Docker 是一個開源的輕量級容器項目,用於讓你的應用在它上面打包、集裝和運行。
Docker 運行的環境既包含未知硬件也包含未知操做系統。這句話的意思是它能夠運行在任何地方,小到你的筆記本大到一個大型的雲計算實體,除此以外也不須要你掌握或用到任何特定的開發語言、框架或者打包系統。這使得他們可以在不依賴任何特定堆棧或者提供者的狀況下部署可擴展的web應用程序、數據庫或者後臺服務。
Docker 的前身是dotCloud旗下的一款開源的部署引擎的實現,一款很受歡迎接口服務平臺。它成功直接收益於積累了多年的大規模操做和支持數十萬應用程序和數據庫
安全披露
安全對咱們來講是很是重要的。若是你遇到任何問題涉及到安全,請負責任的披露這些信息到郵箱:security@docker.com,請不要在GitHub建立問題。
比虛擬機更強
一個共同的方法是用虛擬機去構建應用程序和沙箱環境去運行驗證。典型的虛擬機格式是VMware的VMDK,Oracle VirtualBox的VDI,和亞馬遜的EC2 AMI。從理論上講,這些格式須要容許每個開發者將他們的應用程序自動打包成一個「machine」,以便分發和部署;實際狀況是,有一些因數讓這幾乎不會實現:
一、大小:VMs很是大,這使得它沒法方便存儲和傳輸。
二、性能:運行VMs會消耗大量的CPU和內存,這使得它在一些狀況下變得不切實際,例如本地部署大量機器來開發多層應用程序或大規模部署CPU和內存密集型應用程序。
三、可移植性:處於競爭關係的VM環境不會很好的兼容彼此。即便轉換工具存在,他們也會收到一些限制,而且會增長額外開銷。
四、硬件中心:VMs設計之初更多的考慮操做系統層面,並非軟件開發層面。所以,他們提供了極少的、用於建立、測試、運行開發軟件的工具給開發人員。舉個例子,VMs 沒有提供設施和工具用於應用程序版本控制,監控、配置、日誌和服務發現。
經過對比,Docker經過依賴不一樣的沙箱方法來實現集裝箱。不像傳統的虛擬化,集裝箱在內核級運行,大多數現代操做系統內核如今支持必要的集裝箱的原語,這些操做系統包括Linux 的 openvz,vserver 和最近的 lxc,Solaris 的 zones,和 FreeBSD的jails.
Docker基於這些低級原語爲開發人員提供了一個便攜式的格式和運行環境,解決了四個問題。並且Docker容器很小(他們的傳輸能夠在層級間優化),它在內存和CPU上的開銷幾乎爲0,它是徹底便攜式,而且基於應用程序爲中心的設計。
或許它是最好的,由於Docker運行在操做系統層,它也能夠運行在VM中!
和其餘玩的很好
Docker不要求你購買到一個特定的編程語言,框架,包裝系統,或配置語言。
是一個UNIX進程申請的?它使用文件、TCP鏈接、環境變量、標準UNIX流和命令行參數做爲輸入和輸出?而後Docker能夠運行它。
您的應用程序的構建能夠被表示爲這樣的命令序列嗎?而後Docker能夠建造它。
從依賴的地獄中逃脫
一個常見的問題是開發人員很難在一個簡單而自動化的方式下管理他們的應用程序的依賴關係。
一般狀況下這些困難是由一下幾方面緣由致使的:
一、跨平臺依賴。現代應用程序一般依賴於一個組合的系統庫和二進制文件,特定的語言包,框架的具體模塊,內部組件開發也開發過另外一個項目等。這些依賴關係,存活在不一樣的「世界」,須要不一樣的工具,這些工具一般相互配合不是很好,須要尷尬的定製集成。
二、相互依賴。不一樣的應用程序可能依賴於同一依賴的不一樣版本。包裝工具處理這些狀況有不一樣程度的緩解-但他們都處理他們在不一樣的和不兼容的方式,這又迫使開發人員作額外的工做。
三、自定義依賴項。開發人員可能須要準備一個自定義版本的應用程序的依賴。一些包裝系統能夠處理自定義版本的依賴,其餘都不能作,而且他全部處理的自定義版本依賴也很困難。
Docker給開發者一個簡單的方法來在一個地方表達本身全部的應用程序的依賴關係解決相依性地獄的問題,同時簡化組裝過程。若是這讓你以爲XKCD 927,別擔憂。Docker不會取代你最喜歡的包裝系統。它只是協調他們的使用在一個簡單的和可重複的方式。它是怎麼作到的?在層級間嗎。
Docker定義創建運行一系列的UNIX命令,一前一後,在同一個容器。生成命令修改容器的內容(一般是在文件系統上安裝新文件),下一個命令會對它進行一些修改,等等。由於每一個生成命令繼承了之前命令的結果,命令執行的順序表示依賴關係。python
下面是一個典型的Docker創建過程:
FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
RUN cd helloflask-master && pip install -r requirements.txtios
注意,Docker不關心依賴是怎麼創建的-只要他們建造能夠運行在容器中的UNIX命令。git
原文github
Docker is an open source project to pack, ship and run any application as a lightweight container.web
Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider.docker
Docker began as an open-source implementation of the deployment engine which powered dotCloud, a popular Platform-as-a-Service. It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases.shell
Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security@docker.com and not by creating a GitHub issue.數據庫
A common method for distributing applications and sandboxing their execution is to use virtual machines, or VMs. Typical VM formats are VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never happens, for a few reasons:express
By contrast, Docker relies on a different sandboxing method known as containerization. Unlike traditional virtualization, containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary for containerization, including Linux with openvz, vserver and more recently lxc, Solaris with zones, and FreeBSD with Jails.編程
Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves all four problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead, they are completely portable, and are designed from the ground up with an application-centric design.
Perhaps best of all, because Docker operates at the OS level, it can still be run inside a VM!
Docker does not require you to buy into a particular programming language, framework, packaging system, or configuration language.
Is your application a Unix process? Does it use files, tcp connections, environment variables, standard Unix streams and command-line arguments as inputs and outputs? Then Docker can run it.
Can your application's build be expressed as a sequence of such commands? Then Docker can build it.
A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.
This is usually difficult for several reasons:
Cross-platform dependencies. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules, internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work well with each other, requiring awkward custom integrations.
Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease - but they all handle them in different and incompatible ways, which again forces the developer to do extra work.
Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency, others can't - and all of them handle it differently.
Docker solves the problem of dependency hell by giving the developer a simple way to express all their application's dependencies in one place, while streamlining the process of assembling them. If this makes you think of XKCD 927, don't worry. Docker doesn't replace your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.
Docker defines a build as running a sequence of Unix commands, one after the other, in the same container. Build commands modify the contents of the container (usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous commands, the order in which the commands are executed expresses dependencies.
Here's a typical Docker build process:
FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv RUN cd helloflask-master && pip install -r requirements.txt
Note that Docker doesn't care how dependencies are built - as long as they can be built by running a Unix command in a container.