provides a huge collection of existingimages for your use. These can be images you create yourself or youcan use images that others have previously created. Docker registries are thedistribution component of Docker.

Docker containers

Docker containers are similar to a directory. A Docker container holds everything thatis needed for an application to run. Each container is created from a Dockerimage. Docker containers can be run, started, stopped, moved, and deleted. Eachcontainer is an isolated and secure application platform. Docker containers are the run component of Docker.

So how does Docker work?

So far, we’ve learned that:

1. You can build Docker images that hold your applications.
2. You can create Docker containers from those Docker images to run yourapplications.
3. You can share those Docker images viaDocker Hub or your own registry.

Let’s look at how these elements combine together to make Docker work.

How does a Docker image work?

We’ve already seen that Docker images are read-only templates from which Dockercontainers are launched. Each image consists of a series of layers. Dockermakes use of union file systems tocombine these layers into a single image. Union file systems allow files anddirectories of separate file systems, known as branches, to be transparentlyoverlaid, forming a single coherent file system.

One of the reasons Docker is so lightweight is because of these layers. When youchange a Docker image—for example, update an application to a new version— a new layergets built. Thus, rather than replacing the whole image or entirelyrebuilding, as you may do with a virtual machine, only that layer is added orupdated. Now you don’t need to distribute a whole new image, just the update,making distributing Docker images faster and simpler.

Every image starts from a base image, for example ubuntu, a base Ubuntu image,or fedora, a base Fedora image. You can also use images of your own as thebasis for a new image, for example if you have a base Apache image you could usethis as the base of all your web application images.

Note: Docker usually gets these base images fromDocker Hub.

Docker images are then built from these base images using a simple, descriptiveset of steps we call instructions. Each instruction creates a new layer in ourimage. Instructions include actions like:

• Run a command.
• Add a file or directory.
• Create an environment variable.
• What process to run when launching a container from this image.

These instructions are stored in a file called a Dockerfile. Docker reads thisDockerfile when you request a build of an image, executes the instructions, andreturns a final image.

How does a Docker registry work?

The Docker registry is the store for your Docker images. Once you build a Dockerimage you can push it to a public registry Docker Hub or toyour own registry running behind your firewall.

Using the Docker client, you can search for already published images and thenpull them down to your Docker host to build containers from them.

Docker Hub provides both public and private storagefor images. Public storage is searchable and can be downloaded by anyone.Private storage is excluded from search results and only you and your users canpull images down and use them to build containers. You can sign up for a storage planhere.

How does a container work?

A container consists of an operating system, user-added files, and meta-data. Aswe’ve seen, each container is built from an image. That image tells Dockerwhat the container holds, what process to run when the container is launched, anda variety of other configuration data. The Docker image is read-only. WhenDocker runs a container from an image, it adds a read-write layer on top of theimage (using a union file system as we saw earlier) in which your application canthen run.

What happens when you run a container?

Either by using the docker binary or via the API, the Docker client tells the Dockerdaemon to run a container.

$ docker run -i -t ubuntu /bin/bash

Let’s break down this command. The Docker client is launched using the dockerbinary with the run option telling it to launch a new container. The bareminimum the Docker client needs to tell the Docker daemon to run the containeris:

• What Docker image to build the container from, here ubuntu, a base Ubuntuimage;
• The command you want to run inside the container when it is launched,here /bin/bash, to start the Bash shell inside the new container.

So what happens under the hood when we run this command?

In order, Docker does the following:

• Pulls the ubuntu image: Docker checks for the presence of the ubuntuimage and, if it doesn’t exist locally on the host, then Docker downloads it fromDocker Hub. If the image already exists, then Dockeruses it for the new container.
• Creates a new container: Once Docker has the image, it uses it to create acontainer.
• Allocates a filesystem and mounts a read-write layer: The container is created inthe file system and a read-write layer is added to the image.
• Allocates a network / bridge interface: Creates a network interface that allows theDocker container to talk to the local host.
• Sets up an IP address: Finds and attaches an available IP address from a pool.
• Executes a process that you specify: Runs your application, and;
• Captures and provides application output: Connects and logs standard input, outputsand errors for you to see how your application is running.

You now have a running container! From here you can manage your container, interact withyour application and then, when finished, stop and remove your container.

The underlying technology

Docker is written in Go and makes use of several Linux kernel features todeliver the functionality we’ve seen.

Namespaces

Docker takes advantage of a technology called namespaces to provide theisolated workspace we call the container. When you run a container, Dockercreates a set of namespaces for that container.

This provides a layer of isolation: each aspect of a container runs in its ownnamespace and does not have access outside it.

Some of the namespaces that Docker uses are:

• The pid namespace: Used for process isolation (PID: Process ID).
• The net namespace: Used for managing network interfaces (NET:Networking).
• The ipc namespace: Used for managing access to IPCresources (IPC: InterProcess Communication).
• The mnt namespace: Used for managing mount-points (MNT: Mount).
• The uts namespace: Used for isolating kernel and version identifiers. (UTS: UnixTimesharing System).

Control groups

Docker also makes use of another technology called cgroups or control groups.A key to running applications in isolation is to have them only use theresources you want. This ensures containers are good multi-tenant citizens on ahost. Control groups allow Docker to share available hardware resources tocontainers and, if required, set up limits and constraints. For example,limiting the memory available to a specific container.

Union file systems

Union file systems, or UnionFS, are file systems that operate by creating layers,making them very lightweight and fast. Docker uses union file systems to providethe building blocks for containers. Docker can make use of several union file system variantsincluding: AUFS, btrfs, vfs, and DeviceMapper.

Container format

Docker combines these components into a wrapper we call a container format. Thedefault container format is called libcontainer. Docker also supportstraditional Linux containers using LXC. In thefuture, Docker may support other container formats, for example, by integrating withBSD Jails or Solaris Zones.

Next steps

Installing Docker

Visit the installation section.

The Docker user guide

Learn Docker in depth.