!!! Docker
[{TableOfContents }]
!! Resources
* [https://docs.docker.com]
* [Dockerfile reference|https://docs.docker.com/reference/builder/]
* [docker public registry|https://registry.hub.docker.com/] | [my jspwiki hub |https://registry.hub.docker.com/u/metskem/jspwiki/]
* [The 12factor app|http://12factor.net]
* [docker-registry|https://github.com/docker/docker-registry/]
* [docker-registry-ui|https://registry.hub.docker.com/u/atcol/docker-registry-ui/]
* VAMP [http://vamp.io] | [http://magnetic.io/vamp]
* [Consul|http://demo.consul.io]
* [Apache Mesos|http://mesos.apache.org/]
* [Atomic|http://www.projectatomic.io/]
* [OpenShift 3 Technical Architecture|https://docs.google.com/presentation/d/1Isp5UeQZTo3gh6e59FMYmMs_V9QIQeBelmbyHIJ1H_g/pub]
Install with {{apt-get install docker.io}}. Beware that you need a 64bit version OS !
!! docker options
{{{
root@athena:~# docker
Usage: docker [OPTIONS] COMMAND [arg...]
-H=[unix:///var/run/docker.sock]: tcp://host:port to bind/connect to or unix://path/to/socket to use
A self-sufficient runtime for linux containers.
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders from the containers filesystem to the host path
diff Inspect changes on a container's filesystem
events Get real time events from the server
export Stream the contents of a container as a tar archive
history Show the history of an image
images List images
import Create a new filesystem image from the contents of a tarball
info Display system-wide information
inspect Return low-level information on a container
kill Kill a running container
load Load an image from a tar archive
login Register or Login to the docker registry server
logs Fetch the logs of a container
port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
pause Pause all processes within a container
ps List containers
pull Pull an image or a repository from the docker registry server
push Push an image or a repository to the docker registry server
restart Restart a running container
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save an image to a tar archive
search Search for an image in the docker index
start Start a stopped container
stop Stop a running container
tag Tag an image into a repository
top Lookup the running processes of a container
unpause Unpause a paused container
version Show the docker version information
wait Block until a container stops, then print its exit code
root@athena:~#
}}}
!! run
Then simply start a container with :
{{{docker run -i -t ubuntu /bin/bash}}}
This starts a container in interactive mode. The first time you run this, the image is downloaded from docker hub and stored locally. \\
When you exit the container, it is immediately "gone" too.
With {{docker ps}} you can see what is running:
{{{
root@athena:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9539bc7b78df ubuntu-14.04:latest /bin/bash 6 seconds ago Up 5 seconds silly_darwin
}}}
Now, the funny thing is, you can do something in the container, like installing vim or openjdk-7-jdk, and then commit that (from outside the container) :
{{{
root@athena:~# docker commit -m "added java" -a "Harry Metske" e5acc9ff7c9c ubuntu-14.04
feb996bac7c44edd0cfe28b54901f2ff500b4c18fed203931b703d14cc89b8c0
}}}
And after that you can see the results with {{docker images}} :
{{{
root@athena:~# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu-14.04 latest feb996bac7c4 12 seconds ago 664.2 MB
ubuntu/1404 v1.0 9e7a0bc71946 42 minutes ago 311.2 MB
ubuntu latest 5506de2b643b 6 days ago 199.3 MB
}}}
After that you can run that new container again (and have java installed) :
{{{
docker run -h hostje -i -t --user=metskem feb996bac7c4
}}}
* -h gives a hostname to the container (inside container)
* -i -t ==> interactive mode
* --user=metskem ==> start the shell with that user (that user must have been created earlier in the container)
* feb996bac7c4 ==> the unique id of the just committed image
!! run with port mapping
{{{
docker run -p 8080:80 -t -i dfda109aba4a /bin/bash
}}}
You can now access localhost:8080 on the host, this will be remapped to port 80 in the container.
