Slide 1
Slide 1 text
Ship it with
Docker
Slide 2
Slide 2 text
No content
Slide 3
Slide 3 text
http://www.docker.com/
Slide 4
Slide 4 text
https://github.com/slok/favorshare-dockerfiles
Slide 5
Slide 5 text
Properties
Slide 6
Slide 6 text
Dot cloud
V1 Python
V2 Golang
2013
*nix
Slide 7
Slide 7 text
What is it?
Slide 8
Slide 8 text
LXC on steroids
Portability
Encapsulation
Not VM
Lightweight
Slide 9
Slide 9 text
LXC
Kernel namespaces
Cgroups
Chroot
Slide 10
Slide 10 text
LXC
Kernel namespaces
Cgroups
Chroot
PID, mount, user,
network, UTS, IPC
isolation
Slide 11
Slide 11 text
LXC
Kernel namespaces
Cgroups
Chroot
Cpu, memory, disk I/O isolation
PID, mount, user,
network, UTS, IPC
isolation
Slide 12
Slide 12 text
LXC
Kernel namespaces
Cgroups
Chroot
Cpu, memory, disk I/O isolation
PID, mount, user,
network, UTS, IPC
isolation
File system isolation
Slide 13
Slide 13 text
Traditional VMs
Server
Host OS
Hypervisor
VM 1 VM 2 VM 3
Guest OS
/usr/bin, /usr/lib...
App
Guest OS
/usr/bin, /usr/lib...
App’
Guest OS
/usr/bin, /usr/lib...
App 2
Slide 14
Slide 14 text
Docker
Server
Host OS
/bin, /lib...
App 1
/bin, /lib...
Docker
App 1’ App 2 App 2’ App 2’’ App 3 App 3’
Slide 15
Slide 15 text
Docker
Server
Host OS
/bin, /lib...
App 1
/bin, /lib...
Docker
App 1’ App 2 App 2’ App 2’’ App 3 App 3’
That’s a Docker container
Slide 16
Slide 16 text
Docker
Server
Host OS
/bin, /lib...
App 1
/bin, /lib...
Docker
App 1’ App 2 App 2’ App 2’’ App 3 App 3’
That’s a Docker container
Shared FS with AUFS
Slide 17
Slide 17 text
Docker container
Kernel
LXC AUFS
Docker
Base image (Ubuntu)
Base image (CentOS)
Image (Nginx)
Image (Mysql)
Container
Container
Image (SSH)
Container
Slide 18
Slide 18 text
Docker container
Kernel
LXC AUFS
Docker
Base image (Ubuntu)
Base image (CentOS)
Image (Nginx)
Image (Mysql)
Container
Container
Image (SSH)
Container
Parent
references
Slide 19
Slide 19 text
AUFS
Layered FS
Share common FS
Mix RO & RW
Used to share between containers
http://aufs.sourceforge.net/
Slide 20
Slide 20 text
Installation
Slide 21
Slide 21 text
Linux >= 3.8
AUFS
LXC
Slide 22
Slide 22 text
Ubuntu 14.04 LTS
Docker 0.9.1
Slide 23
Slide 23 text
Ubuntu 14.04 LTS
Docker 0.9.1
Production
ready
1.0
http://docs.docker.com/installation/ubuntulinux/#ubuntu-trusty-1404-lts-64-bit
Slide 24
Slide 24 text
$ docker version
Client version: 1.0.1
Client API version: 1.12
Go version (client): go1.2.1
Git commit (client): 990021a
Server version: 1.0.1
Server API version: 1.12
Go version (server): go1.2.1
Git commit (server): 990021a
$ docker info
Containers: 0
Images: 0
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Dirs: 0
Execution Driver: native-0.2
Kernel Version: 3.13.0-30-generic
WARNING: No swap limit support
Slide 25
Slide 25 text
Terminology
Slide 26
Slide 26 text
Docker image
They don’t change
Read only layer
Used to build a container
A container in the future could be an image
Slide 27
Slide 27 text
Docker container
Running process
Self contained runtime env
Built with one or more images
commit changes to create image
At least needs a process in foreground
Slide 28
Slide 28 text
Index/registry
Private or public servers
upload their repos (Docker images)
Share
Analogy: Like a Github for docker images
Slide 29
Slide 29 text
Repository
Group of images (in a registry)
User type
Analogy: Like a Github repo with image(s)
Top level type
Slide 30
Slide 30 text
Repository
Group of images (in a registry)
User type
Analogy: Like a Github repo with image(s)
Top level type
slok/playpython
phusion/baseimage
ubuntu
redis
postgres
Slide 31
Slide 31 text
Basic stuff
Slide 32
Slide 32 text
Get base image(s)
https://registry.hub.docker.com/_/ubuntu/
$ docker pull ubuntu
Pulling repository ubuntu
463ff6be4238: Download complete
3db9c44f4520: Download complete
ea7d6801c538: Download complete
58faa899733f: Download complete
195eb90b5349: Download complete
c5881f11ded9: Download complete
ef83896b7fb9: Download complete
e54ca5efa2e9: Download complete
511136ea3c5a: Download complete
65b7e9ccb809: Download complete
f8dd6bd14f58: Download complete
a343823119db: Download complete
8a1d8569bf87: Download complete
3af9d794ad07: Download complete
f127542f0b61: Download complete
d7ac5e4f1812: Download complete
6cfa4d1f33fb: Download complete
bac448df371d: Download complete
e7d62a8128cf: Download complete
b7c6da90134e: Download complete
...
Slide 33
Slide 33 text
Get base image(s)
https://registry.hub.docker.com/_/ubuntu/
$ docker pull ubuntu
Pulling repository ubuntu
463ff6be4238: Download complete
3db9c44f4520: Download complete
ea7d6801c538: Download complete
58faa899733f: Download complete
195eb90b5349: Download complete
c5881f11ded9: Download complete
ef83896b7fb9: Download complete
e54ca5efa2e9: Download complete
511136ea3c5a: Download complete
65b7e9ccb809: Download complete
f8dd6bd14f58: Download complete
a343823119db: Download complete
8a1d8569bf87: Download complete
3af9d794ad07: Download complete
f127542f0b61: Download complete
d7ac5e4f1812: Download complete
6cfa4d1f33fb: Download complete
bac448df371d: Download complete
e7d62a8128cf: Download complete
b7c6da90134e: Download complete
...
