Back Home

Docker Install

apt install docker.io 

Starting the Docker daemon

$ sudo systemctl start docker
If we want Docker to start at boot, we should also:

$ sudo systemctl enable docker

Add users to the docker group

$ sudo usermod -G docker <username>
Done!

Note: for some reason I had link the device mapper library to get docker to work

sudo ln -s /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.03

Open Suse Server Docker

 
[arun@localhost ~]$ sudo docker info
2014/12/22 11:19:38 Get http:///var/run/docker.sock/v1.15/info: dial unix /var/run/docker.sock: no such file or directory

Debugging revealed that Docker daemon was not running on this VM. It can be easily started as:

 
sudo systemctl start docker

And then enable it to start automatically with every restart of the VM as:

sudo systemctl enable docker

Docker for Windows

Docker Command Overview

  attach    Attach to a running container
    build     Build an image from a Dockerfile
    commit    Create a new image from a container's changes
    cp        Copy files/folders from a container's filesystem to the host path
    create    Create a new container
    diff      Inspect changes on a container's filesystem
    events    Get real time events from the server
    exec      Run a command in a running container
    export    Stream the contents of a container as a tar archive
    history   Show the history of an image
    images    List images
    import    Create a new filesystem image from the contents of a tarball
    info      Display system-wide information
    inspect   Return low-level information on a container or image
    kill      Kill a running container
    load      Load an image from a tar archive
    login     Register or log in to a Docker registry server
    logout    Log out from a Docker registry server
    logs      Fetch the logs of a container
    port      Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
    pause     Pause all processes within a container
    ps        List containers
    pull      Pull an image or a repository from a Docker registry server
    push      Push an image or a repository to a Docker registry server
    rename    Rename an existing container
    restart   Restart a running container
    rm        Remove one or more containers
    rmi       Remove one or more images
    run       Run a command in a new container
    save      Save an image to a tar archive
    search    Search for an image on the Docker Hub
    start     Start a stopped container
    stats     Display a live stream of one or more containers' resource usage statistics
    stop      Stop a running container
    tag       Tag an image into a repository
    top       Lookup the running processes of a container
    unpause   Unpause a paused container
    version   Show the Docker version information
    wait      Block until a container stops, then print its exit code

Docker Basics

Docker Containers vs Virtualization

Virtual Machines (VMs) Containers
Represents hardware-level virtualization Represents operating system virtualization
Heavyweight Lightweight
Slow provisioning Real-time provisioning and scalability
Limited performance Native performance
Fully isolated and hence more secure Process-level isolation and hence less secure

Overview commands

docker version  - provides the basic version command 
docker info - provides a more detailed info including storage drives

Docker Search, Pull and Run

Search for docker images against the default catalog at docker hub https://hub.docker.com/

 
docker search <image name>

For example docker search nginx

docker pull
docker run
  • Create an image using Dockerfile best practices
  • Use volumes in the application development process
  • Apply concepts of the Docker networking model
  • Understand the goal of services as a method of scaling containers
  • Utilize two different orchestrators (Swarm and Kubernetes) to deploy a single application across multiple machines
  • Create a secret and understand its accessibility capabilities

Networking and Linking Docker

Docker Security

Docker Catalog Management

Note: Google Container Registry and recommend using it instead of google/docker-registry. Google Container Registry is a private Docker registry running on Google Cloud Storage.

Docker Back and Restore

Docker Best Practice

  • Building small containers

Docker Management Tools

Portainer(formerly UI for Docker) is a free open-source web application that runs as a container itself. You can install and start it with:

docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

The -v flag isn’t mentioned by default, but you will need it to manage any local Docker containers. After creating a password and selecting the Docker instance to manage, you’re up and running

Connect to Docker on Windows

Seems to be a bit complex in Windows but from a git bash console the following works

 winpty docker exec -it --user root production_grafana_1 bash

Docker Content Trust (DCT)

Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.

  • Image publishers can sign images
  • Image consumers can ensure their images are signed

Steps to sign an image

  • 1 - create a key
docker trust key generate

Note: Docker enterprise is able to create a root key and delegate keys
Note2: you can load an existing key

docker trust key load key.pem --name jeff
  • 2 Sign an image
docker trust sign dtr.example.com/admin/demo:1

For consumers, inspect the image:

 docker trust inspect

Enterprise Engine 18.09 or newer. Docker can enforce only run signed images.

Adding Meta Data

Related the DockerFile has a “LABEL” command

LABEL <key>=<value> <key>=<value> <key>=<value> ...
<code>

e.g 
<code>
LABEL "com.example.vendor"="ACME Incorporated"
LABEL com.example.label-with-value="foo"
LABEL version="1.0"
LABEL description="This text illustrates \
that label-values can span multiple lines."

e.g

LABEL maintainer="SvenDowideit@home.org.au"

Running a local DNS

There is a opensource application that solves this issue, it's called DNS Proxy Server

It's a DNS server that solves containers hostnames, if could not found a hostname that matches then solve it from internet as well

Start the DNS Server

$ docker run --hostname dns.mageddo --name dns-proxy-server -p 5380:5380 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf \
defreitas/dns-proxy-server

It will set as your default DNS automatically (and recover to the original when stops)

Start your container for test

docker-compose up docker-compose.yml

version: '2'
services:
  redis:
    container_name: redis
    image: redis:2.8
    hostname: redis.dev.intranet
    network_mode: bridge # that way he can solve others containers names even inside, solve elasticsearch, for example
  elasticsearch:
    container_name: elasticsearch
    image: elasticsearch:2.2
    hostname: elasticsearch.dev.intranet

