This page (revision-52) was last changed on 23-Apr-2022 17:05 by Harry Metske

This page was created on 23-Apr-2022 17:05 by unknown

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
52 23-Apr-2022 17:05 49 KB Harry Metske to previous
51 23-Apr-2022 17:05 48 KB HarryMetske to previous | to last
50 23-Apr-2022 17:05 48 KB HarryMetske to previous | to last
49 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
48 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
47 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
46 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
45 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
44 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
43 23-Apr-2022 17:05 38 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 38 KB Harry Metske to previous | to last DOCKER_OPTS="-s devicemapper"
41 23-Apr-2022 17:05 38 KB HarryMetske to previous | to last

Page References

Incoming links Outgoing links
Docker
Docker

Version management

Difference between version and

At line 10 changed 13 lines
* [docker public registry|https://registry.hub.docker.com/] | [my jspwiki hub |https://registry.hub.docker.com/u/metskem/jspwiki/]
* [The 12factor app|http://12factor.net]
* [docker-registry|https://github.com/docker/docker-registry/]
* [docker-registry-ui|https://registry.hub.docker.com/u/atcol/docker-registry-ui/]
* VAMP [http://vamp.io] | [http://magnetic.io/vamp]
* [Consul|http://demo.consul.io]
* [Apache Mesos|http://mesos.apache.org/]
* [Atomic|http://www.projectatomic.io/]
* [OpenShift 3 Technical Architecture|https://docs.google.com/presentation/d/1Isp5UeQZTo3gh6e59FMYmMs_V9QIQeBelmbyHIJ1H_g/pub]
* [Java Application Servers are dead|http://jaxenter.com/java-application-servers-dead-112186.html]
* [HashiCorp Atlas|https://atlas.hashicorp.com/]
* [8 Docker questions|http://blog.xebialabs.com/2014/12/31/8-questions-need-ask-microservices-containers-docker-2015/]
* [docker-hosting-6-things-to-watch-out-for|https://medium.com/@phildougherty/docker-hosting-6-things-to-watch-out-for-80a70088c655]
* [docker public registry|https://registry.hub.docker.com/]
At line 12 added one line
Install with {{apt-get install docker.io}}. Beware that you need a 64bit version OS !
At line 25 removed one line
At line 28 removed 2 lines
Install with {{apt-get install docker.io}}. Beware that you need a 64bit version OS !
At line 191 removed 15 lines
! Host preparations
If you want to use data volumes, make sure you have the proper file context on the host datavolume directories (to prevent ''permission denied'' :
{{{
[root@vbox a]# semanage fcontext --add -t svirt_sandbox_file_t /var/jspwiki/a
[root@vbox a]# restorecon -vFr /var/jspwiki/a
restorecon reset /var/jspwiki/a context system_u:object_r:var_t:s0->system_u:object_r:svirt_sandbox_file_t:s0
[root@vbox a]# ls -lZ /var/jspwiki/
drwxrwxrwx. root root system_u:object_r:svirt_sandbox_file_t:s0 a
}}}
For the ''semanage'' command to become available, you might have to install it first with ''yum install policycoreutils-python'' .
! Other stuff
At line 195 added one line
!!! Docker management tools
At line 225 removed 748 lines
Create a docker file first in {{~/dockerfiles/java7/Dockerfile}} :
{{{
#
# Dockerfile with OpenJDK7 on top of CentoS 7
#
FROM dade6cb4530a
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN yum -y install java-1.7.0-openjdk
CMD /bin/bash
}}}
__docker build --tag=java7 --rm=true java7__
{{{
[root@localhost dockerfiles]# docker build --tag=java7 --rm=true java7
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM dade6cb4530a
---> dade6cb4530a
Step 1 : MAINTAINER Harry Metske <harry.metske@gmail.com>
---> Using cache
---> 359721211f5c
Step 2 : RUN yum -y install java-1.7.0-openjdk
---> Running in f21bde92b3d8
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirror.denit.net
* extras: mirror.widexs.nl
* updates: mirror.widexs.nl
Resolving Dependencies
--> Running transaction check
---> Package java-1.7.0-openjdk.x86_64 1:1.7.0.75-2.5.4.2.el7_0 will be installed
------- a lot of yum output --------
xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
Complete!
---> dee61328998e
Removing intermediate container f21bde92b3d8
Step 3 : CMD /bin/bash
---> Running in 45449ac928c8
---> e48c60e07bc1
Removing intermediate container 45449ac928c8
Successfully built e48c60e07bc1
}}}
__docker images__ again:
{{{
[root@localhost dockerfiles]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
java7 latest e48c60e07bc1 9 minutes ago 487.5 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
}}}
Now we have the first layer, CentOS with Java installed.
