|
|
| (20 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| =Overview=
| |
|
| |
| ==What is Docker==
| |
|
| |
| Docker is a way of deploying apps on servers. It packages apps into side-by-side containers. These are similar in spirit to virtual machines, but different because containers are not (or, don't have to be) fully bundled operating systems. The container system makes sure everything runs the same everywhere. | | Docker is a way of deploying apps on servers. It packages apps into side-by-side containers. These are similar in spirit to virtual machines, but different because containers are not (or, don't have to be) fully bundled operating systems. The container system makes sure everything runs the same everywhere. |
|
| |
|
| It's like [[Homebrew]] or [[Aptitude]] for apps. | | It's like [[Homebrew]] or [[Aptitude]] for apps. |
|
| |
|
| =Installing=
| | [[Docker/Troubleshooting]] |
|
| |
|
| Docker has great documentation on getting up and running: https://docs.docker.com/ | | [[Docker/Network Debugging]] |
|
| |
|
| Docker also provides several examples of docker-izing an app: https://docs.docker.com/engine/examples/
| | =References= |
|
| |
|
| ==Ubuntu Linux==
| | Docker's documentation is excellent: https://docs.docker.com/ |
| | |
| You can get docker running on many virtual hosting services.
| |
| | |
| Linode supports docker: https://blog.linode.com/2014/01/03/docker-on-linode/
| |
| | |
| They offer installation guides for different distributions: https://docs.docker.com/engine/installation/linux/#install-using-the-repository
| |
| | |
| Guide to installing Docker on Ubuntu Linux: https://docs.docker.com/engine/installation/linux/ubuntulinux/
| |
| | |
| Start by setting up Docker's repositories:
| |
| | |
| <pre>
| |
| $ sudo apt-get install \
| |
| apt-transport-https \
| |
| ca-certificates \
| |
| curl \
| |
| software-properties-common
| |
| </pre>
| |
| | |
| Add Docker's GPG key:
| |
| | |
| <pre>
| |
| $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
| |
| </pre>
| |
| | |
| Verify fingerprint starts with 9DC8:
| |
| | |
| <pre>
| |
| $ sudo apt-key fingerprint 0EBFCD88
| |
| </pre>
| |
| | |
| Set up the stable repository:
| |
| | |
| <pre>
| |
| $ sudo add-apt-repository \
| |
| "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
| |
| $(lsb_release -cs) \
| |
| stable"
| |
| </pre>
| |
| | |
| Install docker by updating package index and running install:
| |
| | |
| <pre>
| |
| $ sudo apt-get update
| |
| $ sudo apt-get install docker-ce
| |
| </pre>
| |
| | |
| Test it out:
| |
| | |
| <pre>
| |
| $ sudo docker run hello-world
| |
| </pre>
| |
| | |
| | |
| | |
| ===Errors===
| |
| | |
| When I added Docker's repos to my aptitude following the instructions above, I kept seeing 403 errors from docker's repo when I ran apt-get update:
| |
| | |
| <pre>
| |
| sudo apt-get update
| |
| ...
| |
| W: Failed to fetch https://download.docker.com/linux/ubuntu/dists/wily/stable/binary-amd64/Packages HttpError403
| |
| | |
| </pre>
| |
| | |
| Yuck. Others have had this issue too. [https://github.com/docker/docker/issues/31940]
| |
| | |
| ===Resolving===
| |
| | |
| Resolved the problem by visiting their apt repos with a browser and manually downloading/installing the .deb file.
| |
| | |
| Start with the name of your release:
| |
| | |
| <pre>
| |
| $ lsb_release -c
| |
| Codename: wily
| |
| </pre>
| |
| | |
| Now navigate to their aptitude repositories in your browser: https://apt.dockerproject.org/repo/pool/main/d/docker-engine/
| |
| | |
| Find the deb file that corresponds to your install and copy the link.
| |
| | |
| <pre>
| |
| $ wget <link to .deb file>
| |
| </pre>
| |
| | |
| Now you can install it (you probably need to be sudo):
| |
| | |
| <pre>
| |
| $ dpkg -i docker-engine_1.9.1-0~wily_amd64.deb
| |
| Selecting previously unselected package docker-engine.