!! history
You can also list the history of images:
{{{
root@athena:~# docker history feb996bac7c4
IMAGE CREATED CREATED BY SIZE
feb996bac7c4 41 minutes ago /bin/bash 353 MB
9e7a0bc71946 About an hour ago /bin/bash 112 MB
5506de2b643b 6 days ago /bin/sh -c #(nop) CMD [/bin/bash] 0 B
22093c35d77b 6 days ago /bin/sh -c apt-get update && apt-get dist-upg 6.558 MB
3680052c0f5c 6 days ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
e791be0477f2 6 days ago /bin/sh -c rm -rf /var/lib/apt/lists/* 0 B
ccb62158e970 6 days ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.8 kB
d497ad3926c8 9 days ago /bin/sh -c #(nop) ADD file:3996e886f2aa934dda 192.5 MB
511136ea3c5a 16 months ago 0 B
}}}
Note that no daemons are started after starting the container. For example, installing openssh-server (and update-rc.d defaults) it is not started after running the container ''==> find out, there must be other options''
!! build images
Create {{ /var/lib/docker/docker/dockerfiles/testje/Dockerfile}}, {{cd to /var/lib/docker/docker/dockerfiles}} and create testje/Dockerfile with content :
{{{
FROM nginx
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN date > /tmp/date.txt
RUN apt-get -y install vim
}}}
There is [Docker file Reference|https://docs.docker.com/reference/builder/#dockerfile-reference]
and run
{{{
root@athena:/var/lib/docker/dockerfiles# docker build testje
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM nginx
---> f1c42afeb4a4
Step 1 : MAINTAINER Harry Metske <harry.metske@gmail.com>
---> Using cache
---> 2db2a6377c41
Step 2 : RUN date > /tmp/date.txt
---> Using cache
---> d57d03dacc7f
Step 3 : RUN apt-get -y install vim
---> Using cache
---> e426018fc315
Successfully built e426018fc315
}}}
Another Dockerfile :
{{{
FROM nginx
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN apt-get -y install wget vim openssh-server openjdk-7-jre
RUN wget -O - http://apache.proserve.nl/tomcat/tomcat-8/v8.0.14/bin/apache-tomcat-8.0.14.tar.gz | gunzip | tar -x -C /usr/local
RUN cd /usr/local && ln -s apache-tomcat-8.0.14 tomcat
RUN rm -f /usr/local/tomcat/bin/*.bat
ADD filestoadd/tomcat-users.xml /usr/local/tomcat/conf/
CMD /bin/bash
}}}
!! More experiments
! Host preparations
If you want to use data volumes, make sure you have the proper file context on the host datavolume directories (to prevent ''permission denied'' :
{{{
[root@vbox a]# semanage fcontext --add -t svirt_sandbox_file_t /var/jspwiki/a
[root@vbox a]# restorecon -vFr /var/jspwiki/a
restorecon reset /var/jspwiki/a context system_u:object_r:var_t:s0->system_u:object_r:svirt_sandbox_file_t:s0
[root@vbox a]# ls -lZ /var/jspwiki/
drwxrwxrwx. root root system_u:object_r:svirt_sandbox_file_t:s0 a
}}}
For the ''semanage'' command to become available, you might have to install it first with ''yum install policycoreutils-python'' .
! Other stuff
__docker pull centos:7__
{{{
[root@localhost ~]# docker pull centos:7
Pulling repository centos
dade6cb4530a: Download complete
511136ea3c5a: Download complete
5b12ef8fd570: Download complete
Status: Downloaded newer image for centos:7
}}}
__docker images__
{{{
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos 7 dade6cb4530a 2 weeks ago 224 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
}}}
Create a docker file first in {{~/dockerfiles/java7/Dockerfile}} :
{{{
#
# Dockerfile with OpenJDK7 on top of CentoS 7
#
FROM dade6cb4530a
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN yum -y install java-1.7.0-openjdk
CMD /bin/bash
}}}
__docker build --tag=java7 --rm=true java7__
{{{
[root@localhost dockerfiles]# docker build --tag=java7 --rm=true java7
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM dade6cb4530a
---> dade6cb4530a
Step 1 : MAINTAINER Harry Metske <harry.metske@gmail.com>
---> Using cache
---> 359721211f5c
Step 2 : RUN yum -y install java-1.7.0-openjdk
---> Running in f21bde92b3d8
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirror.denit.net
* extras: mirror.widexs.nl
* updates: mirror.widexs.nl
Resolving Dependencies
--> Running transaction check
---> Package java-1.7.0-openjdk.x86_64 1:1.7.0.75-2.5.4.2.el7_0 will be installed
------- a lot of yum output --------
xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
Complete!
