Ship it with Docker!

Transcript

1. Ship it with Docker

2. None

3. http://www.docker.com/

4. https://github.com/slok/favorshare-dockerfiles

5. Properties

6. Dot cloud V1 Python V2 Golang 2013 *nix

7. What is it?

8. LXC on steroids Portability Encapsulation Not VM Lightweight

9. LXC Kernel namespaces Cgroups Chroot

10. LXC Kernel namespaces Cgroups Chroot PID, mount, user, network, UTS,

    IPC isolation

11. LXC Kernel namespaces Cgroups Chroot Cpu, memory, disk I/O isolation

    PID, mount, user, network, UTS, IPC isolation

12. LXC Kernel namespaces Cgroups Chroot Cpu, memory, disk I/O isolation

    PID, mount, user, network, UTS, IPC isolation File system isolation

13. Traditional VMs Server Host OS Hypervisor VM 1 VM 2

    VM 3 Guest OS /usr/bin, /usr/lib... App Guest OS /usr/bin, /usr/lib... App’ Guest OS /usr/bin, /usr/lib... App 2

14. Docker Server Host OS /bin, /lib... App 1 /bin, /lib...

    Docker App 1’ App 2 App 2’ App 2’’ App 3 App 3’

15. Docker Server Host OS /bin, /lib... App 1 /bin, /lib...

    Docker App 1’ App 2 App 2’ App 2’’ App 3 App 3’ That’s a Docker container

16. Docker Server Host OS /bin, /lib... App 1 /bin, /lib...

    Docker App 1’ App 2 App 2’ App 2’’ App 3 App 3’ That’s a Docker container Shared FS with AUFS

17. Docker container Kernel LXC AUFS Docker Base image (Ubuntu) Base

    image (CentOS) Image (Nginx) Image (Mysql) Container Container Image (SSH) Container

18. Docker container Kernel LXC AUFS Docker Base image (Ubuntu) Base

    image (CentOS) Image (Nginx) Image (Mysql) Container Container Image (SSH) Container Parent references

19. AUFS Layered FS Share common FS Mix RO & RW

    Used to share between containers http://aufs.sourceforge.net/

20. Installation

21. Linux >= 3.8 AUFS LXC

22. Ubuntu 14.04 LTS Docker 0.9.1

23. Ubuntu 14.04 LTS Docker 0.9.1 Production ready 1.0 http://docs.docker.com/installation/ubuntulinux/#ubuntu-trusty-1404-lts-64-bit

24. $ docker version Client version: 1.0.1 Client API version: 1.12

    Go version (client): go1.2.1 Git commit (client): 990021a Server version: 1.0.1 Server API version: 1.12 Go version (server): go1.2.1 Git commit (server): 990021a $ docker info Containers: 0 Images: 0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 0 Execution Driver: native-0.2 Kernel Version: 3.13.0-30-generic WARNING: No swap limit support

25. Terminology

26. Docker image They don’t change Read only layer Used to

    build a container A container in the future could be an image

27. Docker container Running process Self contained runtime env Built with

    one or more images commit changes to create image At least needs a process in foreground

28. Index/registry Private or public servers upload their repos (Docker images)

    Share Analogy: Like a Github for docker images

29. Repository Group of images (in a registry) User type Analogy:

    Like a Github repo with image(s) Top level type

30. Repository Group of images (in a registry) User type Analogy:

    Like a Github repo with image(s) Top level type slok/playpython phusion/baseimage ubuntu redis postgres

31. Basic stuff

32. Get base image(s) https://registry.hub.docker.com/_/ubuntu/ $ docker pull ubuntu Pulling repository

    ubuntu 463ff6be4238: Download complete 3db9c44f4520: Download complete ea7d6801c538: Download complete 58faa899733f: Download complete 195eb90b5349: Download complete c5881f11ded9: Download complete ef83896b7fb9: Download complete e54ca5efa2e9: Download complete 511136ea3c5a: Download complete 65b7e9ccb809: Download complete f8dd6bd14f58: Download complete a343823119db: Download complete 8a1d8569bf87: Download complete 3af9d794ad07: Download complete f127542f0b61: Download complete d7ac5e4f1812: Download complete 6cfa4d1f33fb: Download complete bac448df371d: Download complete e7d62a8128cf: Download complete b7c6da90134e: Download complete ...

33. Get base image(s) https://registry.hub.docker.com/_/ubuntu/ $ docker pull ubuntu Pulling repository

    ubuntu 463ff6be4238: Download complete 3db9c44f4520: Download complete ea7d6801c538: Download complete 58faa899733f: Download complete 195eb90b5349: Download complete c5881f11ded9: Download complete ef83896b7fb9: Download complete e54ca5efa2e9: Download complete 511136ea3c5a: Download complete 65b7e9ccb809: Download complete f8dd6bd14f58: Download complete a343823119db: Download complete 8a1d8569bf87: Download complete 3af9d794ad07: Download complete f127542f0b61: Download complete d7ac5e4f1812: Download complete 6cfa4d1f33fb: Download complete bac448df371d: Download complete e7d62a8128cf: Download complete b7c6da90134e: Download complete ... Downloaded all the images (layers)

34. List images $ docker images REPOSITORY TAG IMAGE ID CREATED

    VIRTUAL SIZE ubuntu 14.10 58faa899733f 10 hours ago 196 MB ubuntu utopic 58faa899733f 10 hours ago 196 MB ubuntu precise ea7d6801c538 6 days ago 127.5 MB ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB ubuntu latest ef83896b7fb9 6 days ago 192.7 MB ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB ubuntu quantal c5881f11ded9 12 days ago 172.2 MB ubuntu raring 463ff6be4238 12 days ago 169.4 MB ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB ubuntu saucy 195eb90b5349 12 days ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB # du -sh /var/lib/docker/aufs/ 1.6G /var/lib/docker/aufs/

35. List images $ docker images REPOSITORY TAG IMAGE ID CREATED

    VIRTUAL SIZE ubuntu 14.10 58faa899733f 10 hours ago 196 MB ubuntu utopic 58faa899733f 10 hours ago 196 MB ubuntu precise ea7d6801c538 6 days ago 127.5 MB ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB ubuntu latest ef83896b7fb9 6 days ago 192.7 MB ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB ubuntu quantal c5881f11ded9 12 days ago 172.2 MB ubuntu raring 463ff6be4238 12 days ago 169.4 MB ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB ubuntu saucy 195eb90b5349 12 days ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB # du -sh /var/lib/docker/aufs/ 1.6G /var/lib/docker/aufs/ That’s 2727.5 MB