Downloaded all the images (layers)
Slide 34
Slide 34 text
List images
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.10 58faa899733f 10 hours ago 196 MB
ubuntu utopic 58faa899733f 10 hours ago 196 MB
ubuntu precise ea7d6801c538 6 days ago 127.5 MB
ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
ubuntu raring 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
# du -sh /var/lib/docker/aufs/
1.6G /var/lib/docker/aufs/
Slide 35
Slide 35 text
List images
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.10 58faa899733f 10 hours ago 196 MB
ubuntu utopic 58faa899733f 10 hours ago 196 MB
ubuntu precise ea7d6801c538 6 days ago 127.5 MB
ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
ubuntu raring 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
# du -sh /var/lib/docker/aufs/
1.6G /var/lib/docker/aufs/
That’s 2727.5 MB
Slide 36
Slide 36 text
List images
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.10 58faa899733f 10 hours ago 196 MB
ubuntu utopic 58faa899733f 10 hours ago 196 MB
ubuntu precise ea7d6801c538 6 days ago 127.5 MB
ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
ubuntu raring 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
# du -sh /var/lib/docker/aufs/
1.6G /var/lib/docker/aufs/
That’s 2727.5 MB
Images have alias
Slide 37
Slide 37 text
Run container
$ docker run ubuntu:trusty /bin/echo "Hello world!"
Hello world!
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.10 58faa899733f 10 hours ago 196 MB
ubuntu utopic 58faa899733f 10 hours ago 196 MB
ubuntu precise ea7d6801c538 6 days ago 127.5 MB
ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
ubuntu raring 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
“echo hello world” didn’t change container’s state so no new image
Slide 38
Slide 38 text
Run container
$ docker run ubuntu:trusty /bin/echo "Hello world!"
Hello world!
Docker caches every command that you run in a container
The container needs a foreground process to keep running
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak
Slide 39
Slide 39 text
Run container
$ docker run ubuntu:trusty /bin/echo "Hello world!"
Hello world!
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak
The container finished so we use -a option
The container needs a foreground process to keep running
Docker caches every command that you run in a container
Slide 40
Slide 40 text
Run container
$ docker run ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
hello world
hello world
...
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover
We have a foreground process so the container keeps running
Foreground container & Foreground process inside container
Slide 41
Slide 41 text
Run container
$ docker run ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
hello world
hello world
...
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover
Manage the container with this ID
This keeps running until we stop
We have a foreground process so the container keeps running
Foreground container & Foreground process inside container
Slide 42
Slide 42 text
Run container in background
$ docker run -d ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
cffc463c6b4a8f830355c0c29434f3322c97b075e98a5081487b433c1462b8b2
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cffc463c6b4a ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute nostalgic_mcclintock
Background container & Foreground process inside container
We have a foreground process so the container keeps running
Slide 43
Slide 43 text
Container logs
$ docker logs d82fe57ca931
hello world
hello world
...
The logs are the foreground process STDOUT
Slide 44
Slide 44 text
Attach to a container
$ docker attach d82fe57ca931
hello world
hello world
...
Used to set the container as it was in Foreground
Real time
Slide 45
Slide 45 text
Stop a container
$ docker stop d82fe57ca931
d82fe57ca931
Slide 46
Slide 46 text
Images
Slide 47
Slide 47 text
Create own Redis container
Ubuntu 14.04 LTS base image
We could use a ready one: https://registry.hub.docker.com/_/redis/
Example
Slide 48
Slide 48 text
Interactive shell in container
$ docker run -i -t ubuntu:trusty /bin/bash
root@c220646d55c3:/#
/bin/bash is a trick to have an fg process and a shell inside the container
We have an interactive shell
Slide 49
Slide 49 text
Interactive shell in container
$ docker run -i -t ubuntu:trusty /bin/bash
root@c220646d55c3:/#
/bin/bash is a trick to have an fg process and a shell inside the container
We have an interactive shell
-i Sets STDIN when not attached too
-t Opens a PTY (Pseudo TTY)
Slide 50
Slide 50 text
Install Redis inside the container
$ docker run -i -t ubuntu:trusty /bin/bash
root@c220646d55c3:/# apt-get update
...
root@c220646d55c3:/# apt-get install redis-server
...
root@c220646d55c3:/# service redis-server start
...
root@c220646d55c3:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash
redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379
root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux
All is happening inside the container
Slide 51
Slide 51 text
Install Redis inside the container
$ docker run -i -t ubuntu:trusty /bin/bash
root@c220646d55c3:/# apt-get update
...
root@c220646d55c3:/# apt-get install redis-server
...
root@c220646d55c3:/# service redis-server start
...
root@c220646d55c3:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash
redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379
root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux
All is happening inside the container
Ready for use!
Slide 52
Slide 52 text
Create Image from a container
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik
Exited or running containers can be commited
773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660
$ docker commit c220646d55c3 slok/redis
Slide 53
Slide 53 text
Create Image from a container
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik
Exited or running containers can be commited
773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660
Container ID
$ docker commit c220646d55c3 slok/redis
Repository name = Image name = {USER}/{NAME}
Slide 54
Slide 54 text
Run the image
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
ubuntu utopic 58faa899733f 21 hours ago 196 MB
ubuntu 14.10 58faa899733f 21 hours ago 196 MB
...
$ docker run -i -t slok/redis /bin/bash
root@d51b771108ae# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux
Slide 55
Slide 55 text
Run the image
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
ubuntu utopic 58faa899733f 21 hours ago 196 MB
ubuntu 14.10 58faa899733f 21 hours ago 196 MB
...
$ docker run -i -t slok/redis /bin/bash
root@d51b771108ae# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux
BAD! We need redis process running!
$ docker run -d slok/redis /usr/bin/redis-server
fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b
Slide 56
Slide 56 text
Run the image
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
ubuntu utopic 58faa899733f 21 hours ago 196 MB
ubuntu 14.10 58faa899733f 21 hours ago 196 MB
...
$ docker run -i -t slok/redis /bin/bash
root@d51b771108ae# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux
BAD! We need redis process running!
$ docker run -d slok/redis /usr/bin/redis-server
fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b
Remember running the container in background
Slide 57
Slide 57 text
Check running container
$ docker logs fbf7a9cedd3
[1] 01 Jul 18:51:34.756 # Warning: no config file specified, using the default config. In order to specify a
config file use /usr/bin/redis-server /path/to/redis.conf
_._
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 2.8.4 (00000000/0) 64 bit
.-`` .-```. ```\/ _.,_ ''-._
( ' , .-` | `, ) Running in stand alone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 1
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
[1] 01 Jul 18:51:34.760 # Server started, Redis version 2.8.4
[1] 01 Jul 18:51:34.761 # WARNING overcommit_memory is set to 0! Background save may fail under low memory
condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the
command 'sysctl vm.overcommit_memory=1' for this to take effect.
[1] 01 Jul 18:51:34.761 * The server is now ready to accept connections on port 6379
Slide 58
Slide 58 text
Check running container
$ docker inspect fbf7a9cedd3 |grep -i ipaddress
"IPAddress": "172.17.0.8",
$ redis-cli -h 172.17.0.8 -p 6379
Slide 59
Slide 59 text
Check running container
$ docker inspect fbf7a9cedd3 |grep -i ipaddress
"IPAddress": "172.17.0.8",
$ redis-cli -h 172.17.0.8 -p 6379
BAD! We need to expose container ports!