---> dee61328998e
Removing intermediate container f21bde92b3d8
Step 3 : CMD /bin/bash
---> Running in 45449ac928c8
---> e48c60e07bc1
Removing intermediate container 45449ac928c8
Successfully built e48c60e07bc1
}}}
__docker images__ again:
{{{
[root@localhost dockerfiles]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
java7 latest e48c60e07bc1 9 minutes ago 487.5 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
}}}
Now we have the first layer, CentOS with Java installed.
On top of that we want tomcat installed and make that a new build again with the following Dockerfile :
{{{
#
# Dockerfile for a running tomcat 8.0.18 on top OpenJDK7 on top of CentoS 7
# Also install tar, needed for unpacking the tomcat archive.
#
FROM e48c60e07bc1
MAINTAINER Harry Metske <harry.metske@gmail.com>
RUN yum -y install tar
RUN curl http://apache.proserve.nl/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18.tar.gz | gunzip | tar -x -C /usr/local
RUN cd /usr/local && ln -s apache-tomcat-8.0.18 tomcat
RUN rm -rf /usr/local/tomcat/bin/*.bat /usr/local/tomcat/webapps/examples /usr/local/tomcat/webapps/host-manager
#
# by default we start the Tomcat container when the docker container is started.
CMD /usr/local/tomcat/bin/catalina.sh run
}}}
__docker build --force-rm=true --tag=tomcat8 tomcat8__
%%collapsebox
build an image
{{{
[root@localhost dockerfiles]# docker build --force-rm=true --tag=tomcat8 tomcat8
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM e48c60e07bc1
---> e48c60e07bc1
Step 1 : MAINTAINER Harry Metske <harry.metske@gmail.com>
---> Running in af0b22f64d21
---> c63db74da65c
Removing intermediate container af0b22f64d21
Step 2 : RUN yum -y install tar
---> Running in feb87054efdd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.denit.net
* extras: mirror.widexs.nl
* updates: mirror.widexs.nl
Resolving Dependencies
--> Running transaction check
---> Package tar.x86_64 2:1.26-29.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
----- a lot of yum output ----
Running transaction
Installing : 2:tar-1.26-29.el7.x86_64 1/1
Verifying : 2:tar-1.26-29.el7.x86_64 1/1
Installed:
tar.x86_64 2:1.26-29.el7
Complete!
---> 3b2d250a33dc
Removing intermediate container feb87054efdd
Step 3 : RUN curl http://apache.proserve.nl/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18.tar.gz | gunzip | tar -x -C /usr/local
---> Running in 23ab3815b77e
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9053k 100 9053k 0 0 610k 0 0:00:14 0:00:14 --:--:-- 750k
---> e7f295ac6dc2
Removing intermediate container 23ab3815b77e
Step 4 : RUN cd /usr/local && ln -s apache-tomcat-8.0.18 tomcat
---> Running in 4b9e840d022d
---> be2444c2a7f1
Removing intermediate container 4b9e840d022d
Step 5 : RUN rm -f /usr/local/tomcat/bin/*.bat
---> Running in 4e3895b23dd7
---> 1690fcce7177
Removing intermediate container 4e3895b23dd7
Step 6 : CMD /usr/local/tomcat/bin/startup.sh
---> Running in baa7d280864e
---> f4af0b5bcc33
Removing intermediate container baa7d280864e
Successfully built f4af0b5bcc33
}}}
%%
__docker images__ again :
{{{
[root@localhost dockerfiles]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
tomcat8 latest f4af0b5bcc33 2 minutes ago 515.1 MB
java7 latest e48c60e07bc1 18 minutes ago 487.5 MB
<none> <none> c54971cf4c5c 34 minutes ago 502.7 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
}}}
(I made a few corrections to the dockerfile and rebuilt again, so the imageid has changed), but now we can run the container :
{{{
[root@localhost dockerfiles]# docker run -d 133f6647de58
ab3fcb88cb92d2136f8f9862176d129ad00cd121656fec7a0393b1873a45e2b4
[root@localhost dockerfiles]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab3fcb88cb92 tomcat8:latest "/bin/sh -c '/usr/lo 4 seconds ago Up 3 seconds clever_brattain
}}}