36. List images $ docker images REPOSITORY TAG IMAGE ID CREATED

    VIRTUAL SIZE ubuntu 14.10 58faa899733f 10 hours ago 196 MB ubuntu utopic 58faa899733f 10 hours ago 196 MB ubuntu precise ea7d6801c538 6 days ago 127.5 MB ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB ubuntu latest ef83896b7fb9 6 days ago 192.7 MB ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB ubuntu quantal c5881f11ded9 12 days ago 172.2 MB ubuntu raring 463ff6be4238 12 days ago 169.4 MB ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB ubuntu saucy 195eb90b5349 12 days ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB # du -sh /var/lib/docker/aufs/ 1.6G /var/lib/docker/aufs/ That’s 2727.5 MB Images have alias

37. Run container $ docker run ubuntu:trusty /bin/echo "Hello world!" Hello

    world! $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 14.10 58faa899733f 10 hours ago 196 MB ubuntu utopic 58faa899733f 10 hours ago 196 MB ubuntu precise ea7d6801c538 6 days ago 127.5 MB ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB ubuntu latest ef83896b7fb9 6 days ago 192.7 MB ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB ubuntu quantal c5881f11ded9 12 days ago 172.2 MB ubuntu raring 463ff6be4238 12 days ago 169.4 MB ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB ubuntu saucy 195eb90b5349 12 days ago 184.7 MB ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB “echo hello world” didn’t change container’s state so no new image

38. Run container $ docker run ubuntu:trusty /bin/echo "Hello world!" Hello

    world! Docker caches every command that you run in a container The container needs a foreground process to keep running $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak

39. Run container $ docker run ubuntu:trusty /bin/echo "Hello world!" Hello

    world! $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak The container finished so we use -a option The container needs a foreground process to keep running Docker caches every command that you run in a container

40. Run container $ docker run ubuntu:trusty /bin/sh -c "while true;

    do echo hello world; sleep 1; done" hello world hello world ... $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover We have a foreground process so the container keeps running Foreground container & Foreground process inside container

41. Run container $ docker run ubuntu:trusty /bin/sh -c "while true;

    do echo hello world; sleep 1; done" hello world hello world ... $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover Manage the container with this ID This keeps running until we stop We have a foreground process so the container keeps running Foreground container & Foreground process inside container

42. Run container in background $ docker run -d ubuntu:trusty /bin/sh

    -c "while true; do echo hello world; sleep 1; done" cffc463c6b4a8f830355c0c29434f3322c97b075e98a5081487b433c1462b8b2 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cffc463c6b4a ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute nostalgic_mcclintock Background container & Foreground process inside container We have a foreground process so the container keeps running

43. Container logs $ docker logs d82fe57ca931 hello world hello world

    ... The logs are the foreground process STDOUT

44. Attach to a container $ docker attach d82fe57ca931 hello world

    hello world ... Used to set the container as it was in Foreground Real time

45. Stop a container $ docker stop d82fe57ca931 d82fe57ca931

46. Images

47. Create own Redis container Ubuntu 14.04 LTS base image We

    could use a ready one: https://registry.hub.docker.com/_/redis/ Example

48. Interactive shell in container $ docker run -i -t ubuntu:trusty

    /bin/bash root@c220646d55c3:/# /bin/bash is a trick to have an fg process and a shell inside the container We have an interactive shell

49. Interactive shell in container $ docker run -i -t ubuntu:trusty

    /bin/bash root@c220646d55c3:/# /bin/bash is a trick to have an fg process and a shell inside the container We have an interactive shell -i Sets STDIN when not attached too -t Opens a PTY (Pseudo TTY)

50. Install Redis inside the container $ docker run -i -t

    ubuntu:trusty /bin/bash root@c220646d55c3:/# apt-get update ... root@c220646d55c3:/# apt-get install redis-server ... root@c220646d55c3:/# service redis-server start ... root@c220646d55c3:/# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379 root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux All is happening inside the container

51. Install Redis inside the container $ docker run -i -t

    ubuntu:trusty /bin/bash root@c220646d55c3:/# apt-get update ... root@c220646d55c3:/# apt-get install redis-server ... root@c220646d55c3:/# service redis-server start ... root@c220646d55c3:/# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379 root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux All is happening inside the container Ready for use!

52. Create Image from a container $ docker ps -a CONTAINER

    ID IMAGE COMMAND CREATED STATUS PORTS NAMES c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik Exited or running containers can be commited 773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660 $ docker commit c220646d55c3 slok/redis

53. Create Image from a container $ docker ps -a CONTAINER

    ID IMAGE COMMAND CREATED STATUS PORTS NAMES c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik Exited or running containers can be commited 773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660 Container ID $ docker commit c220646d55c3 slok/redis Repository name = Image name = {USER}/{NAME}

54. Run the image $ docker images REPOSITORY TAG IMAGE ID

    CREATED VIRTUAL SIZE slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB ubuntu utopic 58faa899733f 21 hours ago 196 MB ubuntu 14.10 58faa899733f 21 hours ago 196 MB ... $ docker run -i -t slok/redis /bin/bash root@d51b771108ae# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux

55. Run the image $ docker images REPOSITORY TAG IMAGE ID

    CREATED VIRTUAL SIZE slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB ubuntu utopic 58faa899733f 21 hours ago 196 MB ubuntu 14.10 58faa899733f 21 hours ago 196 MB ... $ docker run -i -t slok/redis /bin/bash root@d51b771108ae# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux BAD! We need redis process running! $ docker run -d slok/redis /usr/bin/redis-server fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b

56. Run the image $ docker images REPOSITORY TAG IMAGE ID

    CREATED VIRTUAL SIZE slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB ubuntu utopic 58faa899733f 21 hours ago 196 MB ubuntu 14.10 58faa899733f 21 hours ago 196 MB ... $ docker run -i -t slok/redis /bin/bash root@d51b771108ae# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux BAD! We need redis process running! $ docker run -d slok/redis /usr/bin/redis-server fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b Remember running the container in background

57. Check running container $ docker logs fbf7a9cedd3 [1] 01 Jul

    18:51:34.756 # Warning: no config file specified, using the default config. In order to specify a config file use /usr/bin/redis-server /path/to/redis.conf _._ _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 2.8.4 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in stand alone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' [1] 01 Jul 18:51:34.760 # Server started, Redis version 2.8.4 [1] 01 Jul 18:51:34.761 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. [1] 01 Jul 18:51:34.761 * The server is now ready to accept connections on port 6379

