Difference between revisions of "Docker.io Howto"
(→Setup) |
|||
Line 19: | Line 19: | ||
itsecorg@pbuilder:~$ sudo aptitude install docker.io |
itsecorg@pbuilder:~$ sudo aptitude install docker.io |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
=== Proxy setup === |
|||
⚫ | |||
Old (not working) |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
New: |
|||
# First, create a systemd drop-in directory for the docker service: |
|||
mkdir /etc/systemd/system/docker.service.d |
|||
# Now create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable: |
|||
[Service] |
|||
Environment="HTTP_PROXY=http://proxy.example.com:80/" |
|||
# If you have internal Docker registries that you need to contact without proxying you can specify them via the NO_PROXY environment variable: |
|||
Environment="HTTP_PROXY=http://proxy.example.com:80/" |
|||
Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com" |
|||
# Flush changes: |
|||
sudo systemctl daemon-reload |
|||
# Verify that the configuration has been loaded: |
|||
sudo systemctl show --property Environment docker |
|||
Environment=HTTP_PROXY=http://proxy.example.com:80/ |
|||
# Restart Docker: |
|||
sudo systemctl restart docker |
|||
⚫ | |||
<pre> |
<pre> |
Revision as of 10:59, 10 February 2018
Documentation
- http://www.herr-norbert.de/2014/10/04/docker-owncloud/
- http://phusion.github.io/baseimage-docker/
- http://aws.amazon.com/de/ec2/ - to test running docker within a cloud
- http://docs.docker.com/examples/postgresql_service/
Basics
A running instance of an image is called container. You can make changes to a container (e.g. delete a file), but these changes will not affect the image. However, you can create a new image from a running container (and all it changes) using docker commit <container-id> <image-name>.
Create Docker account
This step is optional and only needed if you want to publicly upload images.
sudo docker login
Setup
sample docker running under Ubuntu 14.04.1:
itsecorg@pbuilder:~$ sudo aptitude install docker.io
Proxy setup
Old (not working)
Set proxy for docker: sudo sh -c 'echo export http_proxy="http://proxy.int.cactus.de:8080/" >> /etc/default/docker.io' sudo sh -c 'echo export https_proxy="http://proxy.int.cactus.de:8080/" >> /etc/default/docker.io' sudo service docker.io restart
New:
- First, create a systemd drop-in directory for the docker service:
mkdir /etc/systemd/system/docker.service.d
- Now create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service] Environment="HTTP_PROXY=http://proxy.example.com:80/"
- If you have internal Docker registries that you need to contact without proxying you can specify them via the NO_PROXY environment variable:
Environment="HTTP_PROXY=http://proxy.example.com:80/" Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com"
- Flush changes:
sudo systemctl daemon-reload
- Verify that the configuration has been loaded:
sudo systemctl show --property Environment docker Environment=HTTP_PROXY=http://proxy.example.com:80/
- Restart Docker:
sudo systemctl restart docker
Remove all images and containers
tim@pbuilder:~/dock1$ cat remove_all.sh #!/bin/bash # Delete all containers docker rm $(docker ps -a -q) # Delete all images docker rmi $(docker images -q) tim@pbuilder:~/dock1$
Image and Container Handling
Search images
sudo docker search -s 10 "ubuntu"
NAME DESCRIPTION STARS OFFICIAL AUTOMATED ubuntu Official Ubuntu base image 934 [OK] dockerfile/ubuntu Trusted automated Ubuntu (http://www.ubunt... 32 [OK] crashsystems/gitlab-docker A trusted, regularly updated build of GitL... 21 [OK] ansible/ubuntu14.04-ansible Ubuntu 14.04 LTS with ansible 21 [OK] clue/ttrss The Tiny Tiny RSS feed reader allows you t... 19 [OK] mbentley/ubuntu-django-uwsgi-nginx 17 [OK] sylvainlasnier/memcached Memcached docker images based on Ubuntu 14... 17 [OK] ubuntu-upstart Upstart is an event-based replacement for ... 16 [OK] dockerfile/ubuntu-desktop Trusted automated Ubuntu Desktop (LXDE) (h... 14 [OK] tutum/ubuntu Ubuntu image with SSH access. For the root... 13 [OK] tinyerp/ubuntu-openerp Run OpenERP on Ubuntu - September 2014 10 itsecorg@pbuilder:~$
Install / list / remove images