Now what is the IP address of this container , we can find that out by running a command in the already running container :
{{{
[root@localhost dockerfiles]# docker exec -t ab3fcb88cb92 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
48: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:42:ac:11:00:18 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.24/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:18/64 scope link
valid_lft forever preferred_lft forever
}}}
I cannot get to that IP address, so we stop the container and restart it with port mapping again :
{{{
[root@localhost ~]# docker stop ab3fcb88cb92
ab3fcb88cb92
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run -d --publish=80:8080 133f6647de58
42aabfe7d36475eaa46fe84b65b0a62f628bc721d8b2feefdc06fcdcf7dc3949
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 8 seconds ago Up 7 seconds 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]#
}}}
Now we can run more of those containers :
{{{
[root@localhost ~]# docker run -d --publish=81:8080 133f6647de58
57ff21dc902d6ad0bb43b722e256d80d417adebbadbf03117363aa51f58b474c
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57ff21dc902d tomcat8:latest "/bin/sh -c '/usr/lo 5 seconds ago Up 4 seconds 0.0.0.0:81->8080/tcp mad_babbage
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 5 minutes ago Up 5 minutes 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]# docker run -d --publish=82:8080 133f6647de58
a126abaec6fb5cac39a7c832b11b290ce01d06d8ba5f01b14d344951316dab6e
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a126abaec6fb tomcat8:latest "/bin/sh -c '/usr/lo 36 seconds ago Up 35 seconds 0.0.0.0:82->8080/tcp hopeful_blackwell
57ff21dc902d tomcat8:latest "/bin/sh -c '/usr/lo 49 seconds ago Up 48 seconds 0.0.0.0:81->8080/tcp mad_babbage
42aabfe7d364 tomcat8:latest "/bin/sh -c '/usr/lo 5 minutes ago Up 5 minutes 0.0.0.0:80->8080/tcp furious_fermat
[root@localhost ~]#
}}}
__Cleaning up containers__
%%collapsebox
Container cleanup
{{{
[root@vbox dockerfiles]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
294851829c28 f4af0b5bcc33 "/bin/bash" About an hour ago Exited (0) 59 minutes ago mad_pasteur
78663028cc2c f4af0b5bcc33 "/bin/sh -c /usr/loc About an hour ago Exited (0) About an hour ago elegant_kirch
3ba4c33febdf f4af0b5bcc33 "/bin/sh -c /usr/loc About an hour ago Exited (0) About an hour ago stoic_bohr
f62ab5413811 java7:latest "/bin/sh -c /bin/bas About an hour ago Exited (0) About an hour ago determined_kowalevski
7b63e6229cb5 centos:7 "/bin/bash" About an hour ago Exited (1) About an hour ago suspicious_colden
a854fcf6b129 centos:7 "/bin/bash" About an hour ago Exited (127) About an hour ago goofy_pare
74fceed71f43 centos:7 "/bin/bash" About an hour ago Exited (-1) 5 seconds ago sleepy_heisenberg
9f64f577b539 921b3c87dbfa "/bin/sh -c 'wget -O About an hour ago Exited (127) About an hour ago jolly_franklin
8225cac14ed2 359721211f5c "/bin/sh -c 'apt-get About an hour ago Exited (127) About an hour ago insane_rosalind
33a40d5ed490 centos:7 "/bin/bash" 2 hours ago Exited (0) 2 hours ago stoic_nobel
2cc4d23eefc9 centos:7 "/bin/bash" 2 hours ago Exited (0) 2 hours ago evil_stallman
[root@vbox dockerfiles]# du -cms /var/lib/docker/*
1 /var/lib/docker/containers
1459 /var/lib/docker/devicemapper
1 /var/lib/docker/execdriver
1 /var/lib/docker/graph
7 /var/lib/docker/init
1 /var/lib/docker/linkgraph.db
1 /var/lib/docker/repositories-devicemapper
0 /var/lib/docker/tmp
1 /var/lib/docker/trust
0 /var/lib/docker/volumes
1466 total
[root@vbox dockerfiles]# docker ps -a -q
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker stop $(docker ps -a -q)
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker rm $(docker ps -a -q)
294851829c28
78663028cc2c
3ba4c33febdf
f62ab5413811
7b63e6229cb5
a854fcf6b129
74fceed71f43