$ docker stop fbf7a9cedd3
fbf7a9cedd3
$ docker run -d -p 16379:6379 slok/redis /usr/bin/redis-server
af5989ca5600aa51ac0441ddda0e595c2fdecaa59495a02c72767956bba47794
Expose container port and map public address on
port 16379 to private address 6379
Slide 60
Slide 60 text
Check running container
$ docker inspect af5989ca |grep -i ipaddress
"IPAddress": "172.17.0.9",
$ redis-cli -h 172.17.0.9 -p 6379
172.17.0.9:6379>
$ redis-cli -h 127.0.0.1 -p 16379
127.0.0.1:16379>
By default no ports are exposed, we need to use -p or -P
-P exposes all, -p one or more with XXXX or YYYY:XXXX format
Slide 61
Slide 61 text
Check running container
$ docker inspect af5989ca |grep -i ipaddress
"IPAddress": "172.17.0.9",
$ redis-cli -h 172.17.0.9 -p 6379
172.17.0.9:6379>
$ redis-cli -h 127.0.0.1 -p 16379
127.0.0.1:16379>
Public access to mapped port
Private access to container port
By default no ports are exposed, we need to use -p or -P
-P exposes all, -p one or more with XXXX or YYYY:XXXX format
Slide 62
Slide 62 text
Ports
Slide 63
Slide 63 text
Defaults
$ docker run -d slok/redis /usr/bin/redis-server
a14c64cd00d69e408da996375141ee9f8e9d85a67aa8015f6fdc3f5929aad365
# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
By default no ports are exposed
Exposed ports by default are to all hosts (0.0.0.0)
Exposed ports by default are TCP
Slide 64
Slide 64 text
Bind container port
$ docker run -d -p 12345:6379 slok/redis /usr/bin/redis-server
28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp
Used to map to a custom host port
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
tcp6 0 0 :::12345 :::* LISTEN 914/docker
Slide 65
Slide 65 text
Bind container port
$ docker run -d -p 12345:6379 slok/redis /usr/bin/redis-server
28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp
Used to map to a custom host port
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
tcp6 0 0 :::12345 :::* LISTEN 914/docker
Slide 66
Slide 66 text
Bind random port
$ docker run -d -p 6379 slok/redis /usr/bin/redis-server
62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::49153 :::* LISTEN 914/docker
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
Ports are published in random high number ports
Slide 67
Slide 67 text
Bind random port
$ docker run -d -p 6379 slok/redis /usr/bin/redis-server
62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::49153 :::* LISTEN 914/docker
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
Ports are published in random high number ports
Slide 68
Slide 68 text
Bind to specified host
$ docker run -d -p 127.0.0.1::6379 slok/redis /usr/bin/redis-server
252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp
252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp
$ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server
7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9
# netstat -ltnp | grep docker
tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker
tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker
Slide 69
Slide 69 text
Bind to specified host
$ docker run -d -p 127.0.0.1::6379 slok/redis /usr/bin/redis-server
252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp
252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp
$ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server
7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9
# netstat -ltnp | grep docker
tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker
tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker
Slide 70
Slide 70 text
Bind UDP port
$ docker run -d -p 44444:12345/udp ubuntu:14.04 /bin/nc -ul 12345
710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4
# sudo netstat -ltunp |grep docker
tcp6 0 0 :::55555 :::* LISTEN 914/docker
udp6 0 0 :::44444 :::* 914/docker
$ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345
92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp
710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp
Slide 71
Slide 71 text
Bind UDP port
$ docker run -d -p 44444:12345/udp ubuntu:14.04 /bin/nc -ul 12345
710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4
# sudo netstat -ltunp |grep docker
tcp6 0 0 :::55555 :::* LISTEN 914/docker
udp6 0 0 :::44444 :::* 914/docker
$ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345
92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp
710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp
Slide 72
Slide 72 text
Publish all ports
$ docker run -d -P slok/redis /usr/bin/redis-server
6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
Ports are published in random high number ports
-P maps all exposed ports in the container*
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::49153 :::* LISTEN 914/docker
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
Slide 73
Slide 73 text
Publish all ports
$ docker run -d -P slok/redis /usr/bin/redis-server
6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
Ports are published in random high number ports
-P maps all exposed ports in the container*
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::49153 :::* LISTEN 914/docker
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
Random high number mapped port available
Slide 74
Slide 74 text
Publish all ports
$ docker run -d -P slok/redis /usr/bin/redis-server
6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED PORTS
6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
Ports are published in random high number ports
-P maps all exposed ports in the container*
# netstat -ltnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
tcp6 0 0 :::49153 :::* LISTEN 914/docker
tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 1594/sshd
Random high number mapped port available
*Exposing ports are set in Dockerfiles
We’ll see later!
Slide 75
Slide 75 text
Linking
Slide 76
Slide 76 text
Differences with exposed ports
Used to link containers (using ports)
Ports only accessible by containers
We are using ports, but not exposed outside docker environment
Don’t need to know specific ports
More secure
Ports shared in environment vars
Slide 77
Slide 77 text
Give a name to the link
$ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
We need to expose ports in a Dockerfile
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
$ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
d205a37bcfdd ubuntu:14.04 /bin/bash checker
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
Slide 78
Slide 78 text
Give a name to the link
$ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
We need to expose ports in a Dockerfile
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
Name the first contaner for linking
$ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
d205a37bcfdd ubuntu:14.04 /bin/bash checker
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
Slide 79
Slide 79 text
Give a name to the link
$ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
We need to expose ports in a Dockerfile
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
Name the first contaner for linking
$ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
d205a37bcfdd ubuntu:14.04 /bin/bash checker
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
{LINK_CONTAINER_NAME} : {INTERNAL_ALIAS}
Slide 80
Slide 80 text
Give a name to the link
$ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
We need to expose ports in a Dockerfile
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
Name the first contaner for linking
$ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
$ docker ps
CONTAINER ID IMAGE COMMAND PORTS NAMES
d205a37bcfdd ubuntu:14.04 /bin/bash checker
576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
{LINK_CONTAINER_NAME} : {INTERNAL_ALIAS}
Linked!