| |
| (Reading database ... 142272 files and directories currently installed.)
| |
| Preparing to unpack docker-engine_1.9.1-0~wily_amd64.deb ...
| |
| Unpacking docker-engine (1.9.1-0~wily) ...
| |
| Setting up docker-engine (1.9.1-0~wily) ...
| |
| Processing triggers for ureadahead (0.100.0-19) ...
| |
| Processing triggers for systemd (225-1ubuntu9.1) ...
| |
| Processing triggers for man-db (2.7.4-1) ...
| |
| </pre>
| |
| | |
| ==Mac==
| |
| | |
| You can run docker on Mac: https://docs.docker.com/docker-for-mac/
| |
| | |
| | |
| ==Docker on Linux Without Sudo==
| |
| | |
| To modify Docker so it runs on Linux without requiring the use of the sudo command, create a docker group:
| |
| | |
| <pre>
| |
| groupadd docker
| |
| usermod -a -G docker username
| |
| </pre>
| |
| | |
| That's it - boom - you should be able to run the docker hello world without sudo:
| |
| | |
| <pre>
| |
| $ docker hello-world # look ma, no sudo
| |
| </pre>
| |
| | |
| =Up and Running=
| |
| | |
| post installation info: https://docs.docker.com/engine/installation/linux/linux-postinstall/#upstart
| |
| | |
| ==Test==
| |
| | |
| Test you are up and running with a working install of docker:
| |
| | |
| <pre>
| |
| $ docker --version
| |
| Docker version 17.03.0-ce, build 60ccb22
| |
| | |
| $ docker-compose --version
| |
| docker-compose version 1.11.2, build dfed245
| |
| | |
| $ docker-machine --version
| |
| docker-machine version 0.10.0, build 76ed2a6
| |
| | |
| $ docker version
| |
| Client:
| |
| Version: 1.9.1
| |
| API version: 1.21
| |
| Go version: go1.4.2
| |
| Git commit: a34a1d5
| |
| Built: Fri Nov 20 13:20:08 UTC 2015
| |
| OS/Arch: linux/amd64
| |
| Cannot connect to the Docker daemon. Is the docker daemon running on this host?
| |
| </pre>
| |
| | |
| ==Hello world==
| |
| | |
| <pre>
| |
| $ sudo docker run hello-world
| |
| Unable to find image 'hello-world:latest' locally
| |
| latest: Pulling from hello-world
| |
| | |
| 50a54e1f9180: Pull complete
| |
| 7a5a2d73abce: Pull complete
| |
| Digest: sha256:7820f4620e6cf3e795643fac2f6b09e7fd0a29e7e5c4eee6aac9ba0bedca158c
| |
| Status: Downloaded newer image for hello-world:latest
| |
| | |
| Hello from Docker!
| |
| This message shows that your installation appears to be working correctly.
| |
| | |
| To generate this message, Docker took the following steps:
| |
| 1. The Docker client contacted the Docker daemon.
| |
| 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
| |
| 3. The Docker daemon created a new container from that image which runs the
| |
| executable that produces the output you are currently reading.
| |
| 4. The Docker daemon streamed that output to the Docker client, which sent it
| |
| to your terminal.
| |
| | |
| To try something more ambitious, you can run an Ubuntu container with:
| |
| $ docker run -it ubuntu bash
| |
| | |
| Share images, automate workflows, and more with a free Docker ID:
| |
| https://cloud.docker.com/
| |
| | |
| For more examples and ideas, visit:
| |
| https://docs.docker.com/engine/userguide/
| |
| | |
| | |
| </pre>
| |
| | |
| ==web server==
| |
| | |
| <pre>
| |
| docker run -d -p 80:80 --name webserver nginx
| |
| </pre>
| |
| | |
| =Docker Hub=
| |
| | |
| To use docker hub, visit https://hub.docker.com/
| |
| | |
| httpd repository: https://hub.docker.com/_/httpd/
| |
| | |
| ==Docker pull==
| |
| | |
| The docker pull command will basically fetch the latest version of a particular docker image, without any modifications. (The alternative is to customize the image by creating a Dockerfile based on the Dockerfile contained on Docker hub.)