58. Check running container $ docker inspect fbf7a9cedd3 |grep -i ipaddress

    "IPAddress": "172.17.0.8", $ redis-cli -h 172.17.0.8 -p 6379

59. Check running container $ docker inspect fbf7a9cedd3 |grep -i ipaddress

    "IPAddress": "172.17.0.8", $ redis-cli -h 172.17.0.8 -p 6379 BAD! We need to expose container ports! $ docker stop fbf7a9cedd3 fbf7a9cedd3 $ docker run -d -p 16379:6379 slok/redis /usr/bin/redis-server af5989ca5600aa51ac0441ddda0e595c2fdecaa59495a02c72767956bba47794 Expose container port and map public address on port 16379 to private address 6379

60. Check running container $ docker inspect af5989ca |grep -i ipaddress

    "IPAddress": "172.17.0.9", $ redis-cli -h 172.17.0.9 -p 6379 172.17.0.9:6379> $ redis-cli -h 127.0.0.1 -p 16379 127.0.0.1:16379> By default no ports are exposed, we need to use -p or -P -P exposes all, -p one or more with XXXX or YYYY:XXXX format

61. Check running container $ docker inspect af5989ca |grep -i ipaddress

    "IPAddress": "172.17.0.9", $ redis-cli -h 172.17.0.9 -p 6379 172.17.0.9:6379> $ redis-cli -h 127.0.0.1 -p 16379 127.0.0.1:16379> Public access to mapped port Private access to container port By default no ports are exposed, we need to use -p or -P -P exposes all, -p one or more with XXXX or YYYY:XXXX format

62. Ports

63. Defaults $ docker run -d slok/redis /usr/bin/redis-server a14c64cd00d69e408da996375141ee9f8e9d85a67aa8015f6fdc3f5929aad365 # netstat

    -ltnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd By default no ports are exposed Exposed ports by default are to all hosts (0.0.0.0) Exposed ports by default are TCP

64. Bind container port $ docker run -d -p 12345:6379 slok/redis

    /usr/bin/redis-server 28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp Used to map to a custom host port # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd tcp6 0 0 :::12345 :::* LISTEN 914/docker

65. Bind container port $ docker run -d -p 12345:6379 slok/redis

    /usr/bin/redis-server 28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp Used to map to a custom host port # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd tcp6 0 0 :::12345 :::* LISTEN 914/docker

66. Bind random port $ docker run -d -p 6379 slok/redis

    /usr/bin/redis-server 62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::49153 :::* LISTEN 914/docker tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd Ports are published in random high number ports

67. Bind random port $ docker run -d -p 6379 slok/redis

    /usr/bin/redis-server 62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::49153 :::* LISTEN 914/docker tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd Ports are published in random high number ports

68. Bind to specified host $ docker run -d -p 127.0.0.1::6379

    slok/redis /usr/bin/redis-server 252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp 252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp $ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server 7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9 # netstat -ltnp | grep docker tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker

69. Bind to specified host $ docker run -d -p 127.0.0.1::6379

    slok/redis /usr/bin/redis-server 252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp 252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp $ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server 7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9 # netstat -ltnp | grep docker tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker

70. Bind UDP port $ docker run -d -p 44444:12345/udp ubuntu:14.04

    /bin/nc -ul 12345 710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4 # sudo netstat -ltunp |grep docker tcp6 0 0 :::55555 :::* LISTEN 914/docker udp6 0 0 :::44444 :::* 914/docker $ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345 92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp 710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp

71. Bind UDP port $ docker run -d -p 44444:12345/udp ubuntu:14.04

    /bin/nc -ul 12345 710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4 # sudo netstat -ltunp |grep docker tcp6 0 0 :::55555 :::* LISTEN 914/docker udp6 0 0 :::44444 :::* 914/docker $ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345 92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp 710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp

72. Publish all ports $ docker run -d -P slok/redis /usr/bin/redis-server

    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp Ports are published in random high number ports -P maps all exposed ports in the container* # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::49153 :::* LISTEN 914/docker tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd

73. Publish all ports $ docker run -d -P slok/redis /usr/bin/redis-server

    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp Ports are published in random high number ports -P maps all exposed ports in the container* # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::49153 :::* LISTEN 914/docker tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd Random high number mapped port available

74. Publish all ports $ docker run -d -P slok/redis /usr/bin/redis-server

    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488 $ docker ps CONTAINER ID IMAGE COMMAND CREATED PORTS 6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp Ports are published in random high number ports -P maps all exposed ports in the container* # netstat -ltnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd tcp6 0 0 :::49153 :::* LISTEN 914/docker tcp6 0 0 :::111 :::* LISTEN 714/rpcbind tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd tcp6 0 0 :::22 :::* LISTEN 1594/sshd Random high number mapped port available *Exposing ports are set in Dockerfiles We’ll see later!

75. Linking

76. Differences with exposed ports Used to link containers (using ports)

    Ports only accessible by containers We are using ports, but not exposed outside docker environment Don’t need to know specific ports More secure Ports shared in environment vars

77. Give a name to the link $ docker run -d

    --name redis_eghost slok/redis /usr/bin/redis-server 576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925 We need to expose ports in a Dockerfile $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash 2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816 $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES d205a37bcfdd ubuntu:14.04 /bin/bash checker 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost

78. Give a name to the link $ docker run -d

    --name redis_eghost slok/redis /usr/bin/redis-server 576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925 We need to expose ports in a Dockerfile $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost Name the first contaner for linking $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash 2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816 $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES d205a37bcfdd ubuntu:14.04 /bin/bash checker 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost

79. Give a name to the link $ docker run -d

    --name redis_eghost slok/redis /usr/bin/redis-server 576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925 We need to expose ports in a Dockerfile $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost Name the first contaner for linking $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash 2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816 $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES d205a37bcfdd ubuntu:14.04 /bin/bash checker 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost {LINK_CONTAINER_NAME} : {INTERNAL_ALIAS}

80. Give a name to the link $ docker run -d

    --name redis_eghost slok/redis /usr/bin/redis-server 576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925 We need to expose ports in a Dockerfile $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost Name the first contaner for linking $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash 2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816 $ docker ps CONTAINER ID IMAGE COMMAND PORTS NAMES d205a37bcfdd ubuntu:14.04 /bin/bash checker 576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost {LINK_CONTAINER_NAME} : {INTERNAL_ALIAS} Linked!

