Back Home
apt install docker.io
Starting the Docker daemon
$ sudo systemctl start docker If we want Docker to start at boot, we should also: $ sudo systemctl enable docker
Add users to the docker group
$ sudo usermod -G docker <username> Done!
Note: for some reason I had link the device mapper library to get docker to work
sudo ln -s /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.03
[arun@localhost ~]$ sudo docker info 2014/12/22 11:19:38 Get http:///var/run/docker.sock/v1.15/info: dial unix /var/run/docker.sock: no such file or directory
Debugging revealed that Docker daemon was not running on this VM. It can be easily started as:
sudo systemctl start docker
And then enable it to start automatically with every restart of the VM as:
sudo systemctl enable docker
attach Attach to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders from a container's filesystem to the host path create Create a new container diff Inspect changes on a container's filesystem events Get real time events from the server exec Run a command in a running container export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container or image kill Kill a running container load Load an image from a tar archive login Register or log in to a Docker registry server logout Log out from a Docker registry server logs Fetch the logs of a container port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT pause Pause all processes within a container ps List containers pull Pull an image or a repository from a Docker registry server push Push an image or a repository to a Docker registry server rename Rename an existing container restart Restart a running container rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save an image to a tar archive search Search for an image on the Docker Hub start Start a stopped container stats Display a live stream of one or more containers' resource usage statistics stop Stop a running container tag Tag an image into a repository top Lookup the running processes of a container unpause Unpause a paused container version Show the Docker version information wait Block until a container stops, then print its exit code
Docker Containers vs Virtualization
Virtual Machines (VMs) | Containers |
---|---|
Represents hardware-level virtualization | Represents operating system virtualization |
Heavyweight | Lightweight |
Slow provisioning | Real-time provisioning and scalability |
Limited performance | Native performance |
Fully isolated and hence more secure | Process-level isolation and hence less secure |
Overview commands
docker version - provides the basic version command docker info - provides a more detailed info including storage drives
Search for docker images against the default catalog at docker hub https://hub.docker.com/
docker search <image name>
For example docker search nginx
docker pull
docker run
Note: Google Container Registry and recommend using it instead of google/docker-registry. Google Container Registry is a private Docker registry running on Google Cloud Storage.
Portainer(formerly UI for Docker) is a free open-source web application that runs as a container itself. You can install and start it with:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer
The -v flag isn’t mentioned by default, but you will need it to manage any local Docker containers. After creating a password and selecting the Docker instance to manage, you’re up and running
Seems to be a bit complex in Windows but from a git bash console the following works
winpty docker exec -it --user root production_grafana_1 bash
Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.
Steps to sign an image
docker trust key generate
Note: Docker enterprise is able to create a root key and delegate keys
Note2: you can load an existing key
docker trust key load key.pem --name jeff
docker trust sign dtr.example.com/admin/demo:1
For consumers, inspect the image:
docker trust inspect
Enterprise Engine 18.09 or newer. Docker can enforce only run signed images.
Related the DockerFile has a “LABEL” command
LABEL <key>=<value> <key>=<value> <key>=<value> ... <code> e.g <code> LABEL "com.example.vendor"="ACME Incorporated" LABEL com.example.label-with-value="foo" LABEL version="1.0" LABEL description="This text illustrates \ that label-values can span multiple lines."
e.g
LABEL maintainer="SvenDowideit@home.org.au"
There is a opensource application that solves this issue, it's called DNS Proxy Server
It's a DNS server that solves containers hostnames, if could not found a hostname that matches then solve it from internet as well
Start the DNS Server
$ docker run --hostname dns.mageddo --name dns-proxy-server -p 5380:5380 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /etc/resolv.conf:/etc/resolv.conf \ defreitas/dns-proxy-server
It will set as your default DNS automatically (and recover to the original when stops)
Start your container for test
docker-compose up docker-compose.yml
version: '2' services: redis: container_name: redis image: redis:2.8 hostname: redis.dev.intranet network_mode: bridge # that way he can solve others containers names even inside, solve elasticsearch, for example elasticsearch: container_name: elasticsearch image: elasticsearch:2.2 hostname: elasticsearch.dev.intranet
Now solve your containers hostnames from host
$ nslookup redis.dev.intranet Server: 172.17.0.2 Address: 172.17.0.2#53 Non-authoritative answer: Name: redis.dev.intranet Address: 172.21.0.3 from another container $ docker exec -it redis ping elasticsearch.dev.intranet PING elasticsearch.dev.intranet (172.21.0.2): 56 data bytes As well it solves internet hostnames $ nslookup google.com Server: 172.17.0.2 Address: 172.17.0.2#53 Non-authoritative answer: Name: google.com Address: 216.58.202.78
At Dockercon this summer Google's VP of Infrastructure at Google, Eric Brewer, announced Kubernetes, which provides a way to orchestrate a collection of Docker containers across a cluster of machines. It is essentially a scheduler, which means it handles running your containers and ensuring uptime, even in the event of losing machines.
