Docker

From wiki.techunit.org
Jump to: navigation, search

Introduction

Aim of this page is to provide a simple guide to create, deploy and manage containers with docker.

  • Realized on Ubuntu 14.04.
  • docker version : 1.11.0

Install

Windows > 8.1 x64

  • Download & install Docker Toolbox
  • Will install following tools
    • Docker CLI client for running Docker Engine to create images and containers
    • Docker Machine so you can run Docker Engine commands from Windows terminals
    • Docker Compose for running the docker-compose command
    • Kitematic, the Docker GUI
    • The Docker QuickStart shell preconfigured for a Docker command-line environment
    • Oracle VM VirtualBox
    • Docker Client for Windows
    • Docker Toolbox management tool and ISO
    • Git MSYS-git UNIX tools

Ubuntu

aptitude update ; aptitude install apt-transport-https ca-certificates -y
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main" > /etc/apt/sources.list.d/docker.list
aptitude update 
aptitude install docker-engine linux-image-extra-$(uname -r) -y

Allow standard user to run docker

groupadd docker
usermod -aG docker userlogin
reboot
#Verify
docker run hello-world

Useful command lines

Image/repository management

#Search images
docker search debian
#download image
docker pull debian
#list pulled images
docker images
#rename repo
docker tag server:latest myname/server:latest
docker tag d583c3ac45fd myname/server:latest
#delete repo
docker rmi repo's_id_or_name

Container management

#Interactive shell
docker run -it debian /bin/bash
#Run CT in backgroud
docker run -dit debian/service
#Detach console 
CTRL P + CTRL Q
# Attach console
docker attach 6ef1f30efb6d
docker attach debian/apache2
# Run a shell in running CT
docker exec -it 6ef1f30efb6d bash
#List running containers
docker ps
#List all containers
docker ps -a
#Remove container
docker rm container_id
#Remove all containers
docker rm `docker ps -a -q`

Build image with bash

Download, run, apply modification in container

#Download image
docker pull debian
#Run image : share port 80
docker run -it -p 80:80 debian /bin/bash
#Install Apache2 into container
apt install apache2 -y
  • Now you can try to access to your docker host with your browser or use this command: curl http://127.0.0.1/

Detach container, commit modifications

  • To detach container, run CTRL P + CTRL Q
#Find container ID
docker ps
> 6ef1f30efb6d        debian      "bash"              19 seconds ago      Up 18 seconds       0.0.0.0:80->80/tcp   clever_murdock

#Commit changes
docker commit <id> <repo/name>
docker commit 6ef1f30efb6d debian/apache2
  • Attach container
docker attach 6ef1f30efb6d
docker attach debian/apache2

Dockerfile : build image

Simple example : image with apache installed and running

Create the Dockerfile for apache image

  • First create a directory
mkdir -p /path/to/dir
cd /path/to/dir
  • Edit a file named Dockerfile
FROM debian       # Use official image debian
RUN apt-get update \          # RUN commands in CT
   && apt-get upgrade -y \
   && apt-get install -y \
     apache2 \
     supervisor \
   && rm -rf /var/lib/apt/lists/* 
RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/log/supervisor
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf     # Copy local file to CT
EXPOSE 80      # indicates the ports on which a container will listen for connections
CMD ["/usr/bin/supervisord"]       # run the software contained by your image

Run apache through supervisord

  • Edit a file named supervisord.conf
[supervisord]
nodaemon=true

[program:apache2]
command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
  • Now your image is ready to be build

Build images : docker build

Basic build command

cd /path.to.dockerfile/dir
docker build -t debian/apache2 .

man docker build

Usage: docker build [OPTIONS] PATH | URL | -

Build a new image from the source code at PATH

  --build-arg=[]                  Set build-time variables
  --cpu-shares                    CPU Shares (relative weight)
  --cgroup-parent=""              Optional parent cgroup for the container
  --cpu-period=0                  Limit the CPU CFS (Completely Fair Scheduler) period
  --cpu-quota=0                   Limit the CPU CFS (Completely Fair Scheduler) quota
  --cpuset-cpus=""                CPUs in which to allow execution, e.g. `0-3`, `0,1`
  --cpuset-mems=""                MEMs in which to allow execution, e.g. `0-3`, `0,1`
  --disable-content-trust=true    Skip image verification
  -f, --file=""                   Name of the Dockerfile (Default is 'PATH/Dockerfile')
  --force-rm                      Always remove intermediate containers
  --help                          Print usage
  --isolation=""                  Container isolation technology
  --label=[]                      Set metadata for an image
  -m, --memory=""                 Memory limit for all build containers
  --memory-swap=""                A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap.
  --no-cache                      Do not use cache when building the image
  --pull                          Always attempt to pull a newer version of the image
  -q, --quiet                     Suppress the build output and print image ID on success
  --rm=true                       Remove intermediate containers after a successful build
  --shm-size=[]                   Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
  -t, --tag=[]                    Name and optionally a tag in the 'name:tag' format
  --ulimit=[]                     Ulimit options

docker run

Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.

basic run commands

#Open interactive shell in CT
docker run -it debian bash

#Run image in background
docker run -dit debian/apache

#Delete CT when exits (--rm)
docker run -t -i --rm ubuntu bash

#Full container capabilities (--privileged)
docker run -t -i --privileged ubuntu bash