81. Discover link inside container $ docker run -d --name redis

    slok/redis /usr/bin/redis-server 5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae $ docker run ubuntu:14.04 env HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=4252df779431 $ docker run --name redis_checker --link redis:db ubuntu:14.04 env HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=44ffc20b8b67 DB_PORT=tcp://172.17.0.37:6379 DB_PORT_6379_TCP=tcp://172.17.0.37:6379 DB_PORT_6379_TCP_ADDR=172.17.0.37 DB_PORT_6379_TCP_PORT=6379 DB_PORT_6379_TCP_PROTO=tcp DB_NAME=/redis_checker/db Use env vars to connect services (and/or /etc/hosts)

82. Discover link inside container $ docker run -d --name redis

    slok/redis /usr/bin/redis-server 5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae $ docker run ubuntu:14.04 env HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=4252df779431 $ docker run --name redis_checker --link redis:db ubuntu:14.04 env HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=44ffc20b8b67 DB_PORT=tcp://172.17.0.37:6379 DB_PORT_6379_TCP=tcp://172.17.0.37:6379 DB_PORT_6379_TCP_ADDR=172.17.0.37 DB_PORT_6379_TCP_PORT=6379 DB_PORT_6379_TCP_PROTO=tcp DB_NAME=/redis_checker/db Use env vars to connect services (and/or /etc/hosts) Use the alias in uppercase as prefix for env vars

83. Using link inside container $ docker run -d --name redis

    slok/redis /usr/bin/redis-server 5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae Env vars only visible by the first process in the container (CMD or ENTRY) $ docker run -it slok/redis /bin/bash root@55e3762daa10:/# redis-cli Could not connect to Redis at 127.0.0.1:6379: Connection refused docker run -it --link redis:db slok/redis /bin/bash root@d5a1e38b5d4e:/# redis-cli -h $DB_PORT_6379_TCP_ADDR -p $DB_PORT_6379_TCP_PORT 172.17.0.37:6379> set "hello" "world" OK 172.17.0.37:6379> get "hello" "world" 172.17.0.37:6379>

84. Volumes

85. External FS to the container Not AUFS Used to persist

    data Not destroyed with stopped container Real time changes, no delay

86. Create a volume $ docker run -it -v /tmp ubuntu:14.04

    /bin/bash root@02d027999022:/# touch /tmp/hello_world.txt $ docker inspect 02d027999022 | grep \"Volumes\" -A 2 "Volumes": { "/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d" }, If the container is destroyed the volume is also destroyed # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d total 8 drwxrwxrwx 2 root root 4096 Jul 3 12:52 . drwx------ 11 root root 4096 Jul 3 12:52 .. -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt

87. Create a volume $ docker run -it -v /tmp ubuntu:14.04

    /bin/bash root@02d027999022:/# touch /tmp/hello_world.txt $ docker inspect 02d027999022 | grep \"Volumes\" -A 2 "Volumes": { "/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d" }, If the container is destroyed the volume is also destroyed # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d total 8 drwxrwxrwx 2 root root 4096 Jul 3 12:52 . drwx------ 11 root root 4096 Jul 3 12:52 .. -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt Outside the container

88. Container state & volume $ docker ps CONTAINER ID IMAGE

    COMMAND STATUS NAMES 02d027999022 ubuntu:14.04 /bin/bash Exited (0) About a minute ago backstabbing_brown The volumes persist even if the container is stopped # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d total 8 drwxrwxrwx 2 root root 4096 Jul 3 12:52 . drwx------ 11 root root 4096 Jul 3 12:52 .. -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt $ docker stop 02d027999022 02d027999022

89. Mount custom directory $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen $

    docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 . drwxr-xr-x 53 root root 4096 Jul 3 14:00 .. -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 . drwxrwxrwt 5 root root 4096 Jul 3 14:04 .. -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen Real time FS, The FS is mounted

90. Mount custom directory $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen $

    docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 . drwxr-xr-x 53 root root 4096 Jul 3 14:00 .. -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 . drwxrwxrwt 5 root root 4096 Jul 3 14:04 .. -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen “/tmp/i_like_kfc” is outside the container Real time FS, The FS is mounted

91. Mount custom directory $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen $

    docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 . drwxr-xr-x 53 root root 4096 Jul 3 14:00 .. -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 . drwxrwxrwt 5 root root 4096 Jul 3 14:04 .. -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen “/tmp/i_like_kfc” is outside the container Created outside the container Real time FS, The FS is mounted

92. Mount custom directory $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen $

    docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 . drwxr-xr-x 53 root root 4096 Jul 3 14:00 .. -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash root@6dc10486b6ec:/# touch /tmp/more_chickeeeeeen $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 . drwxrwxrwt 5 root root 4096 Jul 3 14:04 .. -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen “/tmp/i_like_kfc” is outside the container Created in the container Created outside the container Real time FS, The FS is mounted

93. Mount in read only mode By default is mounted in

    RW mode $ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash root@02e4214a70a7:/# touch /tmp/i_dont_like_kfc touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system

94. Mount in read only mode By default is mounted in

    RW mode $ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash root@02e4214a70a7:/# touch /tmp/i_dont_like_kfc touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system Just add “ro”

95. Owner and permissions $ whoami vagrant $ docker run -it

    -v /tmp/test:/tmp ubuntu:14.04 /bin/bash root@10c8ababfe0d:/# touch /tmp/root_file root@10c8ababfe0d:/# useradd slok root@10c8ababfe0d:/# su slok slok@10c8ababfe0d:/$ touch /tmp/user_file slok@10c8ababfe0d:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file slok@10c8ababfe0d:/$ ls -la /tmp/ total 8 drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 . drwxr-xr-x 55 root root 4096 Jul 3 14:27 .. -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file -rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file -rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file $ ls -la /tmp/test total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 . drwxrwxrwt 6 root root 4096 Jul 3 14:28 .. -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file -rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file

96. Owner and permissions $ whoami vagrant $ docker run -it

    -v /tmp/test:/tmp ubuntu:14.04 /bin/bash root@10c8ababfe0d:/# touch /tmp/root_file root@10c8ababfe0d:/# useradd slok root@10c8ababfe0d:/# su slok slok@10c8ababfe0d:/$ touch /tmp/user_file slok@10c8ababfe0d:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file slok@10c8ababfe0d:/$ ls -la /tmp/ total 8 drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 . drwxr-xr-x 55 root root 4096 Jul 3 14:27 .. -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file -rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file -rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file $ ls -la /tmp/test total 8 drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 . drwxrwxrwt 6 root root 4096 Jul 3 14:28 .. -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file -rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file Outside the container, the owner (user) is the process running user In the container the owner remains

97. Share volumes between containers $ docker run -it --name doge_container

    -v /opt ubuntu:14.04 /bin/bash root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash root@491ad4c3df84:/# ls -la /opt/ total 12 drwxr-xr-x 2 root root 4096 Jul 3 18:00 . drwxr-xr-x 53 root root 4096 Jul 3 18:02 .. -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py root@491ad4c3df84:/# python3 /opt/say_hello.py Hello world This is used to share directories across containers There is a pattern called data volume container (Check patterns section)