On top of that we want tomcat installed and make that a new build again with the following Dockerfile :
{{{
#
# Dockerfile for a running tomcat 8.0.18 on top OpenJDK7 on top of CentoS 7
# Also install tar, needed for unpacking the tomcat archive.
#
FROM e48c60e07bc1
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN yum -y install tar
RUN curl http://apache.proserve.nl/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18.tar.gz | gunzip | tar -x -C /usr/local
RUN cd /usr/local && ln -s apache-tomcat-8.0.18 tomcat
RUN rm -rf /usr/local/tomcat/bin/*.bat /usr/local/tomcat/webapps/examples /usr/local/tomcat/webapps/host-manager
#
# by default we start the Tomcat container when the docker container is started.
CMD /usr/local/tomcat/bin/catalina.sh run
}}}
__docker build --force-rm=true --tag=tomcat8 tomcat8__
%%collapsebox
build an image
{{{
[root@localhost dockerfiles]# docker build --force-rm=true --tag=tomcat8 tomcat8
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM e48c60e07bc1
---> e48c60e07bc1
Step 1 : MAINTAINER Harry Metske <harry.metske@gmail.com>
---> Running in af0b22f64d21
---> c63db74da65c
Removing intermediate container af0b22f64d21
Step 2 : RUN yum -y install tar
---> Running in feb87054efdd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.denit.net
* extras: mirror.widexs.nl
* updates: mirror.widexs.nl
Resolving Dependencies
--> Running transaction check
---> Package tar.x86_64 2:1.26-29.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
----- a lot of yum output ----
Running transaction
Installing : 2:tar-1.26-29.el7.x86_64 1/1
Verifying : 2:tar-1.26-29.el7.x86_64 1/1
Installed:
tar.x86_64 2:1.26-29.el7
Complete!
---> 3b2d250a33dc
Removing intermediate container feb87054efdd
Step 3 : RUN curl http://apache.proserve.nl/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18.tar.gz | gunzip | tar -x -C /usr/local
---> Running in 23ab3815b77e
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9053k 100 9053k 0 0 610k 0 0:00:14 0:00:14 --:--:-- 750k
---> e7f295ac6dc2
Removing intermediate container 23ab3815b77e
Step 4 : RUN cd /usr/local && ln -s apache-tomcat-8.0.18 tomcat
---> Running in 4b9e840d022d
---> be2444c2a7f1
Removing intermediate container 4b9e840d022d
Step 5 : RUN rm -f /usr/local/tomcat/bin/*.bat
---> Running in 4e3895b23dd7
---> 1690fcce7177
Removing intermediate container 4e3895b23dd7
Step 6 : CMD /usr/local/tomcat/bin/startup.sh
---> Running in baa7d280864e
---> f4af0b5bcc33
Removing intermediate container baa7d280864e
Successfully built f4af0b5bcc33
}}}
%%
__docker images__ again :
{{{
[root@localhost dockerfiles]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
tomcat8 latest f4af0b5bcc33 2 minutes ago 515.1 MB
java7 latest e48c60e07bc1 18 minutes ago 487.5 MB
<none> <none> c54971cf4c5c 34 minutes ago 502.7 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
}}}
(I made a few corrections to the dockerfile and rebuilt again, so the imageid has changed), but now we can run the container :
{{{
[root@localhost dockerfiles]# docker run -d 133f6647de58
ab3fcb88cb92d2136f8f9862176d129ad00cd121656fec7a0393b1873a45e2b4
[root@localhost dockerfiles]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab3fcb88cb92 tomcat8:latest "/bin/sh -c '/usr/lo 4 seconds ago Up 3 seconds clever_brattain
}}}
Now what is the IP address of this container , we can find that out by running a command in the already running container :
{{{
[root@localhost dockerfiles]# docker exec -t ab3fcb88cb92 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
48: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:42:ac:11:00:18 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.24/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:18/64 scope link
valid_lft forever preferred_lft forever
}}}
I cannot get to that IP address, so we stop the container and restart it with port mapping again :
{{{
[root@localhost ~]# docker stop ab3fcb88cb92
