mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #23359 from londoncalling/docker-engine-overview
re-doing Docker Engine overview topics for v.1.12
This commit is contained in:
commit
1164f917fa
11 changed files with 102 additions and 232 deletions
BIN
docs/article-img/engine-components-flow.png
Normal file
BIN
docs/article-img/engine-components-flow.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 34 KiB |
|
@ -1,205 +0,0 @@
|
|||
<!--[metadata]>
|
||||
+++
|
||||
aliases = ["/engine/userguide/basics/"]
|
||||
title = "Quickstart"
|
||||
description = "Common usage and commands"
|
||||
keywords = ["Examples, Usage, basic commands, docker, documentation, examples"]
|
||||
[menu.main]
|
||||
parent = "engine_use"
|
||||
weight=-90
|
||||
+++
|
||||
<![end-metadata]-->
|
||||
|
||||
# Docker Engine Quickstart
|
||||
|
||||
This quickstart assumes you have a working installation of Docker Engine. To verify Engine is installed and configured, use the following command:
|
||||
|
||||
# Check that you have a working install
|
||||
$ docker info
|
||||
|
||||
If you have a successful install, the system information appears. If you get `docker: command not found` or something like
|
||||
`/var/lib/docker/repositories: permission denied` you may have an
|
||||
incomplete Docker installation or insufficient privileges to access
|
||||
Engine on your machine. With the default installation of Engine `docker`
|
||||
commands need to be run by a user that is in the `docker` group or by the
|
||||
`root` user.
|
||||
|
||||
Depending on your Engine system configuration, you may be required
|
||||
to preface each `docker` command with `sudo`. If you want to run without using
|
||||
`sudo` with the `docker` commands, then create a Unix group called `docker` and
|
||||
add the user to the 'docker' group.
|
||||
|
||||
For more information about installing Docker Engine or `sudo` configuration, refer to
|
||||
the [installation](installation/index.md) instructions for your operating system.
|
||||
|
||||
|
||||
## Download a pre-built image
|
||||
|
||||
To pull an `ubuntu` image, run:
|
||||
|
||||
# Download an ubuntu image
|
||||
$ docker pull ubuntu
|
||||
|
||||
This downloads the `ubuntu` image by name from [Docker Hub](https://hub.docker.com) to a local
|
||||
image cache. To search for an image, run `docker search`. For more information, go to:
|
||||
[Searching images](userguide/containers/dockerrepos.md#searching-for-images)
|
||||
|
||||
|
||||
> **Note**:
|
||||
> When the image is successfully downloaded, you see a 12 character
|
||||
> hash `539c0211cd76: Download complete` which is the
|
||||
> short form of the Image ID. These short Image IDs are the first 12
|
||||
> characters of the full Image ID. To view this information, run
|
||||
> `docker inspect` or `docker images --no-trunc=true`.
|
||||
|
||||
To display a list of downloaded images, run `docker images`.
|
||||
|
||||
## Running an interactive shell
|
||||
|
||||
To run an interactive shell in the Ubuntu image:
|
||||
|
||||
$ docker run -i -t ubuntu /bin/bash
|
||||
|
||||
The `-i` flag starts an interactive container.
|
||||
The `-t` flag creates a pseudo-TTY that attaches `stdin` and `stdout`.
|
||||
The image is `ubuntu`.
|
||||
The command `/bin/bash` starts a shell you can log in.
|
||||
|
||||
To detach the `tty` without exiting the shell, use the escape sequence
|
||||
`Ctrl-p` + `Ctrl-q`. The container continues to exist in a stopped state
|
||||
once exited. To list all running containers, run `docker ps`. To view stopped and running containers,
|
||||
run `docker ps -a`.
|
||||
|
||||
## Bind Docker to another host/port or a Unix socket
|
||||
|
||||
> **Warning**:
|
||||
> Changing the default `docker` daemon binding to a
|
||||
> TCP port or Unix *docker* user group will increase your security risks
|
||||
> by allowing non-root users to gain *root* access on the host. Make sure
|
||||
> you control access to `docker`. If you are binding
|
||||
> to a TCP port, anyone with access to that port has full Docker access;
|
||||
> so it is not advisable on an open network.
|
||||
|
||||
With `-H` it is possible to make the Docker daemon to listen on a
|
||||
specific IP and port. By default, it will listen on
|
||||
`unix:///var/run/docker.sock` to allow only local connections by the
|
||||
*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP
|
||||
to give access to everybody, but that is **not recommended** because
|
||||
then it is trivial for someone to gain root access to the host where the
|
||||
daemon is running.