98. Share volumes between containers $ docker run -it --name doge_container

    -v /opt ubuntu:14.04 /bin/bash root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py Volume created! $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash root@491ad4c3df84:/# ls -la /opt/ total 12 drwxr-xr-x 2 root root 4096 Jul 3 18:00 . drwxr-xr-x 53 root root 4096 Jul 3 18:02 .. -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py root@491ad4c3df84:/# python3 /opt/say_hello.py Hello world This is used to share directories across containers There is a pattern called data volume container (Check patterns section)

99. Share volumes between containers $ docker run -it --name doge_container

    -v /opt ubuntu:14.04 /bin/bash root@46293ef28846:/# echo "print('Hello world')" > /opt/say_hello.py Volume created! $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash root@491ad4c3df84:/# ls -la /opt/ total 12 drwxr-xr-x 2 root root 4096 Jul 3 18:00 . drwxr-xr-x 53 root root 4096 Jul 3 18:02 .. -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py root@491ad4c3df84:/# python3 /opt/say_hello.py Hello world this container will mount all volumes from “doge_container” container This is used to share directories across containers There is a pattern called data volume container (Check patterns section)

100. Share volumes between containers System Container(46293ef28846/ doge_container) Container(491ad4c3df84) /bin /opt

     /usr /root /bin /opt /usr /root /var/lib/docker/vfs/dir/ b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4 45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa /usr /opt /home Simple principle, mount directories from host OS to containers ... ... ... ...

101. Share volumes between containers System Container(46293ef28846/ doge_container) Container(491ad4c3df84) /bin /opt

     /usr /root /bin /opt /usr /root /var/lib/docker/vfs/dir/ b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4 45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa /usr /opt /home Simple principle, mount directories from host OS to containers ... ... ... This was the volume creator, to mount his volumes we need to use it as reference with “volumes-from” ...

102. Dockerfiles

103. Automate Build images Easy update of images easy share Script

     composed by commands

104. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure

105. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure Declaration

106. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure Declaration Actions(logic)

107. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure Declaration Actions(logic) Configuration

108. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure Declaration Actions(logic) Configuration Run action

109. Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> # Update repos

     RUN apt-get update # Install redis RUN apt-get install -y redis-server # Expose Redis port 6379 EXPOSE 6379 CMD ["/usr/bin/redis-server"] Dockerfile structure Declaration Actions(logic) Configuration Run action

110. Dockerfile facts Instructions in order Format: INSTRUCTION arguments Use “#”

     for comments First instruction is FROM No case sensitive (std says instructions in uppercase) Some instructions create a new layer

111. Dockerfile facts Instructions in order Format: INSTRUCTION arguments Use “#”

     for comments First instruction is FROM No case sensitive (std says instructions in uppercase) Some instructions create a new layer Lets check the com m ands

112. Dockerfile FROM ubuntu:14.04 ... Dockerfile command | FROM Dockerfile FROM

     slok/redis ... The base image, tells docker where to start from building the image Needs to be the first instruction in the Dockerfile Dockerfile FROM crosbymichael/python ... If no tag is specified then “latest“ will be taken

113. Dockerfile command | MAINTAINER Dockerfile MAINTAINER Xabier Larrakoetxea <[email protected]> ...

     Sets the author of the Dockerfile Dockerfile MAINTAINER Doge wow <[email protected]> ... Dockerfile MAINTAINER Chuck Norris <[email protected]> ...

114. Dockerfile command | RUN Dockerfile RUN pip install django ...

     Dockerfile RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list ... Dockerfile RUN ["wget", "http://python-distribute.org/distribute_setup.py"] ... Creates a new layer This layers are used as cache for other builds if they are the same Executes actions/commands

115. Dockerfile command | RUN Dockerfile RUN pip install django ...

     Dockerfile RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list ... Dockerfile RUN ["wget", "http://python-distribute.org/distribute_setup.py"] ... Creates a new layer This layers are used as cache for other builds if they are the same Executes actions/commands Uses /sh/bin -c {RUN_ARGUMENTS} Uses exec format

116. Dockerfile command | ENV Dockerfile ENV LANG en_US.UTF-8 ... Sets

     env vars, this will be available for the next RUN instructions the containers that run from the built image will have the env vars setted Dockerfile ENV APP_ENVIRONMENT sandbox ... Dockerfile ENV DOGE such_env_var ...

117. Dockerfile command | EXPOSE Dockerfile EXPOSE 9000 ... Dockerfile EXPOSE

     8125/udp ... Dockerfile EXPOSE 80:8080 ... Map private exposed ports to public ones when running the container Never map public ports inside the Dockerfile

118. Dockerfile command | EXPOSE Dockerfile EXPOSE 9000 ... Dockerfile EXPOSE

     8125/udp ... Dockerfile EXPOSE 80:8080 ... Map private exposed ports to public ones when running the container Never map public ports inside the Dockerfile Private TCP port Private UDP port 80 Private TCP port mapped to 8080 public TCP port

119. Dockerfile command | VOLUME Dockerfile VOLUME /data ... Dockerfile VOLUME

     ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"] ... Dockerfile EXPOSE /opt/data:/data ... Mount public paths to private paths when running the container Never mount public to paths inside the Dockerfile

120. Dockerfile command | VOLUME Dockerfile VOLUME /data ... Dockerfile VOLUME

     ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"] ... Dockerfile EXPOSE /opt/data:/data ... Mount public paths to private paths when running the container Never mount public to paths inside the Dockerfile mount container /data in host /mnt/opt Create multiple volumes Create /data volume

121. Dockerfile command | ADD After the first ADD instructions the

     next RUN instructions don’t cache Dockerfile ADD ./statsd_config.js /var/lib/statsd/config.js ... If src is a tar archive, this will be copied and extracted ADD is to magical, use COPY instead when not extracting is needed (v1.0>=) Copy a relative (to dockerfile) file or directory into the image Dockerfile ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf ... Dockerfile ADD /tar/apache-tomcat-7.0.47.tar.gz /opt ...

122. Dockerfile command | ADD After the first ADD instructions the

     next RUN instructions don’t cache Dockerfile ADD ./statsd_config.js /var/lib/statsd/config.js ... If src is a tar archive, this will be copied and extracted ADD is to magical, use COPY instead when not extracting is needed (v1.0>=) Copy a relative (to dockerfile) file or directory into the image Dockerfile ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf ... Dockerfile ADD /tar/apache-tomcat-7.0.47.tar.gz /opt ... This will extract the archive in images /opt

123. Dockerfile command | COPY Copy a relative (to dockerfile) file

     or directory into the image After the first COPY instructions the next RUN instructions don’t cache Similar to ADD Dockerfile ADD ./statsd_config.js /var/lib/statsd/config.js ... Dockerfile COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf ... Dockerfile COPY /tar/apache-tomcat-7.0.47.tar.gz /opt ...