Slide 81
Slide 81 text
Discover link inside container
$ docker run -d --name redis slok/redis /usr/bin/redis-server
5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
$ docker run ubuntu:14.04 env
HOME=/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4252df779431
$ docker run --name redis_checker --link redis:db ubuntu:14.04 env
HOME=/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=44ffc20b8b67
DB_PORT=tcp://172.17.0.37:6379
DB_PORT_6379_TCP=tcp://172.17.0.37:6379
DB_PORT_6379_TCP_ADDR=172.17.0.37
DB_PORT_6379_TCP_PORT=6379
DB_PORT_6379_TCP_PROTO=tcp
DB_NAME=/redis_checker/db
Use env vars to connect services (and/or /etc/hosts)
Slide 82
Slide 82 text
Discover link inside container
$ docker run -d --name redis slok/redis /usr/bin/redis-server
5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
$ docker run ubuntu:14.04 env
HOME=/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4252df779431
$ docker run --name redis_checker --link redis:db ubuntu:14.04 env
HOME=/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=44ffc20b8b67
DB_PORT=tcp://172.17.0.37:6379
DB_PORT_6379_TCP=tcp://172.17.0.37:6379
DB_PORT_6379_TCP_ADDR=172.17.0.37
DB_PORT_6379_TCP_PORT=6379
DB_PORT_6379_TCP_PROTO=tcp
DB_NAME=/redis_checker/db
Use env vars to connect services (and/or /etc/hosts)
Use the alias in uppercase as prefix for env vars
Slide 83
Slide 83 text
Using link inside container
$ docker run -d --name redis slok/redis /usr/bin/redis-server
5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
Env vars only visible by the first process in the container (CMD or ENTRY)
$ docker run -it slok/redis /bin/bash
root@55e3762daa10:/# redis-cli
Could not connect to Redis at 127.0.0.1:6379: Connection refused
docker run -it --link redis:db slok/redis /bin/bash
root@d5a1e38b5d4e:/# redis-cli -h $DB_PORT_6379_TCP_ADDR -p $DB_PORT_6379_TCP_PORT
172.17.0.37:6379> set "hello" "world"
OK
172.17.0.37:6379> get "hello"
"world"
172.17.0.37:6379>
Slide 84
Slide 84 text
Volumes
Slide 85
Slide 85 text
External FS to the container
Not AUFS
Used to persist data
Not destroyed with stopped container
Real time changes, no delay
Slide 86
Slide 86 text
Create a volume
$ docker run -it -v /tmp ubuntu:14.04 /bin/bash
root@02d027999022:/# touch /tmp/hello_world.txt
$ docker inspect 02d027999022 | grep \"Volumes\" -A 2
"Volumes": {
"/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d"
},
If the container is destroyed the volume is also destroyed
# ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
total 8
drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
drwx------ 11 root root 4096 Jul 3 12:52 ..
-rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt
Slide 87
Slide 87 text
Create a volume
$ docker run -it -v /tmp ubuntu:14.04 /bin/bash
root@02d027999022:/# touch /tmp/hello_world.txt
$ docker inspect 02d027999022 | grep \"Volumes\" -A 2
"Volumes": {
"/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d"
},
If the container is destroyed the volume is also destroyed
# ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
total 8
drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
drwx------ 11 root root 4096 Jul 3 12:52 ..
-rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt
Outside the container
Slide 88
Slide 88 text
Container state & volume
$ docker ps
CONTAINER ID IMAGE COMMAND STATUS NAMES
02d027999022 ubuntu:14.04 /bin/bash Exited (0) About a minute ago backstabbing_brown
The volumes persist even if the container is stopped
# ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
total 8
drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
drwx------ 11 root root 4096 Jul 3 12:52 ..
-rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt
$ docker stop 02d027999022
02d027999022
Slide 89
Slide 89 text
Mount custom directory
$ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
-rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
$ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
-rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
Real time FS, The FS is mounted
Slide 90
Slide 90 text
Mount custom directory
$ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
-rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
$ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
-rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
“/tmp/i_like_kfc” is outside the container
Real time FS, The FS is mounted
Slide 91
Slide 91 text
Mount custom directory
$ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
-rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
$ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
-rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
“/tmp/i_like_kfc” is outside the container
Created outside the container
Real time FS, The FS is mounted
Slide 92
Slide 92 text
Mount custom directory
$ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
-rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
$ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen
$ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
-rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
“/tmp/i_like_kfc” is outside the container
Created in the container
Created outside the container
Real time FS, The FS is mounted
Slide 93
Slide 93 text
Mount in read only mode
By default is mounted in RW mode
$ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash
root@02e4214a70a7:/# touch /tmp/i_dont_like_kfc
touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system
Slide 94
Slide 94 text
Mount in read only mode
By default is mounted in RW mode
$ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash
root@02e4214a70a7:/# touch /tmp/i_dont_like_kfc
touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system
Just add “ro”
Slide 95
Slide 95 text
Owner and permissions
$ whoami
vagrant
$ docker run -it -v /tmp/test:/tmp ubuntu:14.04 /bin/bash
root@10c8ababfe0d:/# touch /tmp/root_file
root@10c8ababfe0d:/# useradd slok
root@10c8ababfe0d:/# su slok
slok@10c8ababfe0d:/$ touch /tmp/user_file
slok@10c8ababfe0d:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file
slok@10c8ababfe0d:/$ ls -la /tmp/
total 8
drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 .
drwxr-xr-x 55 root root 4096 Jul 3 14:27 ..
-rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
-rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file
-rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file
$ ls -la /tmp/test
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 .
drwxrwxrwt 6 root root 4096 Jul 3 14:28 ..
-rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
-rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file
Slide 96
Slide 96 text
Owner and permissions
$ whoami
vagrant
$ docker run -it -v /tmp/test:/tmp ubuntu:14.04 /bin/bash
root@10c8ababfe0d:/# touch /tmp/root_file
root@10c8ababfe0d:/# useradd slok
root@10c8ababfe0d:/# su slok
slok@10c8ababfe0d:/$ touch /tmp/user_file
slok@10c8ababfe0d:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file
slok@10c8ababfe0d:/$ ls -la /tmp/
total 8
drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 .
drwxr-xr-x 55 root root 4096 Jul 3 14:27 ..
-rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
-rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file
-rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file
$ ls -la /tmp/test
total 8
drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 .
drwxrwxrwt 6 root root 4096 Jul 3 14:28 ..
-rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
-rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file
-rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file
Outside the container, the
owner (user) is the process
running user
In the container the owner
remains
Slide 97
Slide 97 text
Share volumes between containers
$ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py
$ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
root@491ad4c3df84:/# ls -la /opt/
total 12
drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
-rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
root@491ad4c3df84:/# python3 /opt/say_hello.py
Hello world
This is used to share directories across containers
There is a pattern called data volume container (Check patterns section)
Slide 98
Slide 98 text
Share volumes between containers
$ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py
Volume created!
$ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
root@491ad4c3df84:/# ls -la /opt/
total 12
drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
-rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
root@491ad4c3df84:/# python3 /opt/say_hello.py
Hello world
This is used to share directories across containers
There is a pattern called data volume container (Check patterns section)
Slide 99
Slide 99 text
Share volumes between containers
$ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py
Volume created!
$ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
root@491ad4c3df84:/# ls -la /opt/
total 12
drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
-rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
root@491ad4c3df84:/# python3 /opt/say_hello.py
Hello world
this container will mount all volumes from
“doge_container” container
This is used to share directories across containers
There is a pattern called data volume container (Check patterns section)
Slide 100
Slide 100 text
Share volumes between containers
System
Container(46293ef28846/
doge_container)
Container(491ad4c3df84)
/bin
/opt
/usr
/root
/bin
/opt
/usr
/root
/var/lib/docker/vfs/dir/
b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4
45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa
/usr
/opt
/home
Simple principle, mount directories from host OS to containers
...
...
...