|
||||
|
||||
Similarly, the Docker client can use `-H` to connect to a custom port.
|
||||
The Docker client will default to connecting to `unix:///var/run/docker.sock`
|
||||
on Linux, and `tcp://127.0.0.1:2376` on Windows.
|
||||
|
||||
`-H` accepts host and port assignment in the following format:
|
||||
|
||||
tcp://[host]:[port][path] or unix://path
|
||||
|
||||
For example:
|
||||
|
||||
- `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption
|
||||
is on, or port `2375` when communication is in plain text.
|
||||
- `tcp://host:2375` -> TCP connection on
|
||||
host:2375
|
||||
- `tcp://host:2375/path` -> TCP connection on
|
||||
host:2375 and prepend path to all requests
|
||||
- `unix://path/to/socket` -> Unix socket located
|
||||
at `path/to/socket`
|
||||
|
||||
`-H`, when empty, will default to the same value as
|
||||
when no `-H` was passed in.
|
||||
|
||||
`-H` also accepts short form for TCP bindings:
|
||||
|
||||
`host:` or `host:port` or `:port`
|
||||
|
||||
Run Docker in daemon mode:
|
||||
|
||||
$ sudo <path to>/dockerd -H 0.0.0.0:5555 &
|
||||
|
||||
Download an `ubuntu` image:
|
||||
|
||||
$ docker -H :5555 pull ubuntu
|
||||
|
||||
You can use multiple `-H`, for example, if you want to listen on both
|
||||
TCP and a Unix socket
|
||||
|
||||
# Run docker in daemon mode
|
||||
$ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
|
||||
# Download an ubuntu image, use default Unix socket
|
||||
$ docker pull ubuntu
|
||||
# OR use the TCP port
|
||||
$ docker -H tcp://127.0.0.1:2375 pull ubuntu
|
||||
|
||||
## Starting a long-running worker process
|
||||
|
||||
# Start a very useful long-running process
|
||||
$ JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")
|
||||
|
||||
# Collect the output of the job so far
|
||||
$ docker logs $JOB
|
||||
|
||||
# Kill the job
|
||||
$ docker kill $JOB
|
||||
|
||||
## Listing containers
|
||||
|
||||
$ docker ps # Lists only running containers
|
||||
$ docker ps -a # Lists all containers
|
||||
|
||||
## Controlling containers
|
||||
|
||||
# Start a new container
|
||||
$ JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")
|
||||
|
||||
# Stop the container
|
||||
$ docker stop $JOB
|
||||
|
||||
# Start the container
|
||||
$ docker start $JOB
|
||||
|
||||
# Restart the container
|
||||
$ docker restart $JOB
|
||||
|
||||
# SIGKILL a container
|
||||
$ docker kill $JOB
|
||||
|
||||
# Remove a container
|
||||
$ docker stop $JOB # Container must be stopped to remove it
|
||||
$ docker rm $JOB
|
||||
|
||||
## Bind a service on a TCP port
|
||||
|
||||
# Bind port 4444 of this container, and tell netcat to listen on it
|
||||
$ JOB=$(docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444)
|
||||
|
||||
# Which public port is NATed to my container?
|
||||
$ PORT=$(docker port $JOB 4444 | awk -F: '{ print $2 }')
|
||||
|
||||
# Connect to the public port
|
||||
$ echo hello world | nc 127.0.0.1 $PORT
|
||||
|
||||
# Verify that the network connection worked
|
||||
$ echo "Daemon received: $(docker logs $JOB)"
|
||||
|
||||
## Committing (saving) a container state
|
||||
|
||||
To save the current state of a container as an image:
|
||||
|
||||
$ docker commit <container> <some_name>
|
||||
|
||||
When you commit your container, Docker Engine only stores the diff (difference) between
|
||||
the source image and the current state of the container's image. To list images
|
||||
you already have, run:
|
||||
|
||||
# List your images
|
||||
$ docker images
|
||||
|
||||
You now have an image state from which you can create new instances.
|
||||
|
||||
## Where to go next
|
||||
|
||||
* Work your way through the [Docker Engine User Guide](userguide/index.md)
|
||||
* Read more about [Store Images on Docker Hub](userguide/containers/dockerrepos.md)
|
||||
* Review [Command Line](reference/commandline/cli.md)
|
|
@ -15,7 +15,7 @@ weight = 3
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST, but for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `STDOUT`,
|
||||
`STDIN` and `STDERR`.