124. Dockerfile command | COPY Copy a relative (to dockerfile) file

     or directory into the image After the first COPY instructions the next RUN instructions don’t cache Similar to ADD Dockerfile ADD ./statsd_config.js /var/lib/statsd/config.js ... Dockerfile COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf ... Dockerfile COPY /tar/apache-tomcat-7.0.47.tar.gz /opt ... This will not extract the archive in images /opt

125. Dockerfile command | USER Sets the UID to use when

     running the image Sets the UID to use for any following RUN directives Dockerfile USER postgres ... Dockerfile USER nobody ...

126. Dockerfile command | WORKDIR Sets the working directory for the

     RUN, CMD and ENTRYPOINT that follow it Dockerfile WORKDIR /etc/nginx ... Dockerfile WORKDIR /opt ... WORKDIR virtualenvs ... Could be use with absolute or relative paths

127. Dockerfile command | WORKDIR Sets the working directory for the

     RUN, CMD and ENTRYPOINT that follow it Dockerfile WORKDIR /etc/nginx ... Dockerfile WORKDIR /opt ... WORKDIR virtualenvs ... Could be use with absolute or relative paths This will end in /opt/virtualenvs

128. Dockerfile command | ONBUILD Dockerfile ONBUILD ADD . /src/app ONBUILD

     RUN /usr/local/bin/python-build --dir /src/app ... ONBUILD doesn’t affect this image built Triggered when another image is built based on this one Grand-child images doesn’t inherit this ONBUILD (Only direct ones) Dockerfile ONBUILD ADD . /opt/rails_demo ONBUILD WORKDIR /opt/rails_demo ONBUILD RUN rvm all do bundle install ONBUILD CMD rvm all do bundle exec rails server ...

129. Dockerfile command | CMD CMD could be overwritten when we

     exec docker run executable params... Only one CMD entry per dockerfile Used with ENTRYPOINT is very powerful Dockerfile CMD ["/usr/local/bin/diamond", "-f"] ... Dockerfile CMD echo "This is a test." | wc - ... Dockerfile CMD ["--help"] ... Used to execute a command when running the container

130. Dockerfile command | CMD CMD could be overwritten when we

     exec docker run executable params... Only one CMD entry per dockerfile Used with ENTRYPOINT is very powerful Dockerfile CMD ["/usr/local/bin/diamond", "-f"] ... Dockerfile CMD echo "This is a test." | wc - ... Dockerfile CMD ["--help"] ... Used to execute a command when running the container Array form: used like exec (Preferred form) As shell (/bin/sh -c) Used to pass params to ENTRYPOINT

131. Dockerfile command | ENTRYPOINT ENTRYPOINT can’t be overwrite unlike CMD

     Only one ENTRYPOINT entry per dockerfile Used with CMD is very powerful Pass params to ENTRYPOINT with docker run {image} -d ... Dockerfile ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"] ... Dockerfile ENTRYPOINT supervisor ... Used to execute a command when running the container Array form: used like exec (Preferred form) As shell (/bin/sh -c)

132. Dockerfile command | ENTRYPOINT ENTRYPOINT can’t be overwrite unlike CMD

     Only one ENTRYPOINT entry per dockerfile Used with CMD is very powerful Pass params to ENTRYPOINT with docker run {image} -d ... Dockerfile ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"] ... Dockerfile ENTRYPOINT supervisor ... Used to execute a command when running the container

133. Simple example

134. Nginx container Ubuntu 14.04 LTS base image We could use

     a ready one: https://registry.hub.docker.com/_/nginx/ Example

135. Structure $ tree ./nginx ./nginx/ ├── Dockerfile └── nginx.conf

136. Nginx config file nginx/nginx.conf daemon off; user www-data; worker_processes 4;

     pid /run/nginx.pid; events { worker_connections 768; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }

137. Nginx config file nginx/nginx.conf daemon off; user www-data; worker_processes 4;

     pid /run/nginx.pid; events { worker_connections 768; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } This is needed to run the process as a docker container

138. Nginx Dockerfile nginx/Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> #

     Install nginx RUN sudo apt-get update RUN sudo apt-get install -y nginx VOLUME ["/etc/nginx", "/var/log/nginx"] EXPOSE 80 443 COPY nginx.conf /etc/nginx/nginx.conf # This image should only run nginx, don't allow command overwrite ENTRYPOINT ["nginx"]

139. Nginx Dockerfile nginx/Dockerfile FROM ubuntu:14.04 MAINTAINER Xabier Larrakoetxea <[email protected]> #

     Install nginx RUN sudo apt-get update RUN sudo apt-get install -y nginx VOLUME ["/etc/nginx", "/var/log/nginx"] EXPOSE 80 443 COPY nginx.conf /etc/nginx/nginx.conf # This image should only run nginx, don't allow command overwrite ENTRYPOINT ["nginx"] We could change the settings and add new websites without rebuilding the image

140. Build the image $ docker build -t slok/nginx ./nginx Sending

     build context to Docker daemon 4.096 kB Sending build context to Docker daemon Step 0 : FROM ubuntu:14.04 ---> e54ca5efa2e9 Step 1 : MAINTAINER Xabier Larrakoetxea <[email protected]> ---> Using cache ---> f92949757538 Step 2 : RUN sudo apt-get update ---> Using cache ---> 83553dd447a8 Step 3 : RUN sudo apt-get install -y nginx ---> Using cache ---> 81d073ef2959 Step 4 : VOLUME ["/etc/nginx", "/var/log/nginx"] ---> Using cache ---> d7bebdea21bc Step 5 : EXPOSE 80 443 ---> Using cache ---> 884a359171c5 Step 6 : COPY nginx.conf /etc/nginx/nginx.conf ---> 9367bdddab92 Removing intermediate container 421ee775b2ac Step 7 : ENTRYPOINT ["nginx"] ---> Running in 720a2e174332 ---> 6656d268c150 Removing intermediate container 720a2e174332 Successfully built 6656d268c150

141. Run the image (container) $ docker run -d -p 10080:80

     slok/nginx e55dd17a1b586f407d41eb93eaaf561c9f32609a7eab6e29c41e5f4dc50f3ebc $ curl 192.168.100.55:10080 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>

142. Check persisten data $ docker ps -aq e55dd17a1b58 $ docker

     inspect e55dd17a1b58 | grep -A 3 Volumes "Volumes": { "/etc/nginx": "/var/lib/docker/vfs/dir/f58bfb50312f75adbe51b7504230c69a8a3e098afa5943becbfc3b89b9547b6e", "/var/log/nginx": "/var/lib/docker/vfs/dir/faaa961e95ea51c49af5b27093a56f177a2341da8e11b061d80f34348d09ef36" }, $ cat /var/lib/docker/vfs/dir/faaa961e.../access.log 192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" 192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET /favicon.ico HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" 192.168.100.55 - - [06/Jul/2014:16:28:08 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" 192.168.100.55 - - [06/Jul/2014:16:29:18 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0"

