7. NAMESPACES VS. CGROUPS
7
Namespaces provide isolation:
•pid (processes)
•net (network interfaces,
routing...)
•ipc (System V IPC)
•mnt (mount points,
filesystems)
•uts (hostname)
•user (UIDs)
Control groups control resources:
•cpu (CPU shares)
•cpusets (limit processes to a
CPU)
•memory (swap, dirty pages)
•blockio (throttle reads/
writes)
•devices
•net_cls, net_prio: control
packet class and priority
26. apt-get apache2 sshd
$ apt-get install -y apache2 openssh-server vim
container container
$ docker diff <container_id>
C /var/log/faillog
C /var/log/lastlog
A /var/www
A /var/www/html
A /var/www/html/index.html
26
29. boot_run.sh
container script
$ /etc/boot_run.sh -d
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
29
30. container image
container
$ docker commit -m "Add apache2 and sshd ..." <container_id>
3d2d0c1af482a206abf8b581e4
P.S tag , kairen/apache:1.0.0
docker images <none> tag
REPOSITORY TAG
<none> <none>
docker tag
$ docker tag <image_id>
30
31. images
run image
$ docker run -d -p 8080:80 -p 10022:22 --name apache2 kairen/
apache2:1.0.0 /bin/sh -c "/etc/boot_run.sh -d"
P.S /etc/boot_run.sh -d script
port
$ docker port <container_id>
22/tcp -> 0.0.0.0:10022
80/tcp -> 0.0.0.0:8080
31