9f64f577b539
8225cac14ed2
33a40d5ed490
2cc4d23eefc9
[root@vbox dockerfiles]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@vbox dockerfiles]#
[root@vbox dockerfiles]# du -cms /var/lib/docker/*
0 /var/lib/docker/containers
1156 /var/lib/docker/devicemapper
0 /var/lib/docker/execdriver
1 /var/lib/docker/graph
7 /var/lib/docker/init
1 /var/lib/docker/linkgraph.db
1 /var/lib/docker/repositories-devicemapper
0 /var/lib/docker/tmp
1 /var/lib/docker/trust
0 /var/lib/docker/volumes
1163 total
}}}
%%
__VOLUME usage__
I added {{VOLUME /usr/local/tomcat/logs}} to the Dockerfile and build a new image.\\
When running an __INSPECT__ you can see where the volume is mapped :
%%collapsebox
VOLUME usage
{{{
[root@vbox dockerfiles]# docker inspect c6abceb6a4a2
[{
"AppArmorProfile": "",
"Args": [
"-c",
"/usr/local/tomcat/bin/catalina.sh run"
],
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh",
"-c",
"/usr/local/tomcat/bin/catalina.sh run"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": {
"8080/tcp": {}
},
"Hostname": "c6abceb6a4a2",
"Image": "81d236795c31",
"Memory": 268435456,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "tomcat",
"Volumes": {
"/usr/local/tomcat/logs": {}
},
"WorkingDir": ""
},
"Created": "2015-02-25T18:35:54.49438532Z",
"Driver": "devicemapper",
"ExecDriver": "native-0.2",
"HostConfig": {
"Binds": null,
"CapAdd": null,
"CapDrop": null,
"ContainerIDFile": "",
"Devices": [],
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"Links": null,
"LxcConf": [],
"NetworkMode": "bridge",
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
]
},
"Privileged": false,
"PublishAllPorts": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": ""
},
"SecurityOpt": null,
"VolumesFrom": null
},
"HostnamePath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/hostname",
"HostsPath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/hosts",
"Id": "c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35",
"Image": "81d236795c31d782a2ea81f73af1b33736ef279430c0815f008525233e22c77d",
"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c936,c992",
"Name": "/naughty_ritchie",
"NetworkSettings": {
"Bridge": "docker0",
"Gateway": "172.17.42.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"MacAddress": "02:42:ac:11:00:04",
"PortMapping": null,
"Ports": {
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
}
},
"Path": "/bin/sh",
"ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c936,c992",
"ResolvConfPath": "/var/lib/docker/containers/c6abceb6a4a2e8b65e8ba1abf9eb89a7b1dfb6514a8b168fbf8d3cda48eb4d35/resolv.conf",
"State": {
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"Paused": false,
"Pid": 2899,
"Restarting": false,
"Running": true,
"StartedAt": "2015-02-25T18:35:55.099027392Z"
},
"Volumes": {
"/usr/local/tomcat/logs": "/var/lib/docker/vfs/dir/e93bf55338e0c40ef4480af00db9924999e5fcb8fc86f5885b76b32eff4207c8"
},
"VolumesRW": {
"/usr/local/tomcat/logs": true
}
}
}}}
%%
After stopping the container and removing it (docker stop and docker rm), the logoutput is still there :
%%collapsebox
Persistent data in VOLUMES still there
{{{
[root@vbox dockerfiles]# docker stop c6abceb6a4a2
c6abceb6a4a2
[root@vbox dockerfiles]# docker rm c6abceb6a4a2
c6abceb6a4a2
[root@vbox dir]# ls -l /var/lib/docker/vfs/dir/e93bf55338e0c40ef4480af00db9924999e5fcb8fc86f5885b76b32eff4207c8
total 20
-rw-r--r--. 1 centos centos 6173 25 feb 19:47 catalina.2015-02-25.log
-rw-r--r--. 1 centos centos 0 25 feb 19:35 host-manager.2015-02-25.log
-rw-r--r--. 1 centos centos 0 25 feb 19:35 localhost.2015-02-25.log
-rw-r--r--. 1 centos centos 10586 25 feb 19:39 localhost_access_log.2015-02-25.txt
-rw-r--r--. 1 centos centos 0 25 feb 19:35 manager.2015-02-25.log
[root@vbox dir]#
}}}
%%
Now create a JSPWiki docker image, with the following Dockerfile :