|
||||
|
|
|
@ -15,7 +15,7 @@ weight = 2
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
|
|
@ -15,7 +15,7 @@ weight = 1
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
@ -1362,12 +1362,12 @@ or being killed.
|
|||
|
||||
Query Parameters:
|
||||
|
||||
- **dockerfile** - Path within the build context to the Dockerfile. This is
|
||||
- **dockerfile** - Path within the build context to the Dockerfile. This is
|
||||
ignored if `remote` is specified and points to an individual filename.
|
||||
- **t** – A repository name (and optionally a tag) to apply to
|
||||
the resulting image in case of success.
|
||||
- **remote** – A Git repository URI or HTTP/HTTPS URI build source. If the
|
||||
URI specifies a filename, the file's contents are placed into a file
|
||||
- **remote** – A Git repository URI or HTTP/HTTPS URI build source. If the
|
||||
URI specifies a filename, the file's contents are placed into a file
|
||||
called `Dockerfile`.
|
||||
- **q** – Suppress verbose build output.
|
||||
- **nocache** – Do not use the cache when building the image.
|
||||
|
@ -2338,7 +2338,7 @@ from **200 OK** to **101 UPGRADED** and resends the same headers.
|
|||
|
||||
## 3.3 CORS Requests
|
||||
|
||||
To set cross origin requests to the remote api please give values to
|
||||
To set cross origin requests to the remote api please give values to
|
||||
`--api-cors-header` when running Docker in daemon mode. Set * (asterisk) allows all,
|
||||
default or blank means CORS disabled
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ weight=-2
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
|
|
@ -15,7 +15,7 @@ weight=-3
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
|
|
@ -15,7 +15,7 @@ weight=-4
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
|
|
@ -15,7 +15,7 @@ weight=-5
|
|||
|
||||
- The Remote API has replaced `rcli`.
|
||||
- The daemon listens on `unix:///var/run/docker.sock` but you can
|
||||
[Bind Docker to another host/port or a Unix socket](../../quickstart.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
[Bind Docker to another host/port or a Unix socket](../commandline/dockerd.md#bind-docker-to-another-host-port-or-a-unix-socket).
|
||||
- The API tends to be REST. However, for some complex commands, like `attach`
|
||||
or `pull`, the HTTP connection is hijacked to transport `stdout`,
|
||||
`stdin` and `stderr`.
|
||||
|
|
|
@ -139,6 +139,68 @@ The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
|
|||
environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes
|
||||
precedence over `HTTP_PROXY`.
|
||||
|
||||
### Bind Docker to another host/port or a Unix socket
|
||||
|
||||
> **Warning**:
|
||||
> Changing the default `docker` daemon binding to a
|
||||
> TCP port or Unix *docker* user group will increase your security risks
|
||||
> by allowing non-root users to gain *root* access on the host. Make sure
|
||||
> you control access to `docker`. If you are binding
|
||||
> to a TCP port, anyone with access to that port has full Docker access;
|
||||
> so it is not advisable on an open network.
|
||||
|
||||
With `-H` it is possible to make the Docker daemon to listen on a
|
||||
specific IP and port. By default, it will listen on
|
||||
`unix:///var/run/docker.sock` to allow only local connections by the
|
||||
*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP
|
||||
to give access to everybody, but that is **not recommended** because
|
||||
then it is trivial for someone to gain root access to the host where the
|
||||
daemon is running.
|
||||
|
||||
Similarly, the Docker client can use `-H` to connect to a custom port.
|
||||
The Docker client will default to connecting to `unix:///var/run/docker.sock`
|
||||
on Linux, and `tcp://127.0.0.1:2376` on Windows.
|
||||
|
||||
`-H` accepts host and port assignment in the following format:
|
||||
|
||||
tcp://[host]:[port][path] or unix://path
|
||||
|
||||
For example:
|
||||
|
||||
- `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption
|
||||
is on, or port `2375` when communication is in plain text.
|
||||
- `tcp://host:2375` -> TCP connection on
|
||||
host:2375
|
||||
- `tcp://host:2375/path` -> TCP connection on
|
||||
host:2375 and prepend path to all requests
|
||||
- `unix://path/to/socket` -> Unix socket located
|
||||
at `path/to/socket`
|
||||
|
||||
`-H`, when empty, will default to the same value as
|
||||
when no `-H` was passed in.