itsecorg@pbuilder:~$ sudo docker pull ubuntu:14.04.1 itsecorg@pbuilder:~$ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 14.04.1 5506de2b643b 3 weeks ago 199.3 MB itsecorg@pbuilder:~$
Remove
Remove Container
itsecorg@pbuilder:~$ sudo docker rm busybox
Remove Image(s)
itsecorg@pbuilder:~$ sudo docker rmi 0b310e6bf058 c5881f11ded9 463ff6be4238 195eb90b5349 3db9c44f4520
Show containers
itsecorg@pbuilder:~$ sudo docker ps -a --no-trunc=true itsecorg@pbuilder:~$ sudo docker ps -a --no-trunc=false CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 09a4d97bdc2b ubuntu:14.04.1 sudo http_proxy=http About an hour ago Exited (0) About an hour ago loving_hypatia b4360f35202b ubuntu:14.04.1 sudo http_proxy=http About an hour ago Exited (0) About an hour ago cocky_perlman 8d1fbf98c719 ubuntu:14.04.1 sudo http_proxy=http About an hour ago Exited (0) About an hour ago backstabbing_newton
Create new image from container
Syntax:
sudo docker commit <container-id> <image-name>
Example:
sudo docker commit b4360f35202b ubuntu-new
Example vanilla postgres
Image for testing
... contains http and postgres client (ubuntu client):
tim@ubuntu:~/docker$ cat ubu_client/Dockerfile
FROM ubuntu:14.04.1 MAINTAINER itsecorg@cactus.de RUN DEBIAN_FRONTEND=noninteractive apt-get update && \ apt-get install -y sharutils wget curl postgresql-client && \ apt-get clean && rm -rf /var/lib/apt/lists/*
tim@ubuntu:~/docker$
Building image
tim@ubuntu:~/docker/isodb$ cat Dockerfile.isodb.vanilla (apache Dockerfile: Dockerfile.isoweb)
tim@ubuntu:~/docker/isodb$ sudo docker build -t isodb:0.1 . Sending build context to Docker daemon 513.5 kB Sending build context to Docker daemon Step 0 : FROM ubuntu:14.04.1 ---> 04c5d3b7b065 Step 1 : MAINTAINER itsecorg@cactus.de
<snip>
Running image in container
Running in foreground
tim@ubuntu:~/docker/isodb$ sudo docker run --rm -P --name isodb_test isodb:0.1 2014-12-20 13:00:21 UTC LOG: database system was interrupted; last known up at 2014-12-20 12:58:24 UTC 2014-12-20 13:00:21 UTC LOG: database system was not properly shut down; automatic recovery in progress 2014-12-20 13:00:21 UTC LOG: redo starts at 0/1782F70 2014-12-20 13:00:21 UTC LOG: record with zero length at 0/1782FB0 2014-12-20 13:00:21 UTC LOG: redo done at 0/1782F70 2014-12-20 13:00:21 UTC LOG: last completed transaction was at log time 2014-12-20 12:58:24.396264+00 2014-12-20 13:00:21 UTC LOG: database system is ready to accept connections 2014-12-20 13:00:21 UTC LOG: autovacuum launcher started
Running in background
tim@ubuntu:~/docker/isodb$ sudo docker run -d -P --name isodb0.9 --hostname=psql_server isodb:0.9 293fc3635360376d010072455b5b2bad6e5232b1e7aed1ff45a2857155ad4fbd tim@ubuntu:~/docker/isodb$
Connecting to container
Connecting from host system
in new window, find out listening port:
tim@ubuntu:~/docker/isodb$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1858243dede0 isodb:0.3 /usr/lib/postgresql/ 27 seconds ago Up 26 seconds 0.0.0.0:49153->5432/tcp isodb0.9 tim@ubuntu:~/docker/isodb$ psql -h localhost -p 49153 -d isodb -U itsecorg --password
Connecting from other container via link
Containers can be linked to another container's ports directly using -link remote_name:local_alias in the client's docker run. This will set a number of environment variables that can then be used to connect:
tim@ubuntu:~/docker/isodb$ sudo docker run --rm -t -i --hostname=psql_client --link isodb0.9:ubu1 isodb:0.9 bash postgres@psql_client:/$ psql -h $UBU1_PORT_5432_TCP_ADDR -p $UBU1_PORT_5432_TCP_PORT -d isodb -U itsecorg --password Password for user itsecorg: psql (9.3.5) SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256) Type "help" for help. isodb=> select * from error limit 3; error_id | error_lvl | error_txt_ger | error_txt_eng -----------------------------+-----------+-----------------------------------+------------------------------------ MSG_NUMBER_CHANGES_RULE_CHG | 4 | Anzahl geaenderte Regeln | number of rules changed MSG_NUMBER_CHANGES_SVC_CHG | 4 | Anzahl geaenderte Dienste | number of network services changed MSG_NUMBER_CHANGES_OBJ_CHG | 4 | Anzahl geaenderte Netzwerkobjekte | number of network objects changed (3 rows) isodb=>
Running and linking second container
Building webserver:
tim@ubuntu:~/docker/isoweb$ sudo docker build -t isoweb:0.1 .
