05 - Docker - Containers
Docker - Containers
- Container is operating system-level virtualization ( Linux Kernal )
- Allow for multiple isolated user-space instances called containers
- They share a single kernel
- Can be added or removed any times
- Containers consist of a self-contained Linux file system
- Can be from any Linux distribution which is compatible with the host kernel
- Usually contain a single application such as a server
- Operating
- Is often used in Cloud Computing
Docker Architecture
Docker is available in two editions:
- Community Edition (CE) - open-source
- Enterprise Edition (EE)
Docker uses a client-server architecture
- Client
- REST API ( the primary user interface which communicates )
- Over HTTP
- Over local Unix Socket
- Docker CLI
- docker build
- docker pull
- docker run
- Servers (Docker_Host)
- Is the Docker daemon
- Responsible for building, running, and distributing containers
- Docker daemon
- Container
- Images
- Registry (docker.io , DockerHub)
- Responsible for the storage, management, and delivery of Docker images
- Docker Hub
- Private
- Other Vendor
Docker Images and Containers
- Docker images are read-only templates
- Foundation is a simplified version of the Linux operating system
- Changes to foundation, such as application installations added to the Image
- Images are the templates or build commands for Docker
- Docker containers are running environments
- Has OS, environment, program, network, etc.
- Runs (probably one) application
- All required software contained in image
- Can have boot-up configuration
- They can be run, started, stopped, and deleted
Docker Images
- Docker images are built in layers
- Each layer is a file system
- The layers are combined in a union file system to make a single image
- o Images are the build component of Docker
- Images start from a base image
- Foundation is usually a specifically prepared Linux operating system
- Custom base images can also be created
- Docker Image is then built by adding layers:
- Interactively
- Defined in a directive file called a “Dockerfile”
Docker Containers
The docker ‘run’ command starts a container based on a named Docker Image
- Docker first looks for a local copy of the image
- If it does not exist it is pulled from a Docker Registry
- The default Registry is the Docker Hub Registry
- A new container is created using the file system from the image
- A read-write layer is added to the top of the file system
- A network interface is created and an IP address is assigned from a pool
- Standard input, output, and error streams are connected
- A specified application is executed
- Docker container appears as a child of the daemon process, ms are connected
Docker Registries
- A Docker registry stores Docker images
- Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default
- You can even run your own private registry
- When you use the docker pull or docker run commands, the required images are pulled from your configured registry
- When you use the docker push command, your image is pushed to your configured registry
Docker Lab
$ vagrant ssh
$ sudo su -
$ hostnamectl set-hostname docker.unixcloudfusion.in
$ hostnamectl set-hostname docker.unixcloudfusion.in
$ cat /etc/hosts
192.168.33.20 docker.unixcloudfusion.in
**** Download Docker
$ wget get.docker.com
$ cat index.html
$ rm -f index.html
$ rm -f index.html
**** Installing of docker c
$ curl -fsSL get.docker.com | sh
$ curl -fsSL get.docker.com | sh
$ systemctl status docker
$ systemctl start docker
$ systemctl enable docker
$ systemctl enable docker
$ usermod -aG docker vagrant
$ su vagrant
$ su vagrant
docker info
docker version
docker help
docker container ls
docker ps -a
docker run hello-world
** hub.docker.com -> docker repository
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
34bf1f33b482 hello-world "/hello" 5 minutes ago Exited (0) 5 minutes ago wizardly_spence
** Search images from registry ( docker hub)
docker search ubuntu
** Pull an image from a registry
docker pull centos:lastest
3c72a8ed6814: Pull complete
Digest: sha256:76d24f3ba3317fa945743bb3746fbaf3a0b752f10b10376960de01da70685fbd
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
docker run centos:latest whoami
root
docker run centos:latest w
docker run centos:latest date
** Interactive mode
** -i --> interactive keeps STDIN open
** -t --> tty allocate a pseduo TTY
docker run -i -t centos:latest /bin/bash
[root@6ee6f22ebdae /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 6ee6f22ebdae
docker stats
** Stop a running container through SIGTERM
docker stop centosvm1
docker stop centosvm1
** Delete an image
docker rm centosvm1
docker attach centosvm1 ** not recommended way to use attach docker
