Master Docker: From Basics to Advanced Container Management

1.1 Container Overview

Linux containers isolate a set of processes from the rest of the system, run from an image that provides all required files, and ensure portability and consistency from development to production.

To guarantee that an application runs correctly across diverse environments without recreating servers, use containers to package required configurations and files.

Containers offer lightweight isolation compared to traditional virtualization, sharing the host kernel while keeping processes separate.

1.1.3 History of Containers

The concept began in 2000 with FreeBSD jail, evolved through VServer in 2001, and later matured into modern Linux containers.

1.2 What Is Docker?

Docker refers to the open‑source project, its tooling, and the company behind it. It implements containerization technology that enables easy creation, deployment, and migration of Linux containers.

1.2.1 How Docker Works

Docker leverages Linux kernel features such as cgroups and namespaces to isolate processes, providing a lightweight, portable environment for applications.

1.2.2 Docker vs. Traditional Linux Containers

Docker originated from LXC but has grown beyond it, adding image management, build automation, and orchestration capabilities.

1.2.3 Docker Goals

Docker’s primary goal is to "Build, Ship, and Run any App, Anywhere" – build an image, push it to a registry, and run it on any host.

1.3 Installing Docker

# Example environment check
cat /etc/redhat-release
uname -r
hostname -I

# Install Docker on CentOS 7
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce

1.3.1 Basic Docker Commands

Check Docker version: docker version Configure image registry mirrors:

vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

1.3.2 Run Your First Container

docker run -d -p 80:80 nginx

Key parameters:

run : create and start a container

-d : run in background

-p : port mapping

nginx : image name

1.3.3 Image Lifecycle

Typical steps include search, pull, list, tag, push, export, import, inspect, and delete.

1.4 Docker Image Operations

1.4.1 Search Official Repository

docker search centos

1.4.2 Pull an Image

docker pull centos

1.4.3 Export an Image

docker image save centos > centos.tar.gz

1.4.4 Delete an Image

docker image rm centos:latest

1.4.5 Import an Image

docker image load -i centos.tar.gz

1.5 Container Management

1.5.1 Start/Stop Containers

# Start a container
docker run nginx
# Create then start
docker create centos:latest /bin/bash
docker start <container_id>

1.5.2 Access a Running Container

# Interactive shell
docker run -it nginx /bin/bash
# Exec into an existing container
docker exec -it <container_name> /bin/bash

1.5.3 Remove All Containers

docker rm -f $(docker ps -a -q)

1.5.4 Port Mapping

# Map host port 8888 to container port 80
docker run -d -p 8888:80 nginx

1.6 Managing Docker Volumes

1.6.1 Mount a Volume When Running

docker run -d -p 80:80 -v /data:/usr/share/nginx/html nginx

1.6.2 Create and Use Named Volumes

# Create a volume
docker volume create mydata
# Run container with the volume
docker run -d -p 9000:80 -v mydata:/usr/share/nginx/html nginx

1.6.3 Save a Container as an Image

# Commit changes to a new image
docker commit <container_id> myimage:latest

1.7 Dockerfile Automated Builds

1.7.1 Dockerfile Instructions

Common directives include FROM, MAINTAINER, RUN, ADD, COPY, WORKDIR, VOLUME, EXPOSE, CMD, ENV, ENTRYPOINT.

1.7.2 Sample Dockerfile

# Create a simple SSH image based on CentOS 6.8
FROM centos:6.8
RUN yum install -y openssh-server && \
    echo "root:123456" | chpasswd && \
    /etc/init.d/sshd start
CMD ["/usr/sbin/sshd","-D"]

1.8 Image Layering

Docker builds images layer by layer; each layer is read‑only and shared among containers, while the top writable layer records changes (Copy‑on‑Write).