...
Slide 101
Slide 101 text
Share volumes between containers
System
Container(46293ef28846/
doge_container)
Container(491ad4c3df84)
/bin
/opt
/usr
/root
/bin
/opt
/usr
/root
/var/lib/docker/vfs/dir/
b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4
45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa
/usr
/opt
/home
Simple principle, mount directories from host OS to containers
...
...
...
This was the volume creator, to mount his
volumes we need to use it as reference
with “volumes-from”
...
Slide 102
Slide 102 text
Dockerfiles
Slide 103
Slide 103 text
Automate
Build images
Easy update of images
easy share
Script composed by commands
Slide 104
Slide 104 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Slide 105
Slide 105 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Declaration
Slide 106
Slide 106 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Declaration
Actions(logic)
Slide 107
Slide 107 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Declaration
Actions(logic)
Configuration
Slide 108
Slide 108 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Declaration
Actions(logic)
Configuration
Run action
Slide 109
Slide 109 text
Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Update repos
RUN apt-get update
# Install redis
RUN apt-get install -y redis-server
# Expose Redis port 6379
EXPOSE 6379
CMD ["/usr/bin/redis-server"]
Dockerfile structure
Declaration
Actions(logic)
Configuration
Run action
Slide 110
Slide 110 text
Dockerfile facts
Instructions in order
Format: INSTRUCTION arguments
Use “#” for comments
First instruction is FROM
No case sensitive (std says instructions in uppercase)
Some instructions create a new layer
Slide 111
Slide 111 text
Dockerfile facts
Instructions in order
Format: INSTRUCTION arguments
Use “#” for comments
First instruction is FROM
No case sensitive (std says instructions in uppercase)
Some instructions create a new layer
Lets check the com
m
ands
Slide 112
Slide 112 text
Dockerfile
FROM ubuntu:14.04
...
Dockerfile command | FROM
Dockerfile
FROM slok/redis
...
The base image, tells docker where to start from building the image
Needs to be the first instruction in the Dockerfile
Dockerfile
FROM crosbymichael/python
...
If no tag is specified then “latest“ will be taken
Slide 113
Slide 113 text
Dockerfile command | MAINTAINER
Dockerfile
MAINTAINER Xabier Larrakoetxea
...
Sets the author of the Dockerfile
Dockerfile
MAINTAINER Doge wow
...
Dockerfile
MAINTAINER Chuck Norris
...
Slide 114
Slide 114 text
Dockerfile command | RUN
Dockerfile
RUN pip install django
...
Dockerfile
RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
...
Dockerfile
RUN ["wget", "http://python-distribute.org/distribute_setup.py"]
...
Creates a new layer
This layers are used as cache for other builds if they are the same
Executes actions/commands
Slide 115
Slide 115 text
Dockerfile command | RUN
Dockerfile
RUN pip install django
...
Dockerfile
RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
...
Dockerfile
RUN ["wget", "http://python-distribute.org/distribute_setup.py"]
...
Creates a new layer
This layers are used as cache for other builds if they are the same
Executes actions/commands
Uses /sh/bin -c {RUN_ARGUMENTS}
Uses exec format
Slide 116
Slide 116 text
Dockerfile command | ENV
Dockerfile
ENV LANG en_US.UTF-8
...
Sets env vars, this will be available for the next RUN instructions
the containers that run from the built image will have the env vars setted
Dockerfile
ENV APP_ENVIRONMENT sandbox
...
Dockerfile
ENV DOGE such_env_var
...
Slide 117
Slide 117 text
Dockerfile command | EXPOSE
Dockerfile
EXPOSE 9000
...
Dockerfile
EXPOSE 8125/udp
...
Dockerfile
EXPOSE 80:8080
...
Map private exposed ports to public ones when running the container
Never map public ports inside the Dockerfile
Slide 118
Slide 118 text
Dockerfile command | EXPOSE
Dockerfile
EXPOSE 9000
...
Dockerfile
EXPOSE 8125/udp
...
Dockerfile
EXPOSE 80:8080
...
Map private exposed ports to public ones when running the container
Never map public ports inside the Dockerfile
Private TCP port
Private UDP port
80 Private TCP port mapped to 8080 public TCP port
Slide 119
Slide 119 text
Dockerfile command | VOLUME
Dockerfile
VOLUME /data
...
Dockerfile
VOLUME ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"]
...
Dockerfile
EXPOSE /opt/data:/data
...
Mount public paths to private paths when running the container
Never mount public to paths inside the Dockerfile
Slide 120
Slide 120 text
Dockerfile command | VOLUME
Dockerfile
VOLUME /data
...
Dockerfile
VOLUME ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"]
...
Dockerfile
EXPOSE /opt/data:/data
...
Mount public paths to private paths when running the container
Never mount public to paths inside the Dockerfile
mount container /data in host /mnt/opt
Create multiple volumes
Create /data volume
Slide 121
Slide 121 text
Dockerfile command | ADD
After the first ADD instructions the next RUN instructions don’t cache
Dockerfile
ADD ./statsd_config.js /var/lib/statsd/config.js
...
If src is a tar archive, this will be copied and extracted
ADD is to magical, use COPY instead when not extracting is needed (v1.0>=)
Copy a relative (to dockerfile) file or directory into the image
Dockerfile
ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
...
Dockerfile
ADD /tar/apache-tomcat-7.0.47.tar.gz /opt
...
Slide 122
Slide 122 text
Dockerfile command | ADD
After the first ADD instructions the next RUN instructions don’t cache
Dockerfile
ADD ./statsd_config.js /var/lib/statsd/config.js
...
If src is a tar archive, this will be copied and extracted
ADD is to magical, use COPY instead when not extracting is needed (v1.0>=)
Copy a relative (to dockerfile) file or directory into the image
Dockerfile
ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
...
Dockerfile
ADD /tar/apache-tomcat-7.0.47.tar.gz /opt
... This will extract the archive in images /opt
Slide 123
Slide 123 text
Dockerfile command | COPY
Copy a relative (to dockerfile) file or directory into the image
After the first COPY instructions the next RUN instructions don’t cache
Similar to ADD
Dockerfile
ADD ./statsd_config.js /var/lib/statsd/config.js
...
Dockerfile
COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
...
Dockerfile
COPY /tar/apache-tomcat-7.0.47.tar.gz /opt
...
Slide 124
Slide 124 text
Dockerfile command | COPY
Copy a relative (to dockerfile) file or directory into the image
After the first COPY instructions the next RUN instructions don’t cache
Similar to ADD
Dockerfile
ADD ./statsd_config.js /var/lib/statsd/config.js
...
Dockerfile
COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
...
Dockerfile
COPY /tar/apache-tomcat-7.0.47.tar.gz /opt
... This will not extract the archive in images /opt
Slide 125
Slide 125 text
Dockerfile command | USER
Sets the UID to use when running the image
Sets the UID to use for any following RUN directives
Dockerfile
USER postgres
...
Dockerfile
USER nobody
...
