Docker: Difference between revisions
From charlesreid1
| Line 207: | Line 207: | ||
==Using Docker: Diving Deeper== | ==Using Docker: Diving Deeper== | ||
See [[Docker/Basics]] | See [[Docker/Basics]] for more on that docker run command. | ||
=Docker Hub= | =Docker Hub= | ||
Revision as of 05:36, 24 March 2017
Overview
What is Docker
Docker is a way of deploying apps on servers. It packages apps into side-by-side containers. These are similar in spirit to virtual machines, but different because containers are not (or, don't have to be) fully bundled operating systems. The container system makes sure everything runs the same everywhere.
It's like Homebrew or Aptitude for apps.
Installing
Docker has great documentation on getting up and running: https://docs.docker.com/
Docker also provides several examples of docker-izing an app: https://docs.docker.com/engine/examples/
Ubuntu Linux
You can get docker running on many virtual hosting services.
Linode supports docker: https://blog.linode.com/2014/01/03/docker-on-linode/
They offer installation guides for different distributions: https://docs.docker.com/engine/installation/linux/#install-using-the-repository
Guide to installing Docker on Ubuntu Linux: https://docs.docker.com/engine/installation/linux/ubuntulinux/
Start by setting up Docker's repositories:
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
Add Docker's GPG key:
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Verify fingerprint starts with 9DC8:
$ sudo apt-key fingerprint 0EBFCD88
Set up the stable repository:
$ sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable"
Install docker by updating package index and running install:
$ sudo apt-get update $ sudo apt-get install docker-ce
Test it out:
$ sudo docker run hello-world
Errors
When I added Docker's repos to my aptitude following the instructions above, I kept seeing 403 errors from docker's repo when I ran apt-get update:
sudo apt-get update ... W: Failed to fetch https://download.docker.com/linux/ubuntu/dists/wily/stable/binary-amd64/Packages HttpError403
Yuck. Others have had this issue too. [1]
Resolving
Resolved the problem by visiting their apt repos with a browser and manually downloading/installing the .deb file.
Start with the name of your release:
$ lsb_release -c Codename: wily
Now navigate to their aptitude repositories in your browser: https://apt.dockerproject.org/repo/pool/main/d/docker-engine/
Find the deb file that corresponds to your install and copy the link.
$ wget <link to .deb file>
Now you can install it (you probably need to be sudo):
$ dpkg -i docker-engine_1.9.1-0~wily_amd64.deb Selecting previously unselected package docker-engine. (Reading database ... 142272 files and directories currently installed.) Preparing to unpack docker-engine_1.9.1-0~wily_amd64.deb ... Unpacking docker-engine (1.9.1-0~wily) ... Setting up docker-engine (1.9.1-0~wily) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for systemd (225-1ubuntu9.1) ... Processing triggers for man-db (2.7.4-1) ...
Mac
You can run docker on Mac: https://docs.docker.com/docker-for-mac/
Docker on Linux Without Sudo
To modify Docker so it runs on Linux without requiring the use of the sudo command, create a docker group:
groupadd docker usermod -a -G docker username
That's it - boom - you should be able to run the docker hello world without sudo:
$ docker hello-world # look ma, no sudo
Up and Running
post installation info: https://docs.docker.com/engine/installation/linux/linux-postinstall/#upstart
Test
Test you are up and running with a working install of docker:
$ docker --version Docker version 17.03.0-ce, build 60ccb22 $ docker-compose --version docker-compose version 1.11.2, build dfed245 $ docker-machine --version docker-machine version 0.10.0, build 76ed2a6 $ docker version Client: Version: 1.9.1 API version: 1.21 Go version: go1.4.2 Git commit: a34a1d5 Built: Fri Nov 20 13:20:08 UTC 2015 OS/Arch: linux/amd64 Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Hello world
$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from hello-world
50a54e1f9180: Pull complete
7a5a2d73abce: Pull complete
Digest: sha256:7820f4620e6cf3e795643fac2f6b09e7fd0a29e7e5c4eee6aac9ba0bedca158c
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
web server
docker run -d -p 80:80 --name webserver nginx
Using Docker: Diving Deeper
See Docker/Basics for more on that docker run command.
Docker Hub
To use docker hub, visit https://hub.docker.com/
httpd repository: https://hub.docker.com/_/httpd/
Docker pull
The docker pull command will basically fetch the latest version of a particular docker image, without any modifications. (The alternative is to customize the image by creating a Dockerfile based on the Dockerfile contained on Docker hub.)
$ docker pull httpd latest: Pulling from httpd c1f98057d627: Pull complete c35ece8820ad: Pull complete eeeee05b2d97: Pull complete b356f7d0a4b0: Pull complete cff60f000364: Pull complete f66e93df25da: Pull complete 5aa754215a2b: Pull complete ed544656f0fa: Pull complete ffafc39cb69f: Pull complete 4c5d8313f629: Pull complete 55a6feaaae56: Pull complete c1aa308548aa: Pull complete 919bf0916a6a: Pull complete eb58b1ce0fcd: Pull complete ce15017ba45e: Pull complete 617bdb3e78f6: Pull complete 738ba280808d: Pull complete 017d0384902a: Pull complete d61c615e53ce: Pull complete Digest: sha256:a5b5747c921fdac4e53197d2624ddad22fa9a13dfe31b305273be5149882c3e9 Status: Downloaded newer image for httpd:latest
Can also pull other docker containers. Here is a shorter list of dependencies/layers:
$ docker pull debian latest: Pulling from debian 0aa3f9bb64ef: Pull complete c1f98057d627: Already exists Digest: sha256:fa8fd9718d2697730acc9a374dc2e1d54719177f474abbc8d5f74ebad5cb8a30 Status: Downloaded newer image for debian:latest
Docker images
To see the docker container images that are installed, use the docker images command:
$ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE httpd latest d61c615e53ce 2 days ago 176.9 MB debian latest 0aa3f9bb64ef 2 days ago 123.4 MB hello-world latest 7a5a2d73abce 9 weeks ago 1.84 kB
Running docker images
If you want to run one of the images, use the docker run command. Give the container a name, and tell it what image to use.
$ docker run --name test -it debian
This also connects a TTY console to the container, so you have a basic bash shell on the virtual machine that runs the container.
Docker Internals
One of the interesting things you can do is run Docker using the privileged flag, which basically gives Docker the same rights as root or as the user who ran Docker:
The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.
$ docker run -t -i --privileged ubuntu bash
Docker command line: https://docs.docker.com/engine/reference/commandline/cli/
Security Notes
Being in the docker group gives you serious root-level powers. Info about attack surface of Docker: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
Note that, as mentioned above, the --privileged flag allows Docker the same privileges as the user who ran the command.
References
Docker's documentation is excellent: https://docs.docker.com/
Docker command line: https://docs.docker.com/engine/reference/commandline/cli/#environment-variables
Docker run: https://docs.docker.com/engine/reference/commandline/run/#full-container-capabilities---privileged