%%collapsebox
JSPWiki Dockerfile
{{{
#
# Dockerfile for JSPWiki running in a tomcat 8.0.18 on top of OpenJDK7 on top of CentoS 7
# Also install tar, needed for unpacking the tomcat archive.
#
FROM 81d236795c31
MAINTAINER Harry Metske <harry.metske@gmail.com>
# we need the unzip command to unpack the war and zip files
USER root
RUN yum install -y unzip
#
USER tomcat
# download the war from a fixed download location, create JSPWiki webapps dir, unzip it there.
RUN mkdir /usr/local/tomcat/webapps/JSPWiki
RUN TF=/tmp/jspwiki.download.war && curl --silent http://apache.xl-mirror.nl/jspwiki/2.10.1/binaries/JSPWiki.war > $TF && unzip -q -d /usr/local/tomcat/webapps/JSPWiki $TF && rm $TF
#
# download the default set of pages
RUN mkdir ~/jspwiki-files && TF=/tmp/jspwikipages-download.zip && curl --silent http://apache.xl-mirror.nl/jspwiki/2.10.1/wikipages/jspwiki-wikipages-en-2.10.1.zip > $TF && unzip -q -d /tmp $TF && mv /tmp/jspwiki-wikipages-en-2.10.1/* ~/jspwiki-files && rm -r $TF /tmp/jspwiki-wikipages-en-2.10.1
#
# by default we start the Tomcat container when the docker container is started.
CMD /usr/local/tomcat/bin/catalina.sh run
}}}
%%
%%collapsebox
saving and loading images
You can save an image to a tar file and then import on another docker host :
{{{
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
harry jspwiki-2.10.1 14e51483a5c3 22 hours ago 597.8 MB
harry tomcat8 81d236795c31 24 hours ago 528.6 MB
harry java7 e48c60e07bc1 3 days ago 487.5 MB
centos latest dade6cb4530a 2 weeks ago 224 MB
centos 7 dade6cb4530a 2 weeks ago 224 MB
centos centos7 dade6cb4530a 2 weeks ago 224 MB
[root@vbox dockerfiles]# docker save 14e51483a5c3 > /tmp/container-14e51483a5c3.tar
}}}
scp this file to another host and then over there :
{{{
metskem@athena:/tmp$ cat container-14e51483a5c3.tar | docker load
metskem@athena:/tmp$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
<none> <none> 14e51483a5c3 22 hours ago 597.8 MB
dockerfile/nginx latest 05f647ea7662 5 days ago 425.7 MB
<none> <none> e430b8e3e2a5 6 days ago 273.8 MB
ubuntu latest 5506de2b643b 4 months ago 199.3 MB
metskem@athena:/tmp$ docker run -d --publish=80:8080 14e51483a5c3
1da98fa35664b6cf82e5b82b31bd5069ef96e4ad2748c088a86c8a4572bb6f0c
}}}
%%
%%collapsebox
Linking containers together
You can link a container to another running container by using the {{RUN --link <name>:<alias>}} option.\\
The envvars from the target container then are visible in the source container (potential security issue, don't put sensitive data in envvars in the tgt container) . \\
See the following, first we start a jspwiki container (and expose port 8080) :
{{{
[metskem@vbox docker]$ docker run -d --name wiki --env="jspwiki.baseURL=http://10.0.0.195:8080" --expose=8080 harry:jspwiki-2.10.2-svn-14
ff1e7ec53f0bede9932406826939498ed526bafd6145486d61603c0041d27747
[metskem@vbox docker]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff1e7ec53f0b harry:jspwiki-2.10.2-svn-14 "/bin/sh -c '/usr/lo 26 seconds ago Up 24 seconds 8080/tcp wiki
[metskem@vbox docker]$
}}}
Secondly we start another container that links to the wiki container:
{{{
[metskem@vbox ~]$ docker run -ti --link wiki:alias2wiki centos:centos7 bash
[root@f959f7929aae /]# env|sort
ALIAS2WIKI_ENV_jspwiki.baseURL=http://10.0.0.195:8080
ALIAS2WIKI_ENV_jspwiki.basicAttachmentProvider.storageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.fileSystemProvider.pageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.pageProvider=VersioningFileProvider
ALIAS2WIKI_ENV_jspwiki.workDir=/var/jspwiki/work
ALIAS2WIKI_ENV_jspwiki.xmlGroupDatabaseFile=/var/jspwiki/etc/groupdatabase.xml
ALIAS2WIKI_ENV_jspwiki.xmlUserDatabaseFile=/var/jspwiki/etc/userdatabase.xml
ALIAS2WIKI_NAME=/thirsty_darwin/alias2wiki
ALIAS2WIKI_PORT=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP_ADDR=172.17.0.15
ALIAS2WIKI_PORT_8080_TCP_PORT=8080
ALIAS2WIKI_PORT_8080_TCP_PROTO=tcp
HOME=/root
HOSTNAME=f959f7929aae
<< snip >>
}}}
Now you can see the envvars from the wiki container in the centos container, prefixed with <aliasname>_ENV_ .