ab3fcb88cb92
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run -d --publish=80:8080 133f6647de58
42aabfe7d36475eaa46fe84b65b0a62f628bc721d8b2feefdc06fcdcf7dc3949
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 8 seconds ago Up 7 seconds 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]#
}}}
Now we can run more of those containers :
{{{
[root@localhost ~]# docker run -d --publish=81:8080 133f6647de58
57ff21dc902d6ad0bb43b722e256d80d417adebbadbf03117363aa51f58b474c
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57ff21dc902d tomcat8:latest "/bin/sh -c '/usr/lo 5 seconds ago Up 4 seconds 0.0.0.0:81->8080/tcp mad_babbage
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 5 minutes ago Up 5 minutes 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]# docker run -d --publish=82:8080 133f6647de58
a126abaec6fb5cac39a7c832b11b290ce01d06d8ba5f01b14d344951316dab6e
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a126abaec6fb tomcat8:latest "/bin/sh -c '/usr/lo 36 seconds ago Up 35 seconds 0.0.0.0:82->8080/tcp hopeful_blackwell
57ff21dc902d tomcat8:latest "/bin/sh -c '/usr/lo 49 seconds ago Up 48 seconds 0.0.0.0:81->8080/tcp mad_babbage
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 5 minutes ago Up 5 minutes 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]#
}}}
__Cleaning up containers__
%%collapsebox
Container cleanup
{{{
[root@vbox dockerfiles]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
294851829c28 f4af0b5bcc33 "/bin/bash" About an hour ago Exited (0) 59 minutes ago mad_pasteur
78663028cc2c f4af0b5bcc33 "/bin/sh -c /usr/loc About an hour ago Exited (0) About an hour ago elegant_kirch
3ba4c33febdf f4af0b5bcc33 "/bin/sh -c /usr/loc About an hour ago Exited (0) About an hour ago stoic_bohr
f62ab5413811 java7:latest "/bin/sh -c /bin/bas About an hour ago Exited (0) About an hour ago determined_kowalevski
7b63e6229cb5 centos:7 "/bin/bash" About an hour ago Exited (1) About an hour ago suspicious_colden
a854fcf6b129 centos:7 "/bin/bash" About an hour ago Exited (127) About an hour ago goofy_pare
74fceed71f43 centos:7 "/bin/bash" About an hour ago Exited (-1) 5 seconds ago sleepy_heisenberg
9f64f577b539 921b3c87dbfa "/bin/sh -c 'wget -O About an hour ago Exited (127) About an hour ago jolly_franklin
8225cac14ed2 359721211f5c "/bin/sh -c 'apt-get About an hour ago Exited (127) About an hour ago insane_rosalind
33a40d5ed490 centos:7 "/bin/bash" 2 hours ago Exited (0) 2 hours ago stoic_nobel
2cc4d23eefc9 centos:7 "/bin/bash" 2 hours ago Exited (0) 2 hours ago evil_stallman
[root@vbox dockerfiles]# du -cms /var/lib/docker/*
1 /var/lib/docker/containers
1459 /var/lib/docker/devicemapper
1 /var/lib/docker/execdriver
1 /var/lib/docker/graph
7 /var/lib/docker/init
1 /var/lib/docker/linkgraph.db
1 /var/lib/docker/repositories-devicemapper
0 /var/lib/docker/tmp
1 /var/lib/docker/trust
0 /var/lib/docker/volumes
1466 total
[root@vbox dockerfiles]# docker ps -a -q
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker stop $(docker ps -a -q)
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker rm $(docker ps -a -q)
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@vbox dockerfiles]#
[root@vbox dockerfiles]# du -cms /var/lib/docker/*
0 /var/lib/docker/containers
1156 /var/lib/docker/devicemapper
0 /var/lib/docker/execdriver
1 /var/lib/docker/graph
7 /var/lib/docker/init
1 /var/lib/docker/linkgraph.db
1 /var/lib/docker/repositories-devicemapper
0 /var/lib/docker/tmp
1 /var/lib/docker/trust
0 /var/lib/docker/volumes
1163 total
}}}
%%
__VOLUME usage__
I added {{VOLUME /usr/local/tomcat/logs}} to the Dockerfile and build a new image.\\
When running an __INSPECT__ you can see where the volume is mapped :
%%collapsebox
VOLUME usage
{{{
[root@vbox dockerfiles]# docker inspect c6abceb6a4a2
[{
"AppArmorProfile": "",
"Args": [
"-c",
"/usr/local/tomcat/bin/catalina.sh run"
],
