ALL > Computer and Education > courses > university courses > graduate courses > modern operating system > ZSTU-(2019-2020-2) Class > student directories > SAID, Kabir Sulaiman L20192E060110 >
A review of Docker Version 0
👤 Author: by kabirssulaimangmailcom 2020-06-15 13:32:53
Introduction

A concept of cloud computing, widely spread recently, means on-demand availability of computer system resources. Peter Mell and Tim Grance from National Institute of Standards and Technology (NIST) define cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Their cloud model is composed of five essential characteristics, three service models, and four deployment models. Five essential characteristics include: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The service models include: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Deployment models are the following: Private cloud, Community cloud, Public cloud, and Hybrid cloud.

Among known implementations of PaaS service model, Docker Containers are rapidly developing and attracting more and more customers in various application areas. Docker uses operating system level virtualization to deliver software in packages called containers. Containers are isolated from one another and contain all the required software, including operating system API, libraries and configuration files. Containers can communicate with each other through well-defined channels. All containers are run by a single operating-system kernel and are thus more lightweight than virtual machines [5-6]. The software that hosts the containers is called Docker Engine and is installed now on Linux, MS Windows, and Apple MacOS platforms. Works on Docker has started in 2010 and first released in 2013. Recently Docker wins millions of developers and customers offering a public repository of containers. It supports also parallel and distributed computing with Docker Swarm technology.

Docker

Docker represents one of the most successful implementations of the PaaS Cloud Computing concept. A Docker image encapsulates an application together with its entire environment including libraries and operating system and runs on Docker Engine. Docker Engine can be started on Linix, Windows, MacOS and in future on other operating systems. Thus a certain independence of an image from operating environment is provides while it is claimed that Docker runs an image considerably faster than a virtual machine.

Docker command line interface executes commands starting with “docker” prefix. To run an image, we use “docker run” command. For a quick start, we can either run hello-world image or use explicitly Linux echo command starting image ubuntu:

docker run hello-world

docker run ubuntu /bin/echo 'Hello world‘

On processing run command, Docker creates and starts a new container from the image, downloading a new image if required. A container runs within Docker Engine which can be considered as a kind of thin virtual machine (Fig. 1); recently Docker Engine works within Linux, MS Windows, and MacOS. There are more than fifty Docker commands. Among the most frequently used, we mention: “docker info” to display system-wide info; “docker images” to list images; “docker ps” to list containers (running images); “docker build” to build an image from a Dockerfile which represents a textual file specifying how the image should be built. For instance, we build and run image specified by the following file named Dockerfile and stored in the current directory:

cat Dockerfile

FROM ubuntu:latest

RUN /bin/bash

docker build -t u2 .

docker run -it u2

#

The option “-t” specifies the image name, and the option “-it” specifies an interactive mode of work; after starting, the image issues an invitation “#” waiting a bash command to process. A Dockerfile begins with “FROM” instruction that specifies parent image from which the current image is built. To use a file when building an image, we copy it into the image using “COPY” instruction. Instruction “RUN” specifies commands which build a new layer of the current image. When an image is started, a command specified in “CMD” instruction is executed.

Operations

Docker can package an application and its dependencies in a virtual container that can run on any Linux server. This helps provide flexibility and portability enabling the application to be run in various locations, whether on-premises, in a public cloud, or in a private cloud.[30] Docker uses the resource isolation features of the Linux kernel (such as cgroups and kernel namespaces) and a union-capable file system (such as OverlayFS) to allow containers to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines.[32] Because Docker containers are lightweight, a single server or virtual machine can run several containers simultaneously. A 2018 analysis found that a typical Docker use case involves running eight containers per host, but that a quarter of analyzed organizations run 18 or more per host.

The Linux kernel's support for namespaces mostly isolates an application's view of the operating environment, including process trees, network, user IDs and mounted file systems, while the kernel's cgroups provide resource limiting for memory and CPU. Since version 0.9, Docker includes its own component (called "libcontainer") to directly use virtualization facilities provided by the Linux kernel, in addition to using abstracted virtualization interfaces via libvirt, LXC and systemd-nspawn. Docker implements a high-level API to provide lightweight containers that run processes in isolation.

Components

The Docker software as a service offering consists of three components:

Software: The Docker daemon, called dockerd, is a persistent process that manages Docker containers and handles container objects. The daemon listens for requests sent via the Docker Engine API. The Docker client program, called docker, provides a command-line interface that allows users to interact with Docker daemons.

Objects: Docker objects are various entities used to assemble an application in Docker. The main classes of Docker objects are images, containers, and services.

