05 - Docker - Containers

 Docker - Containers

- Container is operating system-level virtualization  ( Linux Kernal )

  • Allow for multiple isolated user-space instances called containers
  • They share a single kernel
  • Can be added or removed any times

- Containers consist of a self-contained Linux file system

  • Can be from any Linux distribution which is compatible with the host kernel
  • Usually contain a single application such as a server

- Operating 

  • Is often used in Cloud Computing


Docker Architecture

Docker is available in two editions:

  • Community Edition (CE) - open-source
  • Enterprise Edition (EE)

Docker uses a client-server architecture

  • Client
    • REST API  (  the primary user interface which communicates )
      • Over HTTP
      • Over local Unix Socket
    • Docker CLI
      • docker build
      • docker pull
      • docker run

  • Servers (Docker_Host)
    • Is the Docker daemon
    • Responsible for building, running, and distributing containers
    • Docker daemon
    • Container
    • Images

  • Registry (docker.io , DockerHub)
    • Responsible for the storage, management, and delivery of Docker images
    • Docker Hub
    • Private
    • Other Vendor


Docker Images and Containers

  • Docker images are read-only templates
    • Foundation is a simplified version of the Linux operating system
    • Changes to foundation, such as application installations added to the Image
    • Images are the templates or build commands for Docker
  • Docker containers are running environments
    • Has OS, environment, program, network, etc.
    • Runs (probably one) application
    • All required software contained in image
    • Can have boot-up configuration
    • They can be run, started, stopped, and deleted

Docker Images

  • Docker images are built in layers
    • Each layer is a file system
    • The layers are combined in a union file system to make a single image
    • o Images are the build component of Docker
  • Images start from a base image
    • Foundation is usually a specifically prepared Linux operating system
      • Custom base images can also be created
    • Docker Image is then built by adding layers:
      • Interactively
      • Defined in a directive file called a “Dockerfile” 
Docker Containers

The docker ‘run’ command starts a container based on a named Docker Image
  • Docker first looks for a local copy of the image
    • If it does not exist it is pulled from a Docker Registry
      • The default Registry is the Docker Hub Registry
    • A new container is created using the file system from the image
    • A read-write layer is added to the top of the file system
    • A network interface is created and an IP address is assigned from a pool
    • Standard input, output, and error streams are connected
    • A specified application is executed
  • Docker container appears as a child of the daemon process, ms are connected

Docker Registries
  • A Docker registry stores Docker images
  • Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default
  • You can even run your own private registry
  • When you use the docker pull or docker run commands, the required images are pulled from your configured registry
  • When you use the docker push command, your image is pushed to your configured registry


Docker Lab

$ vagrant ssh
$ sudo su -
$ hostnamectl set-hostname docker.unixcloudfusion.in

$ cat /etc/hosts
  192.168.33.20  docker.unixcloudfusion.in

**** Download Docker
$ wget get.docker.com

$ cat index.html
$ rm -f index.html

**** Installing of docker c
$ curl -fsSL get.docker.com | sh            

$ systemctl status docker
$ systemctl start docker
$ systemctl enable docke
r

$ usermod -aG docker vagrant
$ su vagrant

docker info
docker version
docker help
docker container ls
docker ps -a

docker run hello-world
**  hub.docker.com   -> docker repository

docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
34bf1f33b482        hello-world         "/hello"            5 minutes ago       Exited (0) 5 minutes ago                       wizardly_spence


** Search images from registry ( docker hub)
docker search ubuntu


** Pull an image from a registry
docker pull centos:lastest
3c72a8ed6814: Pull complete
Digest: sha256:76d24f3ba3317fa945743bb3746fbaf3a0b752f10b10376960de01da70685fbd
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest


docker run centos:latest whoami
    root

docker run centos:latest w
docker run centos:latest date


** Interactive mode
** -i --> interactive keeps STDIN open
** -t --> tty allocate a pseduo TTY
docker run -i -t centos:latest /bin/bash
     [root@6ee6f22ebdae /]# cat /etc/hosts
     127.0.0.1       localhost
     ::1     localhost ip6-localhost ip6-loopback
     fe00::0 ip6-localnet
     ff00::0 ip6-mcastprefix
     ff02::1 ip6-allnodes
     ff02::2 ip6-allrouters
     172.17.0.2      6ee6f22ebdae

docker stats

docker run -it --name centosvm1 centos:latest /bin//bash

** Stop a running container through SIGTERM
docker stop centosvm1


** Delete an image
docker rm centosvm1

docker attach centosvm1   ** not recommended way to use attach docker

docker run -it --name centosvm2 centos:latest /bin/bash
docker pause centosvm2
docker unpuase centosvm2

docker restart ventosvm2

** Stop a running container through SIGKILL 
docker kill centosvm2  

** List all images that are locally stored with the Docker engine
docker images
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              latest              0d120b6ccaa8        3 months ago        215MB
hello-world         latest              bf756fb1ae65        11 months ago       13.3kB