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh",
"-c",
"/usr/local/tomcat/bin/catalina.sh run"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": {
"8080/tcp": {}
},
"Hostname": "c6abceb6a4a2",
"Image": "81d236795c31",
"Memory": 268435456,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "tomcat",
"Volumes": {
"/usr/local/tomcat/logs": {}
},
"WorkingDir": ""
},
"Created": "2015-02-25T18:35:54.49438532Z",
"Driver": "devicemapper",
"ExecDriver": "native-0.2",
"HostConfig": {
"Binds": null,
"CapAdd": null,
"CapDrop": null,
"ContainerIDFile": "",
"Devices": [],
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"Links": null,
"LxcConf": [],
"NetworkMode": "bridge",
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
]
},
"Privileged": false,
"PublishAllPorts": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": ""
},
"SecurityOpt": null,
"VolumesFrom": null
},
"HostnamePath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/hostname",
"HostsPath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/hosts",
"Id": "c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35",
"Image": "81d236795c31d782a2ea81f73af1b33736ef279430c0815f008525233e22c77d",
"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c936,c992",
"Name": "/naughty_ritchie",
"NetworkSettings": {
"Bridge": "docker0",
"Gateway": "172.17.42.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"MacAddress": "02:42:ac:11:00:04",
"PortMapping": null,
"Ports": {
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
}
},
"Path": "/bin/sh",
"ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c936,c992",
"ResolvConfPath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/resolv.conf",
"State": {
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"Paused": false,
"Pid": 2899,
"Restarting": false,
"Running": true,
"StartedAt": "2015-02-25T18:35:55.099027392Z"
},
"Volumes": {
"/usr/local/tomcat/logs": "/var/lib/docker/vfs/dir/e93bf55338e0c40ef4480af00db9924999e5fcb8fc86f5885b76b32eff4207c8"
},
"VolumesRW": {
"/usr/local/tomcat/logs": true
}
}
}}}
%%
After stopping the container and removing it (docker stop and docker rm), the logoutput is still there :
%%collapsebox
Persistent data in VOLUMES still there
{{{
[root@vbox dockerfiles]# docker stop c6abceb6a4a2
c6abceb6a4a2
[root@vbox dockerfiles]# docker rm c6abceb6a4a2
c6abceb6a4a2
[root@vbox dir]# ls -l /var/lib/docker/vfs/dir/e93bf55338e0c40ef4480af00db9924999e5fcb8fc86f5885b76b32eff4207c8
total 20
-rw-r--r--. 1 centos centos 6173 25 feb 19:47 catalina.2015-02-25.log
-rw-r--r--. 1 centos centos 0 25 feb 19:35 host-manager.2015-02-25.log
-rw-r--r--. 1 centos centos 0 25 feb 19:35 localhost.2015-02-25.log
-rw-r--r--. 1 centos centos 10586 25 feb 19:39 localhost_access_log.2015-02-25.txt
-rw-r--r--. 1 centos centos 0 25 feb 19:35 manager.2015-02-25.log
[root@vbox dir]#
}}}
%%
Now create a JSPWiki docker image, with the following Dockerfile :
%%collapsebox
JSPWiki Dockerfile
{{{
#
# Dockerfile for JSPWiki running in a tomcat 8.0.18 on top of OpenJDK7 on top of CentoS 7
# Also install tar, needed for unpacking the tomcat archive.
#
FROM 81d236795c31
MAINTAINER Harry Metske <harry.metske@gmail.com>
# we need the unzip command to unpack the war and zip files
USER root
RUN yum install -y unzip
#
USER tomcat
# download the war from a fixed download location, create JSPWiki webapps dir, unzip it there.
RUN mkdir /usr/local/tomcat/webapps/JSPWiki
RUN TF=/tmp/jspwiki.download.war && curl --silent http://apache.xl-mirror.nl/jspwiki/2.10.1/binaries/JSPWiki.war > $TF && unzip -q -d /usr/local/tomcat/webapps/JSPWiki $TF && rm $TF
#
# download the default set of pages
RUN mkdir ~/jspwiki-files && TF=/tmp/jspwikipages-download.zip && curl --silent http://apache.xl-mirror.nl/jspwiki/2.10.1/wikipages/jspwiki-wikipages-en-2.10.1.zip > $TF && unzip -q -d /tmp $TF && mv /tmp/jspwiki-wikipages-en-2.10.1/* ~/jspwiki-files && rm -r $TF /tmp/jspwiki-wikipages-en-2.10.1