143. Docker hub

144. Share images Deploy hook Automated builds https://hub.docker.com

145. Login $ docker login Username: slok Password: Email: [email protected] Login

     Succeeded

146. Search $ docker search slok NAME DESCRIPTION STARS OFFICIAL AUTOMATED

     slok/nginx 0 [OK] slok/playpython 0 $ docker search python NAME DESCRIPTION STARS OFFICIAL AUTOMATED fedora/python 18 [OK] parente/ipython-notebook IPython Notebook plus pandas, matplotlib, ... 8 parente/ipython IPython 2.0 containerized and configured t... 5 [OK] mythmon/python-dev A base to start from for running Python apps. 4 [OK] google/python-runtime 4 [OK] dockerfile/python Trusted Python (https://www.python.org/) B... 4 [OK] python Python is a widely used general-purpose, h... 3 scivm/scientific-python-2.7 Scientific Python 2.7 Ubuntu 12.04- Numpy,... 3 [OK] crosbymichael/ipython 3 [OK] scivm/scientific-python-3.3 Scientific Python 3.3 Ubuntu 12.04 Numpy, ... 2 [OK] google/python 2 [OK]

147. Pull $ docker pull dockerfile/python Pulling repository dockerfile/python f86d6993fc7b: Download

     complete 511136ea3c5a: Download complete 5e66087f3ffe: Download complete 4d26dd3ebc1c: Download complete d4010efcfd86: Download complete 99ec81b80c55: Download complete b261bc65cd23: Download complete 42404685406e: Download complete 6cc69450fe19: Download complete efc4fbcd007f: Download complete 2baeb2edbf92: Download complete ecd5c1cc18ac: Download complete 1f089cc15e82: Download complete 9f3000270ba2: Download complete 4b49b0b7aa4c: Download complete 8229e90e517b: Download complete $ docker pull dockerfile/python REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE dockerfile/python latest f86d6993fc7b 6 weeks ago 643.8 MB

148. Push $ docker push slok/nginx2 The push refers to a

     repository [slok/nginx2] (len: 1) Sending image list Pushing repository slok/nginx2 (1 tags) 511136ea3c5a: Image already pushed, skipping d7ac5e4f1812: Image already pushed, skipping 2f4b4d6a4a06: Image already pushed, skipping 83ff768040a0: Image already pushed, skipping 6c37f792ddac: Image already pushed, skipping e54ca5efa2e9: Image already pushed, skipping f92949757538: Image successfully pushed 83553dd447a8: Image successfully pushed 81d073ef2959: Image successfully pushed d7bebdea21bc: Image successfully pushed 884a359171c5: Image successfully pushed 9367bdddab92: Image successfully pushed 6656d268c150: Image successfully pushed Pushing tag for rev [6656d268c150] on {https://registry-1.docker.io/v1/repositories/slok/nginx2/tags/latest}

149. Automated builds Other type of docker repo Don’t push images

     Refer to Dockerfile repositories Automatic builds when pushed changes http://docs.docker.com/docker-hub/builds/

150. Patterns

151. Data only container Data in a separate container No data

     in app containers Not attached to an image(easy upgrade) http://www.offermann.us/2013/12/tiny-docker-pieces-loosely-joined.html

152. Data only container | differences System Postgresql container /var/lib/docker/vfs/dir/... /data

     b7eb1d8264db8716c0a536e0c776... ... Classic approach volume

153. Data only container | differences System Postgresql container /var/lib/docker/vfs/dir/... /data

     b7eb1d8264db8716c0a536e0c776... ... Classic approach System Postgresql-data container /var/lib/docker/vfs/dir/... /data b7eb1d8264db8716c0a536e0c776... ... Data volume container approach volume volume Postgresql container /data ... volumes-from

154. Data only container | data container Dockerfile FROM busybox MAINTAINER

     Xabier Larrakoetxea <[email protected]> # Create data directory RUN mkdir /data # postgres UID = 102 & GID = 106 RUN chown 102:106 /data RUN chmod 700 /data # Create VOLUME /data $ docker build -t postgresql-data ./postgresql-data/ Sending build context to Docker daemon 2.56 kB Sending build context to Docker daemon Step 0 : FROM busybox ---> a9eb17255234 Step 1 : MAINTAINER Xabier Larrakoetxea <[email protected]> ---> Running in ad624b14dfbb ---> c303826067b8 Removing intermediate container ad624b14dfbb Step 2 : RUN mkdir /data ---> Running in 11ad80bac58f ---> cf5c27ebbfe7 Removing intermediate container 11ad80bac58f Step 3 : VOLUME /data ---> Running in 0fc55525bf62 ---> b3c6cd1d3343 Removing intermediate container 0fc55525bf62 Successfully built b3c6cd1d3343

155. Data only container | data container $ docker run -d

     --name postgresql-data postgresql-data fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES fa64af762647 postgresql-data:latest /bin/sh 50 seconds ago Exited (0) postgresql-data Remember! volumes persist with stopped containers too, that’s the key $ docker run -d --name postgresql-data -v /var/lib/postgresql busybox 99a239a8aca33baac21c897f7ce1342866517f1f30fdac4c28108c28de1b707b Same result but without using Dockerfiles, although using Dockerfiles is encourage

156. Data only container | app container Dockerfile FROM ubuntu MAINTAINER

     Xabier Larrakoetxea <[email protected]> RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list RUN apt-get update RUN apt-get -y -q install python-software-properties software-properties-common RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3 USER postgres RUN /etc/init.d/postgresql start &&\ psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'docker';" &&\ createdb -O docker docker # Cofigure the database to use our data dir. RUN sed -i -e"s/data_directory =.*$/data_directory = '\/data'/" /etc/postgresql/9.3/main/postgresql.conf RUN echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf EXPOSE 5432 VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"] CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"]

157. Data only container | run $ docker run --volumes-from postgresql-data

     postgresql /usr/lib/postgresql/9.3/bin/initdb -D /data fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d $ docker run -d --name postgresql-data postgresql-data f2392b5be7cc83368c458d00e1ce7d23306b91b274aba22edc0b20e088b2024b 1st run the data container(We made previously) only the first time 2nd run the app container but initializing the database (will exit) only the first time $ docker run -d --volumes-from postgresql-data postgresql fa67e31dc8782c8e82933540a1aaa0c1a6a03d2c565b57d700a58f623d3c6504 Run the app container(Init postgres database)