Slide 126
Slide 126 text
Dockerfile command | WORKDIR
Sets the working directory for the RUN, CMD and ENTRYPOINT that follow it
Dockerfile
WORKDIR /etc/nginx
...
Dockerfile
WORKDIR /opt
...
WORKDIR virtualenvs
...
Could be use with absolute or relative paths
Slide 127
Slide 127 text
Dockerfile command | WORKDIR
Sets the working directory for the RUN, CMD and ENTRYPOINT that follow it
Dockerfile
WORKDIR /etc/nginx
...
Dockerfile
WORKDIR /opt
...
WORKDIR virtualenvs
...
Could be use with absolute or relative paths
This will end in /opt/virtualenvs
Slide 128
Slide 128 text
Dockerfile command | ONBUILD
Dockerfile
ONBUILD ADD . /src/app
ONBUILD RUN /usr/local/bin/python-build --dir /src/app
...
ONBUILD doesn’t affect this image built
Triggered when another image is built based on this one
Grand-child images doesn’t inherit this ONBUILD (Only direct ones)
Dockerfile
ONBUILD ADD . /opt/rails_demo
ONBUILD WORKDIR /opt/rails_demo
ONBUILD RUN rvm all do bundle install
ONBUILD CMD rvm all do bundle exec rails server
...
Slide 129
Slide 129 text
Dockerfile command | CMD
CMD could be overwritten when we exec docker run executable params...
Only one CMD entry per dockerfile
Used with ENTRYPOINT is very powerful
Dockerfile
CMD ["/usr/local/bin/diamond", "-f"]
...
Dockerfile
CMD echo "This is a test." | wc -
...
Dockerfile
CMD ["--help"]
...
Used to execute a command when running the container
Slide 130
Slide 130 text
Dockerfile command | CMD
CMD could be overwritten when we exec docker run executable params...
Only one CMD entry per dockerfile
Used with ENTRYPOINT is very powerful
Dockerfile
CMD ["/usr/local/bin/diamond", "-f"]
...
Dockerfile
CMD echo "This is a test." | wc -
...
Dockerfile
CMD ["--help"]
...
Used to execute a command when running the container
Array form: used like exec (Preferred form)
As shell (/bin/sh -c)
Used to pass params to ENTRYPOINT
Slide 131
Slide 131 text
Dockerfile command | ENTRYPOINT
ENTRYPOINT can’t be overwrite unlike CMD
Only one ENTRYPOINT entry per dockerfile
Used with CMD is very powerful
Pass params to ENTRYPOINT with docker run {image} -d ...
Dockerfile
ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"]
...
Dockerfile
ENTRYPOINT supervisor
...
Used to execute a command when running the container
Array form: used like exec (Preferred form)
As shell (/bin/sh -c)
Slide 132
Slide 132 text
Dockerfile command | ENTRYPOINT
ENTRYPOINT can’t be overwrite unlike CMD
Only one ENTRYPOINT entry per dockerfile
Used with CMD is very powerful
Pass params to ENTRYPOINT with docker run {image} -d ...
Dockerfile
ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"]
...
Dockerfile
ENTRYPOINT supervisor
...
Used to execute a command when running the container
Slide 133
Slide 133 text
Simple example
Slide 134
Slide 134 text
Nginx container
Ubuntu 14.04 LTS base image
We could use a ready one: https://registry.hub.docker.com/_/nginx/
Example
Slide 135
Slide 135 text
Structure
$ tree ./nginx
./nginx/
├── Dockerfile
└── nginx.conf
Slide 136
Slide 136 text
Nginx config file
nginx/nginx.conf
daemon off;
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Slide 137
Slide 137 text
Nginx config file
nginx/nginx.conf
daemon off;
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
This is needed to run the process as a docker container
Slide 138
Slide 138 text
Nginx Dockerfile
nginx/Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Install nginx
RUN sudo apt-get update
RUN sudo apt-get install -y nginx
VOLUME ["/etc/nginx", "/var/log/nginx"]
EXPOSE 80 443
COPY nginx.conf /etc/nginx/nginx.conf
# This image should only run nginx, don't allow command overwrite
ENTRYPOINT ["nginx"]
Slide 139
Slide 139 text
Nginx Dockerfile
nginx/Dockerfile
FROM ubuntu:14.04
MAINTAINER Xabier Larrakoetxea
# Install nginx
RUN sudo apt-get update
RUN sudo apt-get install -y nginx
VOLUME ["/etc/nginx", "/var/log/nginx"]
EXPOSE 80 443
COPY nginx.conf /etc/nginx/nginx.conf
# This image should only run nginx, don't allow command overwrite
ENTRYPOINT ["nginx"]
We could change the settings and add new
websites without rebuilding the image
Slide 140
Slide 140 text
Build the image
$ docker build -t slok/nginx ./nginx
Sending build context to Docker daemon 4.096 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:14.04
---> e54ca5efa2e9
Step 1 : MAINTAINER Xabier Larrakoetxea
---> Using cache
---> f92949757538
Step 2 : RUN sudo apt-get update
---> Using cache
---> 83553dd447a8
Step 3 : RUN sudo apt-get install -y nginx
---> Using cache
---> 81d073ef2959
Step 4 : VOLUME ["/etc/nginx", "/var/log/nginx"]
---> Using cache
---> d7bebdea21bc
Step 5 : EXPOSE 80 443
---> Using cache
---> 884a359171c5
Step 6 : COPY nginx.conf /etc/nginx/nginx.conf
---> 9367bdddab92
Removing intermediate container 421ee775b2ac
Step 7 : ENTRYPOINT ["nginx"]
---> Running in 720a2e174332
---> 6656d268c150
Removing intermediate container 720a2e174332
Successfully built 6656d268c150
Slide 141
Slide 141 text
Run the image (container)
$ docker run -d -p 10080:80 slok/nginx
e55dd17a1b586f407d41eb93eaaf561c9f32609a7eab6e29c41e5f4dc50f3ebc
$ curl 192.168.100.55:10080
Welcome to nginx!