#
# by default we start the Tomcat container when the docker container is started.
CMD /usr/local/tomcat/bin/catalina.sh run
}}}
%%
%%collapsebox
saving and loading images
You can save an image to a tar file and then import on another docker host :
{{{
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
harry jspwiki-2.10.1 14e51483a5c3 22 hours ago 597.8 MB
harry tomcat8 81d236795c31 24 hours ago 528.6 MB
harry java7 e48c60e07bc1 3 days ago 487.5 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
[root@vbox dockerfiles]# docker save 14e51483a5c3 > /tmp/container-14e51483a5c3.tar
}}}
scp this file to another host and then over there :
{{{
metskem@athena:/tmp$ cat container-14e51483a5c3.tar | docker load
metskem@athena:/tmp$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
<none> <none> 14e51483a5c3 22 hours ago 597.8 MB
dockerfile/nginx latest 05f647ea7662 5 days ago 425.7 MB
<none> <none> e430b8e3e2a5 6 days ago 273.8 MB
ubuntu latest 5506de2b643b 4 months ago 199.3 MB
metskem@athena:/tmp$ docker run -d --publish=80:8080 14e51483a5c3
1da98fa35664b6cf82e5b82b31bd5069ef96e4ad2748c088a86c8a4572bb6f0c
}}}
%%
%%collapsebox
Linking containers together
You can link a container to another running container by using the {{RUN --link <name>:<alias>}} option.\\
The envvars from the target container then are visible in the source container (potential security issue, don't put sensitive data in envvars in the tgt container) . \\
See the following, first we start a jspwiki container (and expose port 8080) :
{{{
[metskem@vbox docker]$ docker run -d --name wiki --env="jspwiki.baseURL=http://10.0.0.195:8080" --expose=8080 harry:jspwiki-2.10.2-svn-14
ff1e7ec53f0bede9932406826939498ed526bafd6145486d61603c0041d27747
[metskem@vbox docker]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff1e7ec53f0b harry:jspwiki-2.10.2-svn-14 "/bin/sh -c '/usr/lo 26 seconds ago Up 24 seconds 8080/tcp wiki
[metskem@vbox docker]$
}}}
Secondly we start another container that links to the wiki container:
{{{
[metskem@vbox ~]$ docker run -ti --link wiki:alias2wiki centos:centos7 bash
[root@f959f7929aae /]# env|sort
ALIAS2WIKI_ENV_jspwiki.baseURL=http://10.0.0.195:8080
ALIAS2WIKI_ENV_jspwiki.basicAttachmentProvider.storageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.fileSystemProvider.pageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.pageProvider=VersioningFileProvider
ALIAS2WIKI_ENV_jspwiki.workDir=/var/jspwiki/work
ALIAS2WIKI_ENV_jspwiki.xmlGroupDatabaseFile=/var/jspwiki/etc/groupdatabase.xml
ALIAS2WIKI_ENV_jspwiki.xmlUserDatabaseFile=/var/jspwiki/etc/userdatabase.xml
ALIAS2WIKI_NAME=/thirsty_darwin/alias2wiki
ALIAS2WIKI_PORT=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP_ADDR=172.17.0.15
ALIAS2WIKI_PORT_8080_TCP_PORT=8080
ALIAS2WIKI_PORT_8080_TCP_PROTO=tcp
HOME=/root
HOSTNAME=f959f7929aae
<< snip >>
}}}
Now you can see the envvars from the wiki container in the centos container, prefixed with <aliasname>_ENV_ .
%%
! Upgrading to 1.5 and more tweaks
[Instructions|https://docs.docker.com/installation/centos/#manual-installation-of-latest-docker-release]
{{{
backup current images:
for IM in `docker images -q|sort -u`; do echo saving $IM;docker save $IM > /tmp/$IM.tar ; done
cd /root/docker/downloads
rpm -e docker
curl --silent https://get.docker.com/builds/Linux/x86_64/docker-latest > docker
chmod +x docker
docker --version
cp ~/docker/downloads/docker /usr/bin
copy 2 unit files from https://github.com/docker/docker/tree/master/contrib/init/systemd to /etc/systemd/system
sudo systemctl enable docker.service
}}}
Another issue with AUFS is that you cannot install httpd (example)
{{{
error: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file
}}}
The solution is to run with devicemapper, so edit your {{ /etc/default/docker }} and set
{{{
DOCKER_OPTS="-s devicemapper"
}}}
So save all your images with the docker save command restart the docker daemon and restore all images with the docker load command :
{{{
docker save `docker images -q` > ~/docker-images-all.tar
sudo service docker restart
cat ~/docker-images-all.tar | docker load
}}}
And, after that you have to retag all your images and remove the /var/lib/docker/aufs directory .
! Running your own registry
You probably need a central place to store and distribute your images. The docker public repository is sometimes a bit "too central" and you want to run your won registry somewhere in your own datacenter.
For general documentation see [https://github.com/docker/docker-registry/]. \\
First install the docker-registry image with __docker pull registry__.
Or go to this [docker registry] page, for how to install and run your own registry.