158. Layer cache Dockerfile FROM busybox MAINTAINER Xabier Larrakoetxea <[email protected]> RUN

     echo "Layer 1" RUN echo "Layer 2" RUN echo "Layer 3" RUN echo "Layer 4" RUN echo "Layer 5" COPY text.txt /tmp/test.txt RUN echo "Layer 6" RUN echo "Layer 7" Dockerfile FROM busybox MAINTAINER Xabier Larrakoetxea <[email protected]> RUN echo "Layer 1" RUN echo "Layer 2" RUN echo "Layer 3" RUN echo "Layer 4" RUN echo "Layer 5" COPY text.txt /tmp/test.txt RUN echo "Layer 6" RUN echo "Layer 7" a9eb17255234 c303826067b8 917ba27e3824 7e2f54c9001e 5d913400970e eb97fe6a3755 dc390db50bd4 37aab9a11217 e27033af6e6b 56e45baa15ba d8f5c77247c0 7a317623daf8 edbc8e088d19

159. Layer cache $ docker build ./test Sending build context to

     Docker daemon 3.072 kB Sending build context to Docker daemon Step 0 : FROM busybox ---> a9eb17255234 Step 1 : MAINTAINER Xabier Larrakoetxea <[email protected]> ---> Using cache ---> c303826067b8 Step 2 : RUN echo "Layer 1" ---> Using cache ---> 917ba27e3824 Step 3 : RUN echo "Layer 2" ---> Using cache ---> 7e2f54c9001e Step 4 : RUN echo "Layer 3" ---> Using cache ---> 5d913400970e Step 5 : RUN echo "Layer 4" ---> Using cache ---> eb97fe6a3755 Step 6 : RUN echo "Layer 5" ---> Using cache ---> dc390db50bd4 Step 7 : COPY text.txt /tmp/test.txt ---> d8f5c77247c0 Removing intermediate container 5c7feddd3486 Step 8 : RUN echo "Layer 6" ---> Running in 7a317623daf8 Layer 6 ---> 2befdb0f5c9d Removing intermediate container 7a317623daf8 Step 9 : RUN echo "Layer 7" ---> Running in edbc8e088d19 Layer 7 ---> 1fee9b728152 Removing intermediate container edbc8e088d19 Successfully built 1fee9b728152 Not cached Cached

160. Base image reuse Ubuntu Python Ruby JDK Tomcat Postgres Mysql

     Redis Base Nginx RoR Django My_app Ansible Graphite Gitlab Gitlab

161. Single app VS multiple app container Single container Container groups

     Separate containers

162. Single container System container /var/lib/docker/vfs/dir/... b7eb1d8264db8716c0a536e0c776... volume Used in devboxes

     (Vagrant) and CI purpouse (Jenkins) Don’t use for production FS /usr ... /lib ... Supervisor /root /opt /var postgres nginx redis uwsgi workers workers Use supervisor or monit to manage all the containers

163. Container groups System App container /var/lib/docker/vfs/dir/... b7eb1d8264db8716c0a536e0c776... volume Used in

     production and CI purpouse (Jenkins) FS /usr ... /lib ... Supervisor nginx uwsgi Use supervisor or monit to manage all the containers db container FS /usr ... /lib Supervisor redis postgres volume Easy management

164. Separate containers System nginx container /var/lib/docker/vfs/dir/... b7eb1d8264db8716c0a536e0c776... Used in production

     FS ... ... nginx Big granularity, flexible uwsgi container FS ... uswgi postgres container FS ... postgres Link Link redis container FS ... redis Link Easy image update

165. Tips

166. Stop all the containers $ docker stop `docker ps -aq`

     c9a227990860 4c9b8825dd10 c6246e2bf765 425a71780337 17cc7e13c1ed 17ceee72c3e0 38436e110396 491ad4c3df84 46293ef28846 d8d6a3ccbcbf 3820a01f10ae

167. Delete all the containers $ docker rm `docker ps -aq`

     c9a227990860 4c9b8825dd10 c6246e2bf765 425a71780337 17cc7e13c1ed 17ceee72c3e0 38436e110396 491ad4c3df84 46293ef28846 d8d6a3ccbcbf 3820a01f10ae Destructive command! Also deletes the volumes!

168. Delete untagged images $ docker images REPOSITORY TAG IMAGE ID

     CREATED VIRTUAL SIZE <none> <none> 3fddf4b9ccd0 27 minutes ago 299.1 MB <none> <none> daf1d121e239 7 hours ago 6.255 MB <none> <none> 11f47fb8a321 8 hours ago 6.57 MB <none> <none> f644d2c20728 8 hours ago 6.57 MB slok/redis2 latest c2c45026cfb8 3 days ago 283 MB $ docker rmi `docker images |grep "<none>" | awk '{print $3}'` Deleted: 3fddf4b9ccd0d91d2469f0afb7b8e458638375a24cb9f4742b91744a66b5ad9a Deleted: 3a448f3b216270a4ea8f2ad39d4d78287cfa3b7ec933f88723d87ceee385e4a4 Deleted: 20aab9c6ed98d6db4c9d3824dc6243c12f6e03cd8dd0bcbef5f3ff97d715fc44 Deleted: c0fac7a083b58b0a5ed818f01c2efb4901ef5bf88f3154b05d79df5fb65c3433 Deleted: b5d683eefda9fa3d07eb4e0b85d09873e61702fb934f5a3c92b0c15b6b67340a Deleted: daf1d121e23966a7a0b8fc6ecf5b87e944d582f7f722e989e5472cf52d1653e3 Deleted: 11f47fb8a3219e01f4585577d53687eb404eda2128106960a10a8d5cd1d7e714 Deleted: 18b65d678d9f2047ce6423258de8eaaf37107a09abe3a2aaff30b367bd01570c Deleted: e37a502f8fba1a3406b2a3fce2a55d82059a77eb266a793d2243efcec62f9a4f Deleted: 954a4be53ea4b2253739d511daf78ec621b4411af79c68cb1338ae2e54267762 Deleted: f644d2c20728195956e1e4ead8cdae964444ef7a62ddb32cd1db668ce19f2fbc Deleted: a275efe6feed558e1521f269c356bfa4d3c112de456ec624eb0926eb24d64078 Deleted: e62491d8568fd34019de4e7bbdb3d81cad9ed0bd8796c236166a124949035791 Destructive command!

169. Thank you

170. Questions

171. Kudos

172. Icons: Entypo, Flaticons, Octicons Typography: Google web fonts OS Logos:

     http://commons.wikimedia.org Github: https://github.com Google docs: https://docs.google.com Docker: https://docs.docker.com Docker guide: http://kencochrane.net Syntax highligter: http://markup.su/highlighter/

173. Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) http://xlarrakoetxea.org