|
||||
|
||||
`-H` also accepts short form for TCP bindings:
|
||||
|
||||
`host:` or `host:port` or `:port`
|
||||
|
||||
Run Docker in daemon mode:
|
||||
|
||||
$ sudo <path to>/dockerd -H 0.0.0.0:5555 &
|
||||
|
||||
Download an `ubuntu` image:
|
||||
|
||||
$ docker -H :5555 pull ubuntu
|
||||
|
||||
You can use multiple `-H`, for example, if you want to listen on both
|
||||
TCP and a Unix socket
|
||||
|
||||
# Run docker in daemon mode
|
||||
$ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
|
||||
# Download an ubuntu image, use default Unix socket
|
||||
$ docker pull ubuntu
|
||||
# OR use the TCP port
|
||||
$ docker -H tcp://127.0.0.1:2375 pull ubuntu
|
||||
|
||||
### Daemon storage-driver option
|
||||
|
||||
The Docker daemon has support for several different image layer storage
|
||||
|
@ -529,7 +591,7 @@ can specify default container isolation technology with this, for example:
|
|||
|
||||
Will make `hyperv` the default isolation technology on Windows. If no isolation
|
||||
value is specified on daemon start, on Windows client, the default is
|
||||
`hyperv`, and on Windows server, the default is `process`.
|
||||
`hyperv`, and on Windows server, the default is `process`.
|
||||
|
||||
## Daemon DNS options
|
||||
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
<!--[metadata]>
|
||||
+++
|
||||
aliases = ["/introduction/understanding-docker/"]
|
||||
title = "Understand the architecture"
|
||||
aliases = [
|
||||
"/introduction/understanding-docker/",
|
||||
"/engine/userguide/basics/",
|
||||
"/engine/quickstart.md"
|
||||
]
|
||||
title = "Docker Overview"
|
||||
description = "Docker explained in depth"
|
||||
keywords = ["docker, introduction, documentation, about, technology, understanding"]
|
||||
[menu.main]
|
||||
parent = "engine_use"
|
||||
weight = -82
|
||||
weight = -90
|
||||
+++
|
||||
<![end-metadata]-->
|
||||
|
||||
# Understand the architecture
|
||||
# Docker Overview
|
||||
|
||||
Docker is an open platform for developing, shipping, and running applications.
|
||||
Docker is designed to deliver your applications faster. With Docker you can
|
||||
|
@ -22,6 +26,8 @@ running code.
|
|||
Docker does this by combining kernel containerization features with workflows
|
||||
and tooling that help you manage and deploy your applications.
|
||||
|
||||
## What is the Docker platform?
|
||||
|
||||
At its core, Docker provides a way to run almost any application securely
|
||||
isolated in a container. The isolation and security allow you to run many
|
||||
containers simultaneously on your host. The lightweight nature of containers,
|
||||
|
@ -37,6 +43,24 @@ and testing
|
|||
* Deploy those applications to your production environment,
|
||||
whether it is in a local data center or the Cloud
|
||||
|
||||
## What is Docker Engine?
|
||||
|
||||
Docker Engine is a client-server application with these major components:
|
||||
|
||||
* A server which is a type of long-running program called a daemon process.
|
||||
|
||||
* A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
|
||||
|
||||
* A command line interface (CLI) client.
|
||||
|
||||
![Docker Engine Components Flow](article-img/engine-components-flow.png)
|
||||
|
||||
The CLI imakes use of the Docker REST API to control or interact with the Docker daemon through scripting or direct CLI commands. Many other Docker applications make use of the underlying API and CLI.
|
||||
|
||||
The daemon creates and manages Docker objects. Docker objects include images, containers, networks, data volumes, and so forth.
|
||||
|
||||
> **Note:** Docker is licensed under the open source Apache 2.0 license.
|
||||
|
||||
## What can I use Docker for?
|
||||
|
||||
*Faster delivery of your applications*
|
||||
|
@ -70,17 +94,6 @@ environments: for example, building your own Cloud or Platform-as-a-Service. But
|
|||
it is also useful for small and medium deployments where you want to get more
|
||||
out of the resources you have.
|
||||
|
||||
## What are the major Docker components?
|
||||
Docker has two major components:
|
||||
|
||||
|
||||
* Docker Engine: the open source containerization platform.
|
||||
* [Docker Hub](https://hub.docker.com): our Software-as-a-Service
|
||||
platform for sharing and managing Docker containers.
|
||||
|
||||
|
||||
> **Note:** Docker is licensed under the open source Apache 2.0 license.
|
||||
|
||||
## What is Docker's architecture?
|
||||
Docker uses a client-server architecture. The Docker *client* talks to the
|
||||
Docker *daemon*, which does the heavy lifting of building, running, and
|
||||
|
|
Loading…
Reference in a new issue