| |
| | |
| <pre>
| |
| $ docker pull httpd
| |
| latest: Pulling from httpd
| |
| c1f98057d627: Pull complete
| |
| c35ece8820ad: Pull complete
| |
| eeeee05b2d97: Pull complete
| |
| b356f7d0a4b0: Pull complete
| |
| cff60f000364: Pull complete
| |
| f66e93df25da: Pull complete
| |
| 5aa754215a2b: Pull complete
| |
| ed544656f0fa: Pull complete
| |
| ffafc39cb69f: Pull complete
| |
| 4c5d8313f629: Pull complete
| |
| 55a6feaaae56: Pull complete
| |
| c1aa308548aa: Pull complete
| |
| 919bf0916a6a: Pull complete
| |
| eb58b1ce0fcd: Pull complete
| |
| ce15017ba45e: Pull complete
| |
| 617bdb3e78f6: Pull complete
| |
| 738ba280808d: Pull complete
| |
| 017d0384902a: Pull complete
| |
| d61c615e53ce: Pull complete
| |
| Digest: sha256:a5b5747c921fdac4e53197d2624ddad22fa9a13dfe31b305273be5149882c3e9
| |
| Status: Downloaded newer image for httpd:latest
| |
| </pre>
| |
| | |
| Can also pull other docker containers. Here is a shorter list of dependencies/layers:
| |
| | |
| <pre>
| |
| $ docker pull debian
| |
| | |
| latest: Pulling from debian
| |
| 0aa3f9bb64ef: Pull complete
| |
| c1f98057d627: Already exists
| |
| Digest: sha256:fa8fd9718d2697730acc9a374dc2e1d54719177f474abbc8d5f74ebad5cb8a30
| |
| Status: Downloaded newer image for debian:latest
| |
| </pre>
| |
| | |
| ==Docker images==
| |
| | |
| To see the docker container images that are installed, use the <code>docker images</code> command:
| |
| | |
| <pre>
| |
| $ docker images
| |
| REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
| |
| httpd latest d61c615e53ce 2 days ago 176.9 MB
| |
| debian latest 0aa3f9bb64ef 2 days ago 123.4 MB
| |
| hello-world latest 7a5a2d73abce 9 weeks ago 1.84 kB
| |
| </pre>
| |
| | |
| ==Running docker images==
| |
| | |
| If you want to run one of the images, use the docker run command:
| |
| | |
| <pre>
| |
| $ docker run
| |
| </pre>
| |
| | |
| ==Docker Internals==
| |
| | |
| One of the interesting things you can do is run Docker using the privileged flag, which basically gives Docker the same rights as root or as the user who ran Docker:
| |
|
| |
|
| {{Quote|The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.
| | Docker from the command line: https://docs.docker.com/engine/reference/commandline/cli/ |
|
| |
|
| [https://docs.docker.com/engine/reference/commandline/run/#full-container-capabilities---privileged Use the Docker command line]
| | Docker to run memcached (Digital Ocean guide): https://www.digitalocean.com/community/tutorials/docker-explained-how-to-create-docker-containers-running-memcached |
| }}
| |
|
| |
|
| <pre>
| | Note that many Docker issues on Github contain a wealth of useful debugging strategies and commands for checking the state of networks, ports, etc. Example: https://github.com/docker/docker/issues/13914 |
| $ docker run -t -i --privileged ubuntu bash
| |
| </pre>
| |
|
| |
|
| Docker command line: https://docs.docker.com/engine/reference/commandline/cli/ | | Potential security issues with Docker containers: https://blog.docker.com/2013/08/containers-docker-how-secure-are-they/ |
| | |
| =Security Notes=
| |
| | |
| Being in the docker group gives you serious root-level powers. Info about attack surface of Docker: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
| |
| | |
| Note that, as mentioned above, the --privileged flag allows Docker the same privileges as the user who ran the command.
| |
| | |
| =References=
| |
| | |
| Docker's documentation is excellent: https://docs.docker.com/
| |
|
| |
|
| Docker command line: https://docs.docker.com/engine/reference/commandline/cli/#environment-variables
| | =Flags= |
|
| |
|
| Docker run: https://docs.docker.com/engine/reference/commandline/run/#full-container-capabilities---privileged
| | {{DockerFlag}} |