  • A Docker container is a standardized, encapsulated environment that runs applications. A container is managed using the Docker API or CLI.

  • A Docker image is a read-only template used to build containers. Images are used to store and ship applications.

  • A Docker service allows containers to be scaled across multiple Docker daemons. The result is known as a swarm, a set of cooperating daemons that communicate through the Docker API.


Registries: A Docker registry is a repository for Docker images. Docker clients connect to registries to download ("pull") images for use or upload ("push") images that they have built. Registries can be public or private. Two main public registries are Docker Hub and Docker Cloud. Docker Hub is the default registry where Docker looks for images. Docker registries also allow the creation of notifications based on events.

Tools

Docker Compose is a tool for defining and running multi-container Docker applications. It uses YAML files to configure the application's services and performs the creation and start-up process of all the containers with a single command. The docker-compose CLI utility allows users to run commands on multiple containers at once, for example, building images, scaling containers, running containers that were stopped, and more. Commands related to image manipulation, or user-interactive options, are not relevant in Docker Compose because they address one container.[46] The docker-compose.yml file is used to define an application's services and includes various configuration options. For example, the build option defines configuration options such as the Dockerfile path, the command option allows one to override default Docker commands, and more. The first public beta version of Docker Compose (version 0.0.1) was released on December 21, 2013. The first production-ready version (1.0) was made available on October 16, 2014.

Docker Swarm provides native clustering functionality for Docker containers, which turns a group of Docker engines into a single virtual Docker engine. In Docker 1.12 and higher, Swarm mode is integrated with Docker Engine. The docker swarm CLI utility allows users to run Swarm containers, create discovery tokens, list nodes in the cluster, and more. The docker node CLI utility allows users to run various commands to manage nodes in a swarm, for example, listing the nodes in a swarm, updating nodes, and removing nodes from the swarm. Docker manages swarms using the Raft Consensus Algorithm. According to Raft, for an update to be performed, the majority of Swarm nodes need to agree on the update

Docker and security

Docker brings security to applications running in a shared environment, but containers by themselves are not an alternative to taking proper security measures.

Dan Walsh, a computer security leader best known for his work on SELinux, gives his perspective on the importance of making sure Docker containers are secure. He also provides a detailed breakdown of security features currently within Docker, and how they function.

Understanding containers

Containers can be thought of as necessitating three categories of software:

Builder: technology used to build a container.

Engine: technology used to run a container.

Orchestration: technology used to manage many containers.

One of the appeals of using containers is their ability to die gracefully and respawn upon demand. Whether a container’s demise is caused by a crash or because it’s simply no longer needed when server traffic is low, containers are cheap to start, and they’re designed to seamlessly appear and disappear. Because containers are meant to be ephemeral and to spawn new instances as often as required, it’s expected that monitoring and managing them is not done by a human in real-time, but is instead automated.

Linux containers have facilitated a massive shift in high-availability computing, and there are many toolsets out there to help you run services (or even your entire operating system) in containers. Docker is one option among many, as defined by Open Container Initiative (OCI), an industry standards organization meant to encourage innovation whilst avoiding the danger of vendor lock-in. Thanks to the OCI, you have a choice when choosing a container toolchain, including Docker, OKD, Podman, rkt, OpenShift, and others.

If you decide to run services in containers, then you probably need software designed to host and manage those containers. This is broadly known as container orchestration. The Kubernetes provides container orchestration for a variety of container runtimes.

References

  • Antonopoulos, N., Gillam, L. (ed.): Cloud Computing: Principles, Systems and Applications. Springer (2017).

  • Docker https://www.docker.com/

  • Ahmed, A., Pierre, G.: Docker Image Sharing in Distributed Fog Infrastructures. In: 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Sydney, Australia, pp. 135-142 (2019). doi: 10.1109/CloudCom.2019.00030

  • Leon, D.: A Lightweight Container Middleware for Edge Cloud Architectures. In: Buyya, R., Srirama, S.N. (ed.): Fog and Edge Computing: Principles and Paradigm, Wiley, pp.145-170. (2019).

  • Zhang, P., Zhou, M., Wang, X.: An Intelligent Optimization Method for Optimal Virtual Machine Allocation in Cloud Data Centers. IEEE Transactions on Automation Science and Engineering. pp. 1-11 (2020). doi: 10.1109/TASE.2020.2975225

  • Lingayat, A., Badre, R.R., Gupta, A.K.: Performance Evaluation for Deploying Docker Containers On Baremetal and Virtual Machine. In: 2018 3rd International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, pp. 1019-1023 (2018).


 

 

 

 

 

Please login to reply. Login

Reversion History

Loading...
No reversions found.