** Delete an image from the local image store
docker rmi hello-world
[root@localhost ~]# docker rmi hello-world
Error response from daemon: conflict: unable to remove repository reference "hello-world" (must force) - container 34bf1f33b482 is using its referenced image bf756fb1ae65


 ** Failed .. first, remove hello container
docker rm 34bf1f33b482
docker rmi hello-world
[root@localhost ~]# docker rmi hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:e7c70bb24b462baa86c102610182e3efcb12a04854e8c582838d92970a09f323
Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b


docker run -it --name centosvm3 centos:latest
yum install -y which
yum install -y net-tools

docker diff centosvm3    ** difference after the base image of centos
docker commit centosvm3 centos-net

docker run -it --name custom-centos centos-net:latest

docker inspect centos-net

docker volume help

** Exec container 
docker exec -it centosvm3 /bin/bash

** Access containir again
docker attach centosvm3

** Delete all container which stops state
docker container prune

** Delete all images
docker images prune -a

** Save Images into iso file
docker images
docker save -o  mycentos.iso centosvm3
ls

** Load iso file into image in any other environment ( like usb and share folder )
docker load -i mycentos.iso


** How to Automate the process to create web server image and deploy container


mkdir nginx
cd nginx

vi index.html
<h1>Hello World</h1>
  
vi Dockerfile
FROM centos:latest
MAINTAINER ali.muhammad@yahoo.com
RUN yum install -y nginx 
COPY index.html /usr/share/nginx/html
ENV JAVA_HOME=/usr/java/latest
EXPOSE 80 
CMD ["ngix", "-g", "daemon off;"]
        CMD ["echo", "Image created"]

docker build -t webserver:v1 .
docker images
docker run -d -p 80:80 webserver:v1    ** container detach mode

To exit a container and to leave it running use : CTRL-p CTRL-q

docker logs -tail 100 webserver:v1

** Create own registry
docker run -d -p 5000:5000 --restart=always --name registry registry:2

docker pull ubuntu:16.04   ** download from docker hub
docker images

docker tag ubuntu:16.04 localhost:5000/ubuntu-nonprod

docker push localhost:5000/ubuntu-nonprod

docker rmi ubuntu:16.04
docker rmi localhost:5000/ubuntu-nonprod

docker pull localhost:5000/ubuntu-nonprod


** Open site hub.docker.com and create own account
Docker ID : mali1969
Email: 
Password:

docker login --username=mali1969
  Password :


docker tag webserver:v1 mali1969/ifra-automation:webserver-nginx-image
docker push mali1969/infra-automation:webserver-nginx-image


DOCKER NETWORKING

Docker Container Networking
1. Default
- Bridge
- Host
- None
2. User-defined


docker network ls
NETWORK ID      NAME          DRIVER        SCOPE
7d4acdf70879        bridge            bridge              local
58a93505bcec        host               host                  local
41d8819ffdeb        none               null                  local

docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "7d4acdf70879132a57d0c0ac0d6e2e51754f85165d151f5481ed3a3cb52f8116",
        "Created": "2020-12-12T02:08:52.657934281Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }

, , , , , ,
, , , , , ,    
    }
]

docker images
docker run -it webserver:v1
docker exec -it 2bc991329d75 bash

docker network create isolated_bridge
docker network ls

docker network inspect isloated_bridge

docker run -d --network isolated_bridge webserver:v1

docker network connect isloated_bridge trusting_hugle
docker network disconnect isolated_bridge trusting_hugle

docker stop  <container id >
docker network rm isolated_bridge
docker network ls


DOCKER COMPOSE

sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

docker-compose -- version
    docker-compose version 1.26.2, build eefe0d31
mkdir iac
cd iac
        mkdir sshd ngnix mysql

vi docker-compose.yml
version:  "2"
services:
  sshd:
build:  sshd
image:  centos-sshd:latest
ports:
  - "2222:22"

               services:
  nginx:
build:  nginx
image:  centos-nginx:latest
ports:
  - "80:80"
    
               services:
  mysql:
build:  mysql
image:  centos-mysql:latest
ports:
  - "3306:3306"
** only sshd
cd sshd
vi Dockerfile
FROM centos:lastest
RUN yum install -y openssh-server
RUN mkdir /var/run/sshd
RUN useradd -c "Student User" -m student
RUN echo "student:student" | chpasswd
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

cd ..
docker-compose up -d 
ssh -p 2222 student@192.168.33.15
docker-compose down
docker logs registry

ls -ld /usr/local/bin/docker-compose
chown root:docker /usr/local/bin/docker-compose

cat /etc/passwd | grep student
ls -l /run/nologin
rm /run/nologin

Comments

Popular posts from this blog

08 - PUPPET - Configuration Management

06 - Docker Swarm - Container Orchestration