Then you have to retag your image before you can send it to your local registry :
{{{
docker tag harry:jspwiki-2.10.2-svn-14 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
}}}
And before you can push, you have to modify the arguments of the docker daemon. In my case it is in {{/etc/systemd/system/docker.service}} :
{{{
ExecStart=/usr/bin/docker --daemon --insecure-registry=10.0.0.195:5000 -H fd://
}}}
Followed by a
{{{
systemctl daemon-reload
systemctl restart docker
}}}
Then the actual push :
%%collapsebox
pushing to local registry
{{{
[metskem@vbox system]$ docker push 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [10.0.0.195:5000/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository 10.0.0.195:5000/metskem/jspwiki (1 tags)
511136ea3c5a: Image successfully pushed
5b12ef8fd570: Image successfully pushed
dade6cb4530a: Image successfully pushed
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
c5eb18fad024: Image successfully pushed
b454f7f76947: Image successfully pushed
a0e7ab13f41d: Image successfully pushed
2dc77cfd261e: Image successfully pushed
a21d9f3f4938: Image successfully pushed
7e99f3d52e90: Image successfully pushed
f4feb8f23da5: Image successfully pushed
c66f1b045bd0: Image successfully pushed
04e2170f152e: Image successfully pushed
679107dfd59a: Image successfully pushed
64c35add867a: Image successfully pushed
a1a54333a532: Image successfully pushed
eaf42bb4a4da: Image successfully pushed
7c14d4420bb2: Image successfully pushed
da0330415812: Image successfully pushed
62f598132165: Image successfully pushed
acf1f70d0d41: Image successfully pushed
e1c301a21dae: Image successfully pushed
81181bc94763: Image successfully pushed
3475c657c51b: Image successfully pushed
7a26e9db5921: Image successfully pushed
a6167bad8bc2: Image successfully pushed
96ce60f733f1: Image successfully pushed
1ff51e43d8fa: Image successfully pushed
a488f594ffcd: Image successfully pushed
e2700e924062: Image successfully pushed
65858638c162: Image successfully pushed
70cd6c38f806: Image successfully pushed
770aaa29b831: Image successfully pushed
5118b9f70abc: Image successfully pushed
12d78307ddcd: Image successfully pushed
badeb5836316: Image successfully pushed
1402803586b7: Image successfully pushed
3c1489a3cf9b: Image successfully pushed
4531617a5dbb: Image successfully pushed
00c67b76b331: Image successfully pushed
Pushing tag for rev [00c67b76b331] on {http://10.0.0.195:5000/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
%%
BUT, what about authentication and authorization ?! ==> probably configurable...
__registry-ui__
There is a web-pplication that allows you to view/edit registries and images. And of course that is also a docker container again , run it with :
{{{
docker run -p 8080:8080 --name=registry-ui atcol/docker-registry-ui
}}}
I added the registry I just started , you do have to use an IP address that is accessible from the registry-ui container.
! Docker for JSPWiki
I dedicated a [separate page|Docker-JSPWiki] for that.
!!! Pushing an image to the hub
If you want to make your image public, first __tag__ it and then __push__ it:
{{{
[root@vbox ~]# docker tag harry:jspwiki-2.10.2-svn-14 registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
[root@vbox ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
harry jspwiki-2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
registry.hub.docker.com/metskem/jspwiki 2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
harry tomcat-8.0.20 d9e7a3a95230 43 hours ago 542.7 MB
harry java7 c5eb18fad024 9 days ago 501.5 MB
centos centos7 dade6cb4530a 4 weeks ago 224 MB
centos latest dade6cb4530a 4 weeks ago 224 MB
centos 7 dade6cb4530a 4 weeks ago 224 MB
[root@vbox ~]# docker push registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Please login prior to push:
Username: metskem
Password:
Email: metskem@apache.org
Login Succeeded
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository registry.hub.docker.com/metskem/jspwiki (1 tags)
511136ea3c5a: Image already pushed, skipping
5b12ef8fd570: Image already pushed, skipping
dade6cb4530a: Image already pushed, skipping
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
<<<< snip >>>>>>>
95ef590ff04d: Image successfully pushed
3e33f5d2d612: Image successfully pushed
Pushing tag for rev [3e33f5d2d612] on {https://cdn-registry-1.docker.io/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
!!! TODO
* [https://serfdom.io/]
!!! Docker (management) tools
At line 1,008 removed 91 lines
!! Openshift 3
! Resources
* [Docs|http://docs.openshift.org/latest/welcome/index.html]
! Installation
There is an all-in-one Docker container for it, just run :
%%collapsebox
docker run
{{{
metskem@athena:~$ docker run -d --name=openshift --net=host --privileged -v /var/run/docker.sock:/var/run/docker.sock openshift/origin start
00f2418d2f45f0ce6d69b220c1d208f80f098fe6a63f17dfd529586b9eeb3036
metskem@athena:~$ docker logs -f openshift
I0406 08:58:51.662636 1 start_allinone.go:181] Starting an OpenShift all-in-one
I0406 08:59:17.176061 1 start_master.go:274] Starting an OpenShift master, reachable at 0.0.0.0:8443 (etcd: [https://10.0.0.164:4001])
I0406 08:59:17.176094 1 start_master.go:275] OpenShift master public address is https://10.0.0.164:8443
I0406 08:59:17.176152 1 etcd.go:47] Started etcd at 10.0.0.164:4001
[etcd] Apr 6 08:59:18.196 INFO | openshift.local is starting a new cluster
[etcd] Apr 6 08:59:18.197 INFO | etcd server [name openshift.local, listen on 0.0.0.0:4001, advertised url https://10.0.0.164:4001]
[etcd] Apr 6 08:59:18.197 INFO | peer server [name openshift.local, listen on 0.0.0.0:7001, advertised url https://10.0.0.164:7001]
[etcd] Apr 6 08:59:18.198 INFO | openshift.local starting in peer mode
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: state changed from 'initialized' to 'follower'.