Running webserver in container:
tim@ubuntu:~/docker/isoweb$ sudo docker run --rm -P --name isoweb_test isoweb:0.1 [Sun Dec 21 12:49:43.697580 2014] [core:warn] [pid 1] AH00111: Config variable ${APACHE_RUN_DIR} is not defined AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.127. Set the 'ServerName' directive globally to suppress this message
Starting up ubuntu client container and linking to webserver:
tim@ubuntu:~/docker/ubu_client$ sudo docker run --rm -t -i --hostname=ubuclient1 --link isoweb_test:ubu1 ubu_client bash root@ubuclient1:/# wget --no-check-certificate https://$UBU1_PORT_443_TCP_ADDR:$UBU1_PORT_443_PORT --2014-12-21 12:45:32-- https://172.17.0.119/ Connecting to 172.17.0.119:443... connected. WARNING: cannot verify 172.17.0.119's certificate, issued by '/C=DE/O=Cactus eSecurity/L=Frankfurt/CN=09a2b0b24e0e /emailAddress=itsecorg@cactus.de': Self-signed certificate encountered. WARNING: certificate common name '09a2b0b24e0e' doesn't match requested host name '172.17.0.119'. HTTP request sent, awaiting response... 500 Internal Server Error 2014-12-21 12:45:32 ERROR 500: Internal Server Error. root@ubuclient1:/#
Using phusion/baseimage
tim@pbuilder:~/phusion$ sudo docker search -s 100 "phusion" NAME DESCRIPTION STARS OFFICIAL AUTOMATED phusion/baseimage A special image that is configured for cor... 451 tim@ubuntu:~$ sudo docker pull phusion/baseimage:0.9.15 tim@ubuntu:~$ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 14.04.1 04c5d3b7b065 4 days ago 192.7 MB phusion/baseimage 0.9.15 cf39b476aeec 11 weeks ago 289.4 MB tim@ubuntu:~$ ... # run container with ssh listening on port 2222/tcp and a shell in parallel tim@pbuilder:~/phusion$ sudo docker run --rm -t -p 192.168.100.96:2222:22 -i phusion/baseimage:0.9.15 ... *** Runit started as PID 95 *** Running bash -l... root@b2a9f8dfff35:/# # run container with ssh listening on port 2222/tcp tim@pbuilder:~/phusion$ sudo docker run --rm -t -p 2222:22 -i phusion/baseimage:0.9.15 ... *** Runit started as PID 95 tim@pbuilder:~/phusion$ sudo docker run --name="isodb" -h iso-db phusion/baseimage:0.9.15 *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... No SSH host key available. Generating one... Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... Creating SSH2 ED25519 key; this may take some time ... invoke-rc.d: policy-rc.d denied execution of restart. *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 95 tim@pbuilder:~$ pwd /home/tim tim@pbuilder:~$ cat phusion/Dockerfile # Use phusion/baseimage as base image. To make your builds # reproducible, make sure you lock down to a specific version, not # to `latest`! See # https://github.com/phusion/baseimage-docker/blob/master/Changelog.md # for a list of version numbers. FROM phusion/baseimage:0.9.15 # Set correct environment variables. ENV HOME /root # Regenerate SSH host keys. baseimage-docker does not contain any, so you # have to do that yourself. You may also comment out this instruction; the # init system will auto-generate one during boot. RUN /etc/my_init.d/00_regen_ssh_host_keys.sh # Use baseimage-docker's init system. CMD ["/sbin/my_init"] # ...put your own build instructions here... RUN mkdir -p $HOME/.ssh COPY id_rsa.pub $HOME/.ssh/ RUN cat $HOME/.ssh/id_rsa.pub >>$HOME/.ssh/authorized_keys && rm $HOME/.ssh/id_rsa.pub RUN chmod 600 $HOME/.ssh/authorized_keys # Clean up APT when done. RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* tim@pbuilder:~$ tim@pbuilder:~$ sudo docker build -t itsecorg/base phusion/ Sending build context to Docker daemon 4.608 kB Sending build context to Docker daemon Step 0 : FROM phusion/baseimage:0.9.15 ---> cf39b476aeec