Set working directory (-w /path/to/local/dir)
docker  run -w /path/to/dir/ -i -t  ubuntu pwd

#Mount local volume to CT (-v local:mountpoint)
docker  run  -v /path/to/local/dir:/path/to/mount/point -i -t  ubuntu

#Publish or expose port (-p, --expose)
docker run -p 127.0.0.1:80:8080 ubuntu bash
docker run --expose 80 ubuntu bash

man docker run

Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Run a command in a new container

  -a, --attach=[]               Attach to STDIN, STDOUT or STDERR
  --add-host=[]                 Add a custom host-to-IP mapping (host:ip)
  --blkio-weight=0              Block IO weight (relative weight)
  --blkio-weight-device=[]      Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`)
  --cpu-shares=0                CPU shares (relative weight)
  --cap-add=[]                  Add Linux capabilities
  --cap-drop=[]                 Drop Linux capabilities
  --cgroup-parent=""            Optional parent cgroup for the container
  --cidfile=""                  Write the container ID to the file
  --cpu-period=0                Limit CPU CFS (Completely Fair Scheduler) period
  --cpu-quota=0                 Limit CPU CFS (Completely Fair Scheduler) quota
  --cpuset-cpus=""              CPUs in which to allow execution (0-3, 0,1)
  --cpuset-mems=""              Memory nodes (MEMs) in which to allow execution (0-3, 0,1)
  -d, --detach                  Run container in background and print container ID
  --detach-keys                 Specify the escape key sequence used to detach a container
  --device=[]                   Add a host device to the container
  --device-read-bps=[]          Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb)
  --device-read-iops=[]         Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000)
  --device-write-bps=[]         Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb)
  --device-write-iops=[]        Limit write rate (IO per second) to a device (e.g., --device-write-bps=/dev/sda:1000)
  --disable-content-trust=true  Skip image verification
  --dns=[]                      Set custom DNS servers
  --dns-opt=[]                  Set custom DNS options
  --dns-search=[]               Set custom DNS search domains
  -e, --env=[]                  Set environment variables
  --entrypoint=""               Overwrite the default ENTRYPOINT of the image
  --env-file=[]                 Read in a file of environment variables
  --expose=[]                   Expose a port or a range of ports
  --group-add=[]                Add additional groups to run as
  -h, --hostname=""             Container host name
  --help                        Print usage
  -i, --interactive             Keep STDIN open even if not attached
  --ip=""                       Container IPv4 address (e.g. 172.30.100.104)
  --ip6=""                      Container IPv6 address (e.g. 2001:db8::33)
  --ipc=""                      IPC namespace to use
  --isolation=""                Container isolation technology
  --kernel-memory=""            Kernel memory limit
  -l, --label=[]                Set metadata on the container (e.g., --label=com.example.key=value)
  --label-file=[]               Read in a file of labels (EOL delimited)
  --link=[]                     Add link to another container
  --log-driver=""               Logging driver for container
  --log-opt=[]                  Log driver specific options
  -m, --memory=""               Memory limit
  --mac-address=""              Container MAC address (e.g. 92:d0:c6:0a:29:33)
  --memory-reservation=""       Memory soft limit
  --memory-swap=""              A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap.
  --memory-swappiness=""        Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
  --name=""                     Assign a name to the container
  --net="bridge"                Connect a container to a network
                                'bridge': create a network stack on the default Docker bridge
                                'none': no networking
                                'container:<name|id>': reuse another container's network stack
                                'host': use the Docker host network stack
                                '<network-name>|<network-id>': connect to a user-defined network
  --net-alias=[]                Add network-scoped alias for the container
  --oom-kill-disable            Whether to disable OOM Killer for the container or not
  --oom-score-adj=0             Tune the host's OOM preferences for containers (accepts -1000 to 1000)
  -P, --publish-all             Publish all exposed ports to random ports
  -p, --publish=[]              Publish a container's port(s) to the host
  --pid=""                      PID namespace to use
  --pids-limit=-1                Tune container pids limit (set -1 for unlimited), kernel >= 4.3
  --privileged                  Give extended privileges to this container
  --read-only                   Mount the container's root filesystem as read only
  --restart="no"                Restart policy (no, on-failure[:max-retry], always, unless-stopped)
  --rm                          Automatically remove the container when it exits
  --shm-size=[]                 Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.  Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`.
  --security-opt=[]             Security Options
  --sig-proxy=true              Proxy received signals to the process
  --stop-signal="SIGTERM"       Signal to stop a container
  -t, --tty                     Allocate a pseudo-TTY
  -u, --user=""                 Username or UID (format: <name|uid>[:<group|gid>])
  --userns=""                   Container user namespace
                                'host': Use the Docker host user namespace
                                '': Use the Docker daemon user namespace specified by `--userns-remap` option.
  --ulimit=[]                   Ulimit options
  --uts=""                      UTS namespace to use
  -v, --volume=[host-src:]container-dest[:<options>]
                                Bind mount a volume. The comma-delimited
                                `options` are [rw|ro], [z|Z],
                                [[r]shared|[r]slave|[r]private], and
                                [nocopy]. The 'host-src' is an absolute path
                                or a name value.
  --volume-driver=""            Container's volume driver
  --volumes-from=[]             Mount volumes from the specified container(s)
  -w, --workdir=""              Working directory inside the container

Sources

Useful links