%%
! Upgrading to 1.5 and more tweaks
[Instructions|https://docs.docker.com/installation/centos/#manual-installation-of-latest-docker-release]
{{{
backup current images:
for IM in `docker images -q|sort -u`; do echo saving $IM;docker save $IM > /tmp/$IM.tar ; done
cd /root/docker/downloads
rpm -e docker
curl --silent https://get.docker.com/builds/Linux/x86_64/docker-latest > docker
chmod +x docker
docker --version
cp ~/docker/downloads/docker /usr/bin
copy 2 unit files from https://github.com/docker/docker/tree/master/contrib/init/systemd to /etc/systemd/system
sudo systemctl enable docker.service
}}}
Another issue with AUFS is that you cannot install httpd (example)
{{{
error: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file
}}}
The solution is to run with devicemapper, so edit your {{ /etc/default/docker }} and set
{{{
DOCKER_OPTS="-s devicemapper"
}}}
So save all your images with the docker save command restart the docker daemon and restore all images with the docker load command :
{{{
docker save `docker images -q` > ~/docker-images-all.tar
sudo service docker restart
cat ~/docker-images-all.tar | docker load
}}}
And, after that you have to retag all your images and remove the /var/lib/docker/aufs directory .
! Running your own registry
You probably need a central place to store and distribute your images. The docker public repository is sometimes a bit "too central" and you want to run your won registry somewhere in your own datacenter.
For general documentation see [https://github.com/docker/docker-registry/]. \\
First install the docker-registry image with __docker pull registry__.
Then you have to retag your image before you can send it to your local registry :
{{{
docker tag harry:jspwiki-2.10.2-svn-14 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
}}}
And before you can push, you have to modify the arguments of the docker daemon. In my case it is in {{/etc/systemd/system/docker.service}} :
{{{
ExecStart=/usr/bin/docker --daemon --insecure-registry=10.0.0.195:5000 -H fd://
}}}
Followed by a
{{{
systemctl daemon-reload
systemctl restart docker
}}}
Then the actual push :
%%collapsebox
pushing to local registry
{{{
[metskem@vbox system]$ docker push 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [10.0.0.195:5000/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository 10.0.0.195:5000/metskem/jspwiki (1 tags)
511136ea3c5a: Image successfully pushed
5b12ef8fd570: Image successfully pushed
dade6cb4530a: Image successfully pushed
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
c5eb18fad024: Image successfully pushed
b454f7f76947: Image successfully pushed
a0e7ab13f41d: Image successfully pushed
2dc77cfd261e: Image successfully pushed
a21d9f3f4938: Image successfully pushed
7e99f3d52e90: Image successfully pushed
f4feb8f23da5: Image successfully pushed
c66f1b045bd0: Image successfully pushed
04e2170f152e: Image successfully pushed
679107dfd59a: Image successfully pushed
64c35add867a: Image successfully pushed
a1a54333a532: Image successfully pushed
eaf42bb4a4da: Image successfully pushed
7c14d4420bb2: Image successfully pushed
da0330415812: Image successfully pushed
62f598132165: Image successfully pushed
acf1f70d0d41: Image successfully pushed
e1c301a21dae: Image successfully pushed
81181bc94763: Image successfully pushed
3475c657c51b: Image successfully pushed
7a26e9db5921: Image successfully pushed
a6167bad8bc2: Image successfully pushed
96ce60f733f1: Image successfully pushed
1ff51e43d8fa: Image successfully pushed
a488f594ffcd: Image successfully pushed
e2700e924062: Image successfully pushed
65858638c162: Image successfully pushed
70cd6c38f806: Image successfully pushed
770aaa29b831: Image successfully pushed
5118b9f70abc: Image successfully pushed
12d78307ddcd: Image successfully pushed
badeb5836316: Image successfully pushed
1402803586b7: Image successfully pushed
3c1489a3cf9b: Image successfully pushed
4531617a5dbb: Image successfully pushed
00c67b76b331: Image successfully pushed
Pushing tag for rev [00c67b76b331] on {http://10.0.0.195:5000/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
%%
BUT, what about authentication and authorization ?! ==> probably configurable...