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
Slide 142
Slide 142 text
Check persisten data
$ docker ps -aq
e55dd17a1b58
$ docker inspect e55dd17a1b58 | grep -A 3 Volumes
"Volumes": {
"/etc/nginx": "/var/lib/docker/vfs/dir/f58bfb50312f75adbe51b7504230c69a8a3e098afa5943becbfc3b89b9547b6e",
"/var/log/nginx": "/var/lib/docker/vfs/dir/faaa961e95ea51c49af5b27093a56f177a2341da8e11b061d80f34348d09ef36"
},
$ cat /var/lib/docker/vfs/dir/faaa961e.../access.log
192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36"
192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET /favicon.ico HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36"
192.168.100.55 - - [06/Jul/2014:16:28:08 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0"
192.168.100.55 - - [06/Jul/2014:16:29:18 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0"
Slide 143
Slide 143 text
Docker hub
Slide 144
Slide 144 text
Share images
Deploy hook
Automated builds
https://hub.docker.com
Slide 145
Slide 145 text
Login
$ docker login
Username: slok
Password:
Email: [email protected]
Login Succeeded
Slide 146
Slide 146 text
Search
$ docker search slok
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
slok/nginx 0 [OK]
slok/playpython 0
$ docker search python
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedora/python 18 [OK]
parente/ipython-notebook IPython Notebook plus pandas, matplotlib, ... 8
parente/ipython IPython 2.0 containerized and configured t... 5 [OK]
mythmon/python-dev A base to start from for running Python apps. 4 [OK]
google/python-runtime 4 [OK]
dockerfile/python Trusted Python (https://www.python.org/) B... 4 [OK]
python Python is a widely used general-purpose, h... 3
scivm/scientific-python-2.7 Scientific Python 2.7 Ubuntu 12.04- Numpy,... 3 [OK]
crosbymichael/ipython 3 [OK]
scivm/scientific-python-3.3 Scientific Python 3.3 Ubuntu 12.04 Numpy, ... 2 [OK]
google/python 2 [OK]
Slide 147
Slide 147 text
Pull
$ docker pull dockerfile/python
Pulling repository dockerfile/python
f86d6993fc7b: Download complete
511136ea3c5a: Download complete
5e66087f3ffe: Download complete
4d26dd3ebc1c: Download complete
d4010efcfd86: Download complete
99ec81b80c55: Download complete
b261bc65cd23: Download complete
42404685406e: Download complete
6cc69450fe19: Download complete
efc4fbcd007f: Download complete
2baeb2edbf92: Download complete
ecd5c1cc18ac: Download complete
1f089cc15e82: Download complete
9f3000270ba2: Download complete
4b49b0b7aa4c: Download complete
8229e90e517b: Download complete
$ docker pull dockerfile/python
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
dockerfile/python latest f86d6993fc7b 6 weeks ago 643.8 MB
Slide 148
Slide 148 text
Push
$ docker push slok/nginx2
The push refers to a repository [slok/nginx2] (len: 1)
Sending image list
Pushing repository slok/nginx2 (1 tags)
511136ea3c5a: Image already pushed, skipping
d7ac5e4f1812: Image already pushed, skipping
2f4b4d6a4a06: Image already pushed, skipping
83ff768040a0: Image already pushed, skipping
6c37f792ddac: Image already pushed, skipping
e54ca5efa2e9: Image already pushed, skipping
f92949757538: Image successfully pushed
83553dd447a8: Image successfully pushed
81d073ef2959: Image successfully pushed
d7bebdea21bc: Image successfully pushed
884a359171c5: Image successfully pushed
9367bdddab92: Image successfully pushed
6656d268c150: Image successfully pushed
Pushing tag for rev [6656d268c150] on {https://registry-1.docker.io/v1/repositories/slok/nginx2/tags/latest}
Slide 149
Slide 149 text
Automated builds
Other type of docker repo
Don’t push images
Refer to Dockerfile repositories
Automatic builds when pushed changes
http://docs.docker.com/docker-hub/builds/
Slide 150
Slide 150 text
Patterns
Slide 151
Slide 151 text
Data only container
Data in a separate container
No data in app containers
Not attached to an image(easy upgrade)
http://www.offermann.us/2013/12/tiny-docker-pieces-loosely-joined.html
Slide 152
Slide 152 text
Data only container | differences
System
Postgresql
container
/var/lib/docker/vfs/dir/...
/data
b7eb1d8264db8716c0a536e0c776...
...
Classic approach
volume
Slide 153
Slide 153 text
Data only container | differences
System
Postgresql
container
/var/lib/docker/vfs/dir/...
/data
b7eb1d8264db8716c0a536e0c776...
...
Classic approach
System
Postgresql-data
container
/var/lib/docker/vfs/dir/...
/data
b7eb1d8264db8716c0a536e0c776...
...
Data volume container approach
volume
volume
Postgresql
container
/data
...
volumes-from
Slide 154
Slide 154 text
Data only container | data container
Dockerfile
FROM busybox
MAINTAINER Xabier Larrakoetxea
# Create data directory
RUN mkdir /data
# postgres UID = 102 & GID = 106
RUN chown 102:106 /data
RUN chmod 700 /data
# Create
VOLUME /data
$ docker build -t postgresql-data ./postgresql-data/
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM busybox
---> a9eb17255234
Step 1 : MAINTAINER Xabier Larrakoetxea
---> Running in ad624b14dfbb
---> c303826067b8
Removing intermediate container ad624b14dfbb
Step 2 : RUN mkdir /data
---> Running in 11ad80bac58f
---> cf5c27ebbfe7
Removing intermediate container 11ad80bac58f
Step 3 : VOLUME /data
---> Running in 0fc55525bf62
---> b3c6cd1d3343
Removing intermediate container 0fc55525bf62
Successfully built b3c6cd1d3343
Slide 155
Slide 155 text
Data only container | data container
$ docker run -d --name postgresql-data postgresql-data
fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
fa64af762647 postgresql-data:latest /bin/sh 50 seconds ago Exited (0) postgresql-data