We have seen rapid adoption and interest in Kubernetes that goes beyond the buzz around it being a Google cloud technology. There is a need for orchestration at the Operations level which Kubernetes addresses well. A manifest describing a collection of Docker images can be created and pushed into the cluster which automatically deploys and horizontally scales those containers. Kubernetes also provides a way to define a “service”, which can be consumed by other applications running in the cluster.
Hand-in-hand with Kubernetes, Eric Brewer also talked about containers and introduced the concept of “pods”. This is a key concept within Kubernetes. He said, “At Google we rarely deploy a single container.” Instead, they group containers together. For instance, an application process often has several side-car processes for logging and other tasks outside of the concern of the application itself.
One issue he noted with Docker containers is the need for constant mapping of internal and external ports - between what the process inside the Docker container sees and what the external world sees. This is an additional layer of complexity that needs to be managed, stored and queried - even between the containers of a pod that has been deployed as a single unit. Therefore, at Google, they ensure that every pod of containers has its own IP address. This means the ports used can be the same inside and outside of a container. The ports can be baked in at design or build time. This does away with the additional layer of complexity of managing port. Now, to find pods running a particular service, you only need the list of IP addresses of those pods.
Google Compute Engine is currently the only cloud infrastructure service that facilitates assigning an IP subnet to a virtual machine - and hence an IP to each Docker pod within it.
CoreOS, who are actively involved with Kubernetes, have attempted to solve this problem with something they call Flannel (previously named Rudder). Flannel provides an overlay network on-top of the provided network, which allows for assigning an IP subnet to each machine. There is a performance cost to doing this, but they hope that this will be engineered away as Flannel evolves.
Recently, Microsoft joined the Docker bandwagon, saying they intended to build a containerization solution for Windows and provide a Docker compatible API on-top of this. Although, Docker images will unlikely ever be portable between Linux and Windows containers, it does mean that the tooling being built above the Docker API layer will be usable across these operating systems.
Large enterprises are heavily invested in Windows, so this announcement is a major win for the IT departments wanting to steer their ship in the direction of Docker adoption.
Custom docker files can be specified in a Docker (no extension) file. To create a docker image from ubuntu with java do the following.
Create a folder (ubuntJava) with the following Docker file in it:
FROM ubuntu:16.04 MAINTAINER Richard Donovan, https://github.com/newgeekorder RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y software-properties-common && \ add-apt-repository ppa:webupd8team/java -y && \ apt-get update && \ echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \ apt-get install -y oracle-java8-installer && \ apt-get clean
Then when inside the same directory build he docker file and we can optionally tag with -t
docker build -t ubuntu_java .
List the tagged docker images
docker images
that show show the ubuntu_java
and run the new image as normal
winpty docker run -it ubuntu_java bash
To list the running instances
docker ps
to connect to a running instance
docker exec -i -t 98ccf1fb2ebc bash
for windows consoles one needs to add winpty to the front of the command.
Rancher is a tool for managing docker instances .. it can be run as it's own docker instance
docker run -d --restart=unless-stopped -p 8080:8080 rancher/server
Add an ip key to local security
2. Adding a Host For linux/Ubuntu host it is (currently) required to
udo docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.5 http://192.168.0.16:8080/v1/scripts/686421D9068F70315452:1483142400000:BmCMaiY3hETCs60GLh9UozwkDfU
Docker registry that makes deployments faster and more secure!”
Windows git has a funny means to mount directories:
winpty docker run -p 9000:9000 -v //c/Users/rdono/dockerShare:/opt/mule/apps2 -it ubuntu_java_mule bash
using this for mule we can start mule with mule & and copy apps to the deploy directory
cp /opt/mule/apps2/testGradle.zip /opt/mule/apps