__registry-ui__
There is a web-pplication that allows you to view/edit registries and images. And of course that is also a docker container again , run it with :
{{{
docker run -p 8080:8080 --name=registry-ui atcol/docker-registry-ui
}}}
I added the registry I just started , you do have to use an IP address that is accessible from the registry-ui container.
! Docker for JSPWiki
I dedicated a [separate page|Docker-JSPWiki] for that.
!!! Pushing an image to the hub
If you want to make your image public, first __tag__ it and then __push__ it:
{{{
[root@vbox ~]# docker tag harry:jspwiki-2.10.2-svn-14 registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
[root@vbox ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
harry jspwiki-2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
registry.hub.docker.com/metskem/jspwiki 2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
harry tomcat-8.0.20 d9e7a3a95230 43 hours ago 542.7 MB
harry java7 c5eb18fad024 9 days ago 501.5 MB
centos centos7 dade6cb4530a 4 weeks ago 224 MB
centos latest dade6cb4530a 4 weeks ago 224 MB
centos 7 dade6cb4530a 4 weeks ago 224 MB
[root@vbox ~]# docker push registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Please login prior to push:
Username: metskem
Password:
Email: metskem@apache.org
Login Succeeded
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository registry.hub.docker.com/metskem/jspwiki (1 tags)
511136ea3c5a: Image already pushed, skipping
5b12ef8fd570: Image already pushed, skipping
dade6cb4530a: Image already pushed, skipping
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
<<<< snip >>>>>>>
95ef590ff04d: Image successfully pushed
3e33f5d2d612: Image successfully pushed
Pushing tag for rev [3e33f5d2d612] on {https://cdn-registry-1.docker.io/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
!!! TODO
* [https://serfdom.io/]
* [https://consul.io]
!!! Docker management tools
* [projectatomic|http://www.projectatomic.io]
* [panamax|http://panamax.io/]
* [mist.io|https://github.com/mistio/mist.io]
!! Panamax
{{{
███████╗ ██████╗ █████████╗ ██████╗ ██████████╗ ██████╗ ██╗ ██╗
██╔══██║ ╚═══██╗ ███╗ ███║ ╚═══██╗ ██║ ██╔ ██║ ╚═══██╗ ╚██╗██╔╝
██ ██║ ███████║ ███║ ███║ ███████║ ██║╚██║ ██║ ███████║ ╚███╔╝
███████╝ ███████║ ███║ ███║ ███████║ ██║╚██║ ██║ ███████║ ██╔██╗
██║ ███████║ ███║ ███║ ███████║ ██║╚██║ ██║ ███████║ ██╔╝ ██╗
╚═╝ ╚══════╝ ╚══╝ ╚══╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═╝ ╚═╝
CenturyLink Labs - http://www.centurylinklabs.com/
Checking if required software is installed.
Vagrant 1.6 or newer installed.
Virtualbox 4.3 or newer installed.
Creating a new CoreOS VM...
UUID changed to: db487bd4-a551-438c-ac36-86ce9bafac9a
Bringing machine 'panamax-vm' up with 'virtualbox' provider...
==> panamax-vm: Importing base box 'panamax-coreos-box-522.6.0'...
==> panamax-vm: Matching MAC address for NAT networking...
==> panamax-vm: Setting the name of the VM: panamax-vm
==> panamax-vm: Clearing any previously set network interfaces...
The specified host network collides with a non-hostonly network!
This will cause your specified IP to be inaccessible. Please change
the IP or name of your host only network so that it no longer matches that of
a bridged or non-hostonly network.
VM Creation failed. Exiting.
metskem@athena:~$
}}}