docker run -it --name centosvm2 centos:latest /bin/bash
docker pause centosvm2
docker unpuase centosvm2
docker restart ventosvm2
** Stop a running container through SIGKILL
docker kill centosvm2
** List all images that are locally stored with the Docker engine
docker images
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 3 months ago 215MB
hello-world latest bf756fb1ae65 11 months ago 13.3kB
** Delete an image from the local image store
docker rmi hello-world
[root@localhost ~]# docker rmi hello-world
Error response from daemon: conflict: unable to remove repository reference "hello-world" (must force) - container 34bf1f33b482 is using its referenced image bf756fb1ae65
** Failed .. first, remove hello container
docker rm 34bf1f33b482
docker rmi hello-world
[root@localhost ~]# docker rmi hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:e7c70bb24b462baa86c102610182e3efcb12a04854e8c582838d92970a09f323
Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b
docker run -it --name centosvm3 centos:latest
yum install -y which
yum install -y net-tools
docker diff centosvm3 ** difference after the base image of centos
docker commit centosvm3 centos-net
docker run -it --name custom-centos centos-net:latest
docker inspect centos-net
docker volume help
** Exec container
docker exec -it centosvm3 /bin/bash
** Access containir again
docker attach centosvm3
** Delete all container which stops state
docker container prune
** Delete all images
docker images prune -a
** Save Images into iso file
docker images
docker save -o mycentos.iso centosvm3
ls
** Load iso file into image in any other environment ( like usb and share folder )
docker load -i mycentos.iso
** How to Automate the process to create web server image and deploy container
mkdir nginx
cd nginx
<h1>Hello World</h1>
vi Dockerfile
FROM centos:latest
MAINTAINER ali.muhammad@yahoo.com
RUN yum install -y nginx
COPY index.html /usr/share/nginx/html
ENV JAVA_HOME=/usr/java/latest
EXPOSE 80
CMD ["ngix", "-g", "daemon off;"]
CMD ["echo", "Image created"]
docker build -t webserver:v1 .
docker images
docker run -d -p 80:80 webserver:v1 ** container detach mode
To exit a container and to leave it running use : CTRL-p CTRL-q
docker logs -tail 100 webserver:v1
** Create own registry
docker run -d -p 5000:5000 --restart=always --name registry registry:2
docker pull ubuntu:16.04 ** download from docker hub
docker images
docker tag ubuntu:16.04 localhost:5000/ubuntu-nonprod
docker push localhost:5000/ubuntu-nonprod
docker rmi ubuntu:16.04
docker rmi localhost:5000/ubuntu-nonprod
docker pull localhost:5000/ubuntu-nonprod
** Open site hub.docker.com and create own account
Docker ID : mali1969
Email:
Password:
docker login --username=mali1969
Password :
docker tag webserver:v1 mali1969/ifra-automation:webserver-nginx-image
docker push mali1969/infra-automation:webserver-nginx-image
DOCKER NETWORKING
Docker Container Networking
1. Default
- Bridge
- Host
- None
2. User-defined
docker network ls
NETWORK ID NAME DRIVER SCOPE
7d4acdf70879 bridge bridge local
58a93505bcec host host local
41d8819ffdeb none null local
docker network inspect bridge
[
{
"Name": "bridge",
"Id": "7d4acdf70879132a57d0c0ac0d6e2e51754f85165d151f5481ed3a3cb52f8116",
"Created": "2020-12-12T02:08:52.657934281Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
, , , , , ,
, , , , , ,
}
]
docker images
docker run -it webserver:v1
docker exec -it 2bc991329d75 bash
docker network create isolated_bridge
docker network ls
docker network inspect isloated_bridge
docker run -d --network isolated_bridge webserver:v1
docker network connect isloated_bridge trusting_hugle
docker network disconnect isolated_bridge trusting_hugle
docker stop <container id >
docker network rm isolated_bridge
docker network ls
DOCKER COMPOSE
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose -- version
docker-compose version 1.26.2, build eefe0d31
mkdir iac
cd iac
mkdir sshd ngnix mysql
vi docker-compose.yml
version: "2"
services:
sshd:
build: sshd
image: centos-sshd:latest
ports:
- "2222:22"
services:
nginx:
build: nginx
image: centos-nginx:latest
ports:
- "80:80"
services:
mysql:
build: mysql
image: centos-mysql:latest
ports:
- "3306:3306"
** only sshd
cd sshd
vi Dockerfile
FROM centos:lastest
RUN yum install -y openssh-server
RUN mkdir /var/run/sshd
RUN useradd -c "Student User" -m student
RUN echo "student:student" | chpasswd
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
cd ..
docker-compose up -d
ssh -p 2222 student@192.168.33.15
docker-compose down
docker logs registry
ls -ld /usr/local/bin/docker-compose
chown root:docker /usr/local/bin/docker-compose
cat /etc/passwd | grep student
ls -l /run/nologin
rm /run/nologin
Comments
Post a Comment