Remember! volumes persist with stopped containers too, that’s the key
$ docker run -d --name postgresql-data -v /var/lib/postgresql busybox
99a239a8aca33baac21c897f7ce1342866517f1f30fdac4c28108c28de1b707b
Same result but without using Dockerfiles, although using Dockerfiles is
encourage
Slide 156
Slide 156 text
Data only container | app container
Dockerfile
FROM ubuntu
MAINTAINER Xabier Larrakoetxea
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
RUN apt-get update
RUN apt-get -y -q install python-software-properties software-properties-common
RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
USER postgres
RUN /etc/init.d/postgresql start &&\
psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'docker';" &&\
createdb -O docker docker
# Cofigure the database to use our data dir.
RUN sed -i -e"s/data_directory =.*$/data_directory = '\/data'/" /etc/postgresql/9.3/main/postgresql.conf
RUN echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf
RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf
EXPOSE 5432
VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"]
CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c",
"config_file=/etc/postgresql/9.3/main/postgresql.conf"]
Slide 157
Slide 157 text
Data only container | run
$ docker run --volumes-from postgresql-data postgresql /usr/lib/postgresql/9.3/bin/initdb -D /data
fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d
$ docker run -d --name postgresql-data postgresql-data
f2392b5be7cc83368c458d00e1ce7d23306b91b274aba22edc0b20e088b2024b
1st run the data container(We made previously) only the first time
2nd run the app container but initializing the database (will exit) only the first time
$ docker run -d --volumes-from postgresql-data postgresql
fa67e31dc8782c8e82933540a1aaa0c1a6a03d2c565b57d700a58f623d3c6504
Run the app container(Init postgres database)
Slide 158
Slide 158 text
Layer cache
Dockerfile
FROM busybox
MAINTAINER Xabier Larrakoetxea
RUN echo "Layer 1"
RUN echo "Layer 2"
RUN echo "Layer 3"
RUN echo "Layer 4"
RUN echo "Layer 5"
COPY text.txt /tmp/test.txt
RUN echo "Layer 6"
RUN echo "Layer 7"
Dockerfile
FROM busybox
MAINTAINER Xabier Larrakoetxea
RUN echo "Layer 1"
RUN echo "Layer 2"
RUN echo "Layer 3"
RUN echo "Layer 4"
RUN echo "Layer 5"
COPY text.txt /tmp/test.txt
RUN echo "Layer 6"
RUN echo "Layer 7"
a9eb17255234
c303826067b8
917ba27e3824
7e2f54c9001e
5d913400970e
eb97fe6a3755
dc390db50bd4
37aab9a11217
e27033af6e6b
56e45baa15ba
d8f5c77247c0
7a317623daf8
edbc8e088d19
Slide 159
Slide 159 text
Layer cache
$ docker build ./test
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM busybox
---> a9eb17255234
Step 1 : MAINTAINER Xabier Larrakoetxea
---> Using cache
---> c303826067b8
Step 2 : RUN echo "Layer 1"
---> Using cache
---> 917ba27e3824
Step 3 : RUN echo "Layer 2"
---> Using cache
---> 7e2f54c9001e
Step 4 : RUN echo "Layer 3"
---> Using cache
---> 5d913400970e
Step 5 : RUN echo "Layer 4"
---> Using cache
---> eb97fe6a3755
Step 6 : RUN echo "Layer 5"
---> Using cache
---> dc390db50bd4
Step 7 : COPY text.txt /tmp/test.txt
---> d8f5c77247c0
Removing intermediate container 5c7feddd3486
Step 8 : RUN echo "Layer 6"
---> Running in 7a317623daf8
Layer 6
---> 2befdb0f5c9d
Removing intermediate container 7a317623daf8
Step 9 : RUN echo "Layer 7"
---> Running in edbc8e088d19
Layer 7
---> 1fee9b728152
Removing intermediate container edbc8e088d19
Successfully built 1fee9b728152
Not cached
Cached
Slide 160
Slide 160 text
Base image reuse
Ubuntu
Python Ruby JDK
Tomcat
Postgres Mysql Redis
Base
Nginx
RoR
Django
My_app
Ansible
Graphite Gitlab
Gitlab
Slide 161
Slide 161 text
Single app VS multiple app container
Single container
Container groups
Separate containers
Slide 162
Slide 162 text
Single container
System
container
/var/lib/docker/vfs/dir/...
b7eb1d8264db8716c0a536e0c776...
volume
Used in devboxes (Vagrant) and CI purpouse (Jenkins)
Don’t use for production
FS
/usr
...
/lib
...
Supervisor
/root
/opt
/var
postgres nginx
redis uwsgi
workers workers
Use supervisor or monit to manage all the containers
Slide 163
Slide 163 text
Container groups
System
App container
/var/lib/docker/vfs/dir/...
b7eb1d8264db8716c0a536e0c776...
volume
Used in production and CI purpouse (Jenkins)
FS
/usr
...
/lib
...
Supervisor
nginx uwsgi
Use supervisor or monit to manage all the containers
db container
FS
/usr
...
/lib
Supervisor
redis postgres
volume
Easy management
Slide 164
Slide 164 text
Separate containers
System
nginx container
/var/lib/docker/vfs/dir/...
b7eb1d8264db8716c0a536e0c776...
Used in production
FS
...
...
nginx
Big granularity, flexible
uwsgi container
FS
...
uswgi
postgres container
FS
...
postgres
Link
Link
redis container
FS
...
redis
Link
Easy image update
Slide 165
Slide 165 text
Tips
Slide 166
Slide 166 text
Stop all the containers
$ docker stop `docker ps -aq`
c9a227990860
4c9b8825dd10
c6246e2bf765
425a71780337
17cc7e13c1ed
17ceee72c3e0
38436e110396
491ad4c3df84
46293ef28846
d8d6a3ccbcbf
3820a01f10ae
Slide 167
Slide 167 text
Delete all the containers
$ docker rm `docker ps -aq`
c9a227990860
4c9b8825dd10
c6246e2bf765
425a71780337
17cc7e13c1ed
17ceee72c3e0
38436e110396
491ad4c3df84
46293ef28846
d8d6a3ccbcbf
3820a01f10ae
Destructive command!
Also deletes the volumes!
Slide 168
Slide 168 text
Delete untagged images
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
3fddf4b9ccd0 27 minutes ago 299.1 MB
daf1d121e239 7 hours ago 6.255 MB
11f47fb8a321 8 hours ago 6.57 MB
f644d2c20728 8 hours ago 6.57 MB
slok/redis2 latest c2c45026cfb8 3 days ago 283 MB
$ docker rmi `docker images |grep "" | awk '{print $3}'`
Deleted: 3fddf4b9ccd0d91d2469f0afb7b8e458638375a24cb9f4742b91744a66b5ad9a
Deleted: 3a448f3b216270a4ea8f2ad39d4d78287cfa3b7ec933f88723d87ceee385e4a4
Deleted: 20aab9c6ed98d6db4c9d3824dc6243c12f6e03cd8dd0bcbef5f3ff97d715fc44
Deleted: c0fac7a083b58b0a5ed818f01c2efb4901ef5bf88f3154b05d79df5fb65c3433
Deleted: b5d683eefda9fa3d07eb4e0b85d09873e61702fb934f5a3c92b0c15b6b67340a
Deleted: daf1d121e23966a7a0b8fc6ecf5b87e944d582f7f722e989e5472cf52d1653e3
Deleted: 11f47fb8a3219e01f4585577d53687eb404eda2128106960a10a8d5cd1d7e714
Deleted: 18b65d678d9f2047ce6423258de8eaaf37107a09abe3a2aaff30b367bd01570c
Deleted: e37a502f8fba1a3406b2a3fce2a55d82059a77eb266a793d2243efcec62f9a4f
Deleted: 954a4be53ea4b2253739d511daf78ec621b4411af79c68cb1338ae2e54267762
Deleted: f644d2c20728195956e1e4ead8cdae964444ef7a62ddb32cd1db668ce19f2fbc
Deleted: a275efe6feed558e1521f269c356bfa4d3c112de456ec624eb0926eb24d64078
Deleted: e62491d8568fd34019de4e7bbdb3d81cad9ed0bd8796c236166a124949035791
Destructive command!
Slide 169
Slide 169 text
Thank you
Slide 170
Slide 170 text
Questions
Slide 171
Slide 171 text
Kudos
Slide 172
Slide 172 text
Icons: Entypo, Flaticons, Octicons
Typography: Google web fonts
OS Logos: http://commons.wikimedia.org
Github: https://github.com
Google docs: https://docs.google.com
Docker: https://docs.docker.com
Docker guide: http://kencochrane.net
Syntax highligter: http://markup.su/highlighter/
Slide 173
Slide 173 text
Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
http://xlarrakoetxea.org