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: state changed from 'follower' to 'leader'.
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: leader changed from '' to 'openshift.local'.
I0406 08:59:19.820209 1 start_master.go:317] Static Nodes: [athena]
E0406 08:59:20.181728 1 reflector.go:115] Failed to list *api.ResourceQuota: Get https://10.0.0.164:8443/api/v1beta1/resourceQuotas?namespace=: dial tcp 10.0.0.164:8443: connection refused
E0406 08:59:20.181780 1 reflector.go:115] Failed to list *api.LimitRange: Get https://10.0.0.164:8443/api/v1beta1/limitRanges?namespace=: dial tcp 10.0.0.164:8443: connection refused
[restful] 2015/04/06 08:59:20 log.go:30: [restful/swagger] listing is available at /swaggerapi/
[restful] 2015/04/06 08:59:20 log.go:30: [restful/swagger] Swagger(File)Path is empty ; no UI is served
I0406 08:59:20.938037 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta1
I0406 08:59:20.938069 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta2
I0406 08:59:20.938078 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta3 (experimental)
I0406 08:59:20.938086 1 master.go:431] Started OpenShift API at 0.0.0.0:8443/osapi/v1beta1
I0406 08:59:20.938095 1 master.go:431] Started OAuth2 API at 0.0.0.0:8443/oauth
I0406 08:59:20.938103 1 master.go:431] Started login server at 0.0.0.0:8443/login
I0406 08:59:20.938112 1 master.go:431] Started OpenShift UI 0.0.0.0:8443/console/
I0406 08:59:20.938120 1 master.go:431] Started Swagger Schema API at 0.0.0.0:8443/swaggerapi/
E0406 08:59:21.215538 1 reflector.go:115] Failed to list *api.LimitRange: Get https://10.0.0.164:8443/api/v1beta1/limitRanges?namespace=: dial tcp 10.0.0.164:8443: connection refused
E0406 08:59:21.215653 1 reflector.go:115] Failed to list *api.ResourceQuota: Get https://10.0.0.164:8443/api/v1beta1/resourceQuotas?namespace=: dial tcp 10.0.0.164:8443: connection refused
I0406 08:59:21.345234 1 master.go:488] No master policy found. Creating bootstrap policy based on: openshift.local.policy/policy.json
I0406 08:59:21.643400 1 master.go:109] Started Kubernetes Scheduler
I0406 08:59:21.643424 1 master.go:90] Started Kubernetes Replication Manager
I0406 08:59:21.643433 1 master.go:98] Started Kubernetes Endpoint Controller
I0406 08:59:22.770614 1 nodecontroller.go:189] Registered node in registry: athena
I0406 08:59:22.770636 1 nodecontroller.go:194] Successfully registered all nodes
I0406 08:59:22.770645 1 master.go:133] Started Kubernetes Minion Controller
I0406 08:59:22.770724 1 start_master.go:351] Using images from "openshift/origin-<component>:v0.4.2"
W0406 08:59:22.770868 1 master.go:601] Could not start DNS: listen tcp 0.0.0.0:53: bind: address already in use
E0406 08:59:23.338955 1 nodecontroller.go:279] Can't collect information for node athena: Get https://athena:10250/api/v1beta1/nodeInfo: dial tcp 127.0.1.1:10250: connection refused
I0406 08:59:31.454306 1 start_node.go:189] Starting an OpenShift node, connecting to https://10.0.0.164:8443
W0406 08:59:31.752616 1 node.go:91] Error running 'chcon' to set the kubelet volume root directory SELinux context: exit status 1
I0406 08:59:31.753905 1 node.go:61] Connecting to Docker at unix:///var/run/docker.sock
I0406 08:59:31.754512 1 proxier.go:328] Setting Proxy IP to 10.0.0.164
I0406 08:59:31.754534 1 proxier.go:333] Initializing iptables
I0406 08:59:31.815591 1 node.go:233] Started Kubernetes Proxy on 0.0.0.0
I0406 08:59:31.815729 1 manager.go:103] cAdvisor running in container: "/docker/00f2418d2f45f0ce6d69b220c1d208f80f098fe6a63f17dfd529586b9eeb3036"
I0406 08:59:31.816218 1 fs.go:87] Filesystem partitions: map[/dev/disk/by-uuid/5bbd6a91-bc46-4eb8-85f7-859dab4be488:{mountpoint:/etc/resolv.conf major:8 minor:6}]
I0406 08:59:31.818789 1 machine.go:223] Couldn't collect info from any of the files in "/etc/machine-id,/var/lib/dbus/machine-id"