Now solve your containers hostnames from host

$ nslookup redis.dev.intranet
Server:     172.17.0.2
Address:    172.17.0.2#53

Non-authoritative answer:
Name:   redis.dev.intranet
Address: 172.21.0.3
from another container

$ docker exec -it redis ping elasticsearch.dev.intranet
PING elasticsearch.dev.intranet (172.21.0.2): 56 data bytes
As well it solves internet hostnames

$ nslookup google.com
Server:     172.17.0.2
Address:    172.17.0.2#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.202.78

Pod Tech

Kubernetes

At Dockercon this summer Google's VP of Infrastructure at Google, Eric Brewer, announced Kubernetes, which provides a way to orchestrate a collection of Docker containers across a cluster of machines. It is essentially a scheduler, which means it handles running your containers and ensuring uptime, even in the event of losing machines.

We have seen rapid adoption and interest in Kubernetes that goes beyond the buzz around it being a Google cloud technology. There is a need for orchestration at the Operations level which Kubernetes addresses well. A manifest describing a collection of Docker images can be created and pushed into the cluster which automatically deploys and horizontally scales those containers. Kubernetes also provides a way to define a “service”, which can be consumed by other applications running in the cluster.

Docker Pods

Hand-in-hand with Kubernetes, Eric Brewer also talked about containers and introduced the concept of “pods”. This is a key concept within Kubernetes. He said, “At Google we rarely deploy a single container.” Instead, they group containers together. For instance, an application process often has several side-car processes for logging and other tasks outside of the concern of the application itself.

One issue he noted with Docker containers is the need for constant mapping of internal and external ports - between what the process inside the Docker container sees and what the external world sees. This is an additional layer of complexity that needs to be managed, stored and queried - even between the containers of a pod that has been deployed as a single unit. Therefore, at Google, they ensure that every pod of containers has its own IP address. This means the ports used can be the same inside and outside of a container. The ports can be baked in at design or build time. This does away with the additional layer of complexity of managing port. Now, to find pods running a particular service, you only need the list of IP addresses of those pods.

Google Compute Engine is currently the only cloud infrastructure service that facilitates assigning an IP subnet to a virtual machine - and hence an IP to each Docker pod within it.

Flannel

CoreOS, who are actively involved with Kubernetes, have attempted to solve this problem with something they call Flannel (previously named Rudder). Flannel provides an overlay network on-top of the provided network, which allows for assigning an IP subnet to each machine. There is a performance cost to doing this, but they hope that this will be engineered away as Flannel evolves.

Docker For Windows

Recently, Microsoft joined the Docker bandwagon, saying they intended to build a containerization solution for Windows and provide a Docker compatible API on-top of this. Although, Docker images will unlikely ever be portable between Linux and Windows containers, it does mean that the tooling being built above the Docker API layer will be usable across these operating systems.

Large enterprises are heavily invested in Windows, so this announcement is a major win for the IT departments wanting to steer their ship in the direction of Docker adoption.

Monitoring

Operating System Cores

  • smartos Solaris based with ZFS, DTrace, Zones and KVM.
  • java:alpine - This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

Creating a custom Image - e.g. Ubuntu with Java

Custom docker files can be specified in a Docker (no extension) file. To create a docker image from ubuntu with java do the following.

Create a folder (ubuntJava) with the following Docker file in it:

FROM ubuntu:16.04
MAINTAINER Richard Donovan, https://github.com/newgeekorder
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y  software-properties-common && \
    add-apt-repository ppa:webupd8team/java -y && \
    apt-get update && \
     echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \
    apt-get install -y oracle-java8-installer && \
    apt-get clean

Then when inside the same directory build he docker file and we can optionally tag with -t

docker build -t ubuntu_java .

List the tagged docker images

docker images

that show show the ubuntu_java

and run the new image as normal

 winpty docker run -it ubuntu_java bash

Connect to a Running Instance

To list the running instances

docker ps

to connect to a running instance

docker exec -i -t 98ccf1fb2ebc bash

for windows consoles one needs to add winpty to the front of the command.

Rancher

Rancher is a tool for managing docker instances .. it can be run as it's own docker instance

docker run -d --restart=unless-stopped -p 8080:8080 rancher/server

Add an ip key to local security

2. Adding a Host For linux/Ubuntu host it is (currently) required to

  • go to admin→settings and add the actual ip addres
  • then infastructure→hosts to add the local machine as a host (using the static ip address) that will generate a code like
udo docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.5 http://192.168.0.16:8080/v1/scripts/686421D9068F70315452:1483142400000:BmCMaiY3hETCs60GLh9UozwkDfU

Rancher Command line

  • Rancher-Gen is a Python utility that listens for service changes in Rancher and renders a user-specified Jinja2 template. This allows a user to generate configuration files for existing services based on those changes. In addition, it provides a mechanism to run a notification command after the template has been rendered.
  • Nodejs rancher-cli

Misc

Other Tools

Docker registry that makes deployments faster and more secure!”

Volumes

Windows git has a funny means to mount directories:

winpty docker run  -p 9000:9000 -v //c/Users/rdono/dockerShare:/opt/mule/apps2 -it ubuntu_java_mule bash

using this for mule we can start mule with mule & and copy apps to the deploy directory

cp /opt/mule/apps2/testGradle.zip /opt/mule/apps
 
virtualization.txt · Last modified: 2019/11/18 05:06 by root
 
RSS - 200 © CrosswireDigitialMedia Ltd