Docker

About Docker, looks awesome. Easy to create bootable, runnable images, easy to deploy because the global hub site is a crucial part of the proposition. The free usage of the hub, encourages the publication and sharing of images which are then imported over the internet. Originally written the summer of 2015, and revised in the Summer of 2016

I’ll need to have a think about enterprise architectures and the needs for data leakage controls, but time for another day.

Started | Virtual Box | Management | Containers | Virtual Networking | WordPress | Mongo | Apache | daemons | Shipyard | More Networking | Volumes & Devices

Read these first

1. Installing Docker on Ubuntu 16.04 at digitalocean.com
2. http://www.dockerbook.com/, this has changed since 2015, but I am still working thorough the older book
3. https://docs.docker.com/engine/understanding-docker/
4. https://docs.docker.com/articles/basics/
5. https://docs.docker.com/userguide/
6. https://docs.docker.com/engine/reference/builder/

Getting Started

From the digital ocean pages document above

# # On Ubuntu

# apt-get update
# apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
# echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
# apt-get update
# apt-get install -y docker-engine
# systemctl status docker

For shipyard you will have to bind the docker engine to the host ports, see Networking Docker below.. If using a Virtual Box guest this will need to be the ip address bound to the host driver. Shipyard is implemented as docker packages and can be implemented using docker run & docker pull

Virtual Box

If using a virtual box guest as a docker host, bridged networking no longer works for windows and two interfaces must be configured, NAT & Hosted. I originally stated that “the IP address specified in the defaults file must be checked against the address used.” This needs to be checked in 2016. When binding the docker engine to the network, if needs to be bound to the Hosted interface. See Networking Docker below.

Running a container.

1. https://docs.docker.com/reference/commandline/cli/
2. http://docs.docker.com/reference/run/
3. Run a service automatically in a docker container, from StackOverflow

Networking (Containers)

1. http://blog.sequenceiq.com/blog/2014/08/12/docker-networking/
2. https://blog.codecentric.de/en/2014/01/docker-networking-made-simple-3-ways-connect-lxc-containers/
3. https://docs.docker.com/engine/userguide/networking/work-with-networks/

In 2016, I used the EXPOSE command with the run -p command; make sure the service is running; looks like the host web server needs to be turned off or at least not listening to the publicly exposed port. This page in the Docker documentation may apply, the link is repeated in the More Networking section below.

WordPress

1. https://registry.hub.docker.com/_/wordpress/
2. https://www.digitalocean.com/community/tutorials/how-to-dockerise-and-deploy-multiple-wordpress-applications-on-ubuntu

This is easy peasy, first we need the name, the  db root password and name of a mysql container together with the label of a file system location, then,

docker pull wordpress
docker run -e WORDPRESS_DB_PASSWORD=${password} --name wordpress \
    -v ${whatever}:/var/www/html --link ${db_container_name}:mysql \
    -p ${whatever}:80 -d wordpress

This code located the complete wordpress installation on the filestore location and therefore persists versions, themes, plugins and uploads directory.

Mysql

Another daemon, and we need to be able to log in to the container to check the logs and diagnostics. Here’s the docker links,

• https://registry.hub.docker.com/_/mysql/

the code [sudo] docker pull mysql gets the image, the docker file is documented here…

So,

# written 2 Sep 2016
docker pull mysql
...
sudo mkdir /data
sudo mkdir /data/mysql${UNIQ_ID}

docker run --name some-mysql -v /data/mysql$UNIQ_ID}:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql
docker exec -it --name somemysql-client some-mysql bash

The last command can be implemented via shipyard. Inspect the container and then enter the console and ask for a bash shell. In the bash shell, you can execute

mysql -uroot -pmy-secret-pw

Mongo

1. https://github.com/dockerfile/mongodb
2. http://docs.docker.com/examples/mongodb/

Apache

I used apache as my first exercise, and created two images in the docker hub, one has no run instructions, the second apache2d is designed to run as a daemon. It was updated in 2016.

.

docker run -d

The container command that is the final argument to docker run -d must not be a background process, or more accurately mustn’t be a nohup call to a service daemon. i.e. the daemon program call must be used.

service apache2 start is no good, /usr/sbin/apache2 is required, and it seems we have a -D flag to force foreground execution. This is a feature of the apache binary, but for other services it may become a part of the service control standards? Anyway the runes are,

$ dosh run -d dfl1955/apache2 /usr/sbin/apachectl -D FOREGROUND

where dosh is an alias for “sudo docker”. This article by slopjong was most helpful once I understood that a docker daemonised/detached container must take the server i.e. the unending program as the argument and once I understood that the -D flag would force apache to run in the FOREGROUND. This article by someone called Mon, speaks of how to use run -i -t to start an apache service in an interactive container

Private Registries

1. https://blog.docker.com/2013/07/how-to-use-your-own-registry/
2. https://docs.docker.com/registry/deploying/

boot2docker

1. http://odewahn.github.io/docker-jumpstart/boot2docker.html

Managing (Shipyard)

I returned to Docker in 2016.

In order to install Shipyard, I worked through all the instructions at

1. https://shipyard-project.com/docs/deploy/manual/

This eventually comes up. It can see no resources. I then bound the docker engine to the ipv4 address. See Networking Docker below. On the way I created a local registry, it made no difference, maybe I’ll suss this out next. It is necessary to bind the docker daemon to tcp and not a file based socket. i.e. the daemon has to be a network resource. (Obvious really)

Here’s how,

1. Read the Shipyard Documentation
2. Ignore everything google says about V1, which will talk about an agent.
3. Bind the docker daemon to a tcp location, this will be not be 127.0.0.1, nor its alias. It’s possible that the Virtual Box host makes a difference.

Here are some links,

1. http://shipyard-project.com/

The dashboard is on 8080 and has initial password credentials of admin/shipyard.

Networking Docker

This section was written in 2014. This article refers to Shipyard V1 which now superseded. It documents how to bind the daemon to the network. It involves editing, /etc/default/docker and amending the DOCKER_OPTS flag. It should be noted that 127.0.0.1 is a relative address and thus the tcp/ip address of the daemon host should be used. I have not tested if the hosts file alias works or not. The Shipyard quick start points to a section, bind docker to another host port…. in the Docker Basics documentation.

1. http://serverascode.com/2014/05/25/docker-shipyard-multihost.html
2. https://docs.docker.com/articles/basics/#bind-docker-to-another-hostport-or-a-unix-socket
3. https://docs.docker.com/engine/userguide/networking/default_network/binding/

I have set the default file, /etc/default/docker to

DOCKER_OPTS="-H tcp://192.168.0.20x:2376  \
             -H unix:///var/run/docker.sock"

This was found in 2016, may be worth checking out.

1. http://containertutorials.com/network/basic_network.html

Volumes and Devices

 

Use volumes for extent based databases i.e. data managers with large files.

We have the choice of using  docker volumes or remote file systems.