I0406 08:59:31.818841 1 manager.go:124] Machine: {NumCores:4 CpuFrequency:1701000 MemoryCapacity:3834273792 MachineID: SystemUUID:609A7519-D21D-B211-8000-C930BF194D9E BootID:3c399cdc-65ba-4445-b488-1afd7505d8dc Filesystems:[{Device:/dev/disk/by-uuid/5bbd6a91-bc46-4eb8-85f7-859dab4be488 Capacity:59727097856}] DiskMap:map[8:0:{Name:sda Major:8 Minor:0 Size:128035676160 Scheduler:deadline}] NetworkDevices:[{Name:eth0 MacAddress:e8:03:9a:e8:75:86 Speed:10 Mtu:1500} {Name:vboxnet0 MacAddress:0a:00:27:00:00:00 Speed:0 Mtu:1500} {Name:wlan0 MacAddress:c4:85:08:52:76:78 Speed:0 Mtu:1500}] Topology:[{Id:0 Memory:3834273792 Cores:[{Id:0 Threads:[0 1] Caches:[{Size:32768 Type:Data Level:1} {Size:32768 Type:Instruction Level:1} {Size:262144 Type:Unified Level:2}]} {Id:1 Threads:[2 3] Caches:[{Size:32768 Type:Data Level:1} {Size:32768 Type:Instruction Level:1} {Size:262144 Type:Unified Level:2}]}] Caches:[{Size:3145728 Type:Unified Level:3}]}]}
I0406 08:59:31.853574 1 manager.go:131] Version: {KernelVersion:3.13.0-40-generic ContainerOsVersion:CentOS Linux 7 (Core) DockerVersion:1.5.0 CadvisorVersion:0.10.1}
I0406 08:59:31.934820 1 proxier.go:566] Opened iptables from-containers portal for service "default/kubernetes" on TCP 172.30.17.2:443
I0406 08:59:31.949718 1 proxier.go:577] Opened iptables from-host portal for service "default/kubernetes" on TCP 172.30.17.2:443
I0406 08:59:31.964394 1 proxier.go:566] Opened iptables from-containers portal for service "default/kubernetes-ro" on TCP 172.30.17.1:80
I0406 08:59:31.983399 1 proxier.go:577] Opened iptables from-host portal for service "default/kubernetes-ro" on TCP 172.30.17.1:80
E0406 08:59:31.984679 1 manager.go:138] Docker container factory registration failed: failed to get cgroup subsystems: failed to find cgroup mounts.
E0406 08:59:31.985329 1 manager.go:144] Registration of the raw container factory failed: failed to get cgroup subsystems: failed to find cgroup mounts
I0406 08:59:31.985391 1 manager.go:865] Started watching for new ooms in manager
E0406 08:59:31.985560 1 manager.go:196] Failed to start OOM watcher, will not get OOM events: neither /var/log/messages nor /var/log/syslog exists from which to read kernel errors
I0406 08:59:32.278897 1 node.go:176] Started Kubelet for node athena, server at 0.0.0.0:10250, tls=true
I0406 08:59:32.278926 1 node.go:178] Kubelet is setting 10.0.0.164 as a DNS nameserver for domain "local"
I0406 08:59:32.296608 1 plugins.go:56] Registering credential provider: .dockercfg
E0406 08:59:33.093823 1 event.go:127] Unable to write event '&api.Event{TypeMeta:api.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"athena.13d26114728cfd92", GenerateName:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", CreationTimestamp:util.Time{Time:time.Time{sec:0, nsec:0x0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*util.Time)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil)}, InvolvedObject:api.ObjectReference{Kind:"Node", Namespace:"", Name:"athena", UID:"athena", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"starting", Message:"Starting kubelet.", Source:api.EventSource{Component:"kubelet", Host:"athena"}, FirstTimestamp:util.Time{Time:time.Time{sec:63563907572, nsec:0x10a07592, loc:(*time.Location)(0x328f180)}}, LastTimestamp:util.Time{Time:time.Time{sec:63563907572, nsec:0x10a07592, loc:(*time.Location)(0x328f180)}}, Count:1}': 'events "athena.13d26114728cfd92" already exists' (will not retry!)
}}}
%%
And there is a [management console|https://10.0.0.164:8443/console] available.
You first create a project :
{{{
openshift ex new-project proj2 --description="test desc 2" --display-name="displee naam 2" --admin=admin
}}}
Install the stuff on another Centos7 virtualbox image, see OpenShift [Setup details|http://docs.openshift.org/latest/getting_started/setup.html] and [Installation|http://docs.openshift.org/latest/getting_started/installation.html].
This page (revision-52) was last changed on 23-Apr-2022 17:05 by Harry MetskeTop