1.9 Running Zabbix with Docker

1.9.1 Container Inter‑Linking

# Link containers
docker run -d -p 80:80 nginx
docker run -it --link <nginx_container>:web01 centos /bin/bash

1.9.2 Deploy Zabbix Stack

# MySQL for Zabbix
docker run --name mysql-server -e MYSQL_DATABASE=zabbix -e MYSQL_USER=zabbix -e MYSQL_PASSWORD=zabbix_pwd -e MYSQL_ROOT_PASSWORD=root_pwd -d mysql:5.7
# Zabbix Java gateway
docker run --name zabbix-java-gateway -d zabbix/zabbix-java-gateway:latest
# Zabbix server
docker run --name zabbix-server-mysql -e DB_SERVER_HOST=mysql-server -e MYSQL_DATABASE=zabbix -e MYSQL_USER=zabbix -e MYSQL_PASSWORD=zabbix_pwd -e MYSQL_ROOT_PASSWORD=root_pwd -e ZBX_JAVAGATEWAY=zabbix-java-gateway --link mysql-server:mysql --link zabbix-java-gateway:zabbix-java-gateway -p 10051:10051 -d zabbix/zabbix-server-mysql:latest
# Zabbix web UI
docker run --name zabbix-web-nginx-mysql -e DB_SERVER_HOST=mysql-server -e MYSQL_DATABASE=zabbix -e MYSQL_USER=zabbix -e MYSQL_PASSWORD=zabbix_pwd -e MYSQL_ROOT_PASSWORD=root_pwd --link mysql-server:mysql --link zabbix-server-mysql:zabbix-server -p 80:80 -d zabbix/zabbix-web-nginx-mysql:latest

1.10 Docker Registry

1.10.1 Simple Registry

# Run a private registry
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
# Tag and push an image
docker tag busybox:latest 10.0.0.100:5000/clsn/busybox:1.0
docker push 10.0.0.100:5000/clsn/busybox

1.10.2 Registry with Basic Auth

# Install htpasswd
yum install -y httpd-tools
# Create auth file
mkdir -p /opt/registry-var/auth && htpasswd -Bbn clsn 123456 > /opt/registry-var/auth/htpasswd
# Run registry with auth
docker run -d -p 5000:5000 -v /opt/registry-var/auth:/auth -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
# Login and push
docker login 10.0.0.100:5000
docker push 10.0.0.100:5000/clsn/busybox

1.11 Docker‑Compose Orchestration

1.11.1 Install Docker‑Compose

# Install via pip
yum install -y python2-pip
pip install docker-compose

1.11.2 Example Compose File (WordPress + MySQL)

version: '3'
services:
  db:
    image: mysql:5.7
    volumes:
      - /data/db_data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: somewordpress
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    volumes:
      - /data/web_data:/var/www/html
    ports:
      - "8000:80"
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress

1.11.3 Scaling and Load Balancing with HAProxy

Scale WordPress services, configure HAProxy to balance traffic, and control back‑ends via the HAProxy stats socket or socat.

1.12 Ensuring Containers Restart After Docker Daemon Restart

# Always restart policy
docker run --restart=always <image>
# Enable live‑restore in /etc/docker/daemon.json
{
  "live-restore": true
}
systemctl restart docker

1.13 Docker Networking Types

Docker provides several network drivers: none (no networking), container (share another container’s namespace), host (use host’s network stack), and bridge (default NAT network).

1.13.6 Assigning Static IPs with Pipework

# Install pipework
wget https://github.com/jpetazzo/pipework/archive/master.zip
unzip master.zip && cp pipework-master/pipework /usr/local/bin/
chmod +x /usr/local/bin/pipework
# Create a bridge and attach a container
docker run -d --name httpd_pw httpd
pipework br0 $(docker inspect -f '{{.Id}}' httpd_pw) 10.0.0.220/[email protected]

1.14 Harbor – Enterprise Registry

Harbor provides a web UI, role‑based access, and image scanning. Install Docker, Docker‑Compose, download Harbor, configure harbor.cfg, and run ./install.sh. Push images with docker tag and docker push, then manage them via the UI.