Step 1 : ENV HOME /root ---> Using cache ---> a6321e755610 Step 2 : RUN /etc/my_init.d/00_regen_ssh_host_keys.sh ---> Using cache ---> 37d8605f992d Step 3 : CMD ["/sbin/my_init"] ---> Using cache ---> e6f97e12568c Step 4 : RUN mkdir -p $HOME/.ssh ---> Using cache ---> dce7809f4362 Step 5 : COPY id_rsa.pub $HOME/.ssh/ ---> Using cache ---> 3dfba0cc70c0 Step 6 : RUN cat $HOME/.ssh/id_rsa.pub >>$HOME/.ssh/authorized_keys && rm $HOME/.ssh/id_rsa.pub ---> Using cache ---> e235cefc1126 Step 7 : RUN chmod 600 $HOME/.ssh/authorized_keys ---> Using cache ---> 15c305685afe Step 8 : RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ---> Using cache ---> 1fc643e36a1d Successfully built 1fc643e36a1d tim@pbuilder:~$ tim@pbuilder:~$ sudo docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE itsecorg/base latest 1fc643e36a1d 28 minutes ago 292.2 MB tim@pbuilder:~$ sudo docker run itsecorg/base -p 2222:22 2014/11/21 12:45:32 exec: "-p": executable file not found in $PATH tim@pbuilder:~$ sudo docker run -p 2222:22 itsecorg/base *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/rc.local... *** Booting runit daemon... *** Runit started as PID 12 tim@pbuilder:~$ sudo netstat -tulpen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 9228 819/sshd tcp6 0 0 :::2222 :::* LISTEN 0 1513329 11865/docker.io tcp6 0 0 :::22 :::* LISTEN 0 9230 819/sshd tim@pbuilder:~$ tim@pbuilder:~$ sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d8ae08a0c160 3dfba0cc70c0 /bin/sh -c 'cat $HOM About a minute ago Exited (1) About a minute ago desperate_almeida e1aefedbc11c phusion/baseimage:0.9.15 /sbin/my_init About an hour ago Up About an hour isodb tim@pbuilder:~$ sudo docker rm e1aefedbc11c Error response from daemon: Impossible to remove a running container, please stop it first or use -f 2014/11/21 13:22:36 Error: failed to remove one or more containers tim@pbuilder:~$ sudo docker stop e1aefedbc11c e1aefedbc11c tim@pbuilder:~$ sudo docker rm e1aefedbc11c e1aefedbc11c tim@pbuilder:~$
Changing config files
Replacing settings:
RUN sed -i.orig \ -e "s/^memory_limit\s*=.*/memory_limit = 200M/" \ -e "s/^max_execution_time\s*=.*/max_execution_time = 900/" \ -e "s/^default_charset\s*=.*/default_charset = \"utf\-8\"/" \ -e "s|^include_path\s*=.*|include_path = \"/usr/share/php:/usr/share/lib/php:/usr/share/itsecorg/web/include:/usr/share/itsecorg/etc:/usr/share/itsecorg/web/htdocs/inctxt:/usr/share/itsecorg/web/htdocs/hilfe\"|" \ -e "s|^doc_root\s*=.*|doc_root = /usr/share/itsecorg/web|" \ -e "s/^sql\.safe_mode\s*=.*/sql.safe_mode = On/" \ -e "s/^expose_php\s*=.*/expose_php = Off/" \ -e "s/^display_errors\s*=.*/display_errors = Off/" \ -e "s/^display_startup_errors\s*=.*/display_startup_errors = Off/" \ -e "s/^error_log\s*=.*/error_log = syslog/" \ -e "s/^log_errors_max_len\s*=.*/log_errors_max_len = 0/" \ -e "s/^pgsql\.log_notice\s*=.*/pgsql.log_notice = 1/" \ -e "s|^session\.save_path\s*=.*|session.save_path = /var/itsecorg/session|" \ -e "s/^session\.gc_maxlifetime\s*=.*/session\.gc_maxlifetime = 14400/" \ /etc/php5/apache2/php.ini /etc/php5/cli/php.ini RUN sed -i.orig \ -e "s|^host\s*all\s*all\s*127.0.0.1/32\s*md5|# &|" \ -e "s|^host\s*all\s*all\s*::1/128\s*md5|# &|" \ /etc/postgresql/main/9.3/pg_hba.conf
Adding settings:
RUN cat <<EOT >> /etc/postgresql/main/9.3/pg_hba.conf host all dbadmin 127.0.0.1/32 md5 host all itsecorg 127.0.0.1/32 md5 host all +dbbackupusers 127.0.0.1/32 trust host all +configimporters 127.0.0.1/32 trust host all confexporter 127.0.0.1/32 trust host all +secuadmins 127.0.0.1/32 md5 host all +reporters 127.0.0.1/32 md5 host all all 127.0.0.1/32 md5 host all all ::1/128 md5 EOT