Overview | Continuous Integration (CI) | Source Control Management (SCM) | Containerization | Configuration | Integration

Docker Basics

Installation

The Docker Way

Installation done on CentOS7. Install, start, enable for system startup.

~$ sudo yum check-update
~$ curl -fsSL https://get.docker.com/ | sh
~$ sudo systemctl start docker
~$ sudo systemctl enable docker

Using a repo

Ref: https://docs.docker.com/engine/install/centos/

~$ sudo yum install -y yum-utils
~$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
~$ sudo yum install docker-ce docker-ce-cli containerd.io

Accept the matching GPG key if prompted

Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35

~$ sudo systemctl start docker
~$ sudo systemctl enable docker

Images

search

public Docker Hub (repo) for images of software builds. Includes both official (owner) created and public (consumer) created so be careful with what you download for obvious security reasons.

~$ sudo docker search software_name

look for official builds and not random images laced with malware

~$ sudo docker search --filter is-official=true ubuntu

pull

download docker images for local deployment.

~$ sudo docker pull repository/software_name:tag

images (list)

get a listing of local available docker images

~$ sudo docker images

rmi (delete image)

delete a local docker image

~$ sudo docker rmi image_id

or alternative you can delete by name

~$ sudo docker rmi $(docker images | grep 'imagename')
~$ sudo docker rmi $(docker images 'completeimagename' -a -q)

or you can delete all orphaned images (without a parent and is not a parent of a tagged image)

~$ docker rmi $(docker images -f dangling=true -q)

history

see a history of the docker image. It is important to know that the history only stacks based on the image_id the container was started up from. If you create multiple changes and commit them separately, the latest image will have all the updates, but will not the multiple comments if they were included in the commit. If you want a consistent linear growth of commit history in the image, you must start the container with the latest image_id before making updates.

~$ sudo docker history image_id

commit

create a new image based on the specified container. It is important to note that if you want to maintain a consistent linear growth of commit history in the image, you must start the container with the latest image_id before making updates or commits.
Also, as best practice it is recommended that you specify the repository where the docker image will be pushed to (whether public or private). Locally however, the repository name structure can be anything, but you should follow best practice to keep organized.

~$ sudo docker commit -m "comment" -a "Author" container_id repository/image_name:tag
ie. ~$ sudo docker commit -m "installed telnet" -a "root" ce056f9a7d2f root_repo/centos-updated:version3

inspect

inspect an image to see what it is comprised of.

~$ sudo docker inspect image_id

build

build an image from a dockerfile

~$ sudo docker build --file Dockerfile .

Containers

run

There are a few different options to consider when running a container.

interactive -it

add the -it option if you want to be interactive with the container, ie. immediately log in as root and have a shell.

~$ sudo docker run -it image_id
~$ sudo docker run -it image_id:latest /bin/bash (example command)

standard

no switches. This will run the container and execute the default command. In basic instances it would be "/bin/bash" which is an unattached shell that would immediate exit causing the container to stop running.

~$ sudo docker run image_id

name with meaningful name --name=meaningful_name

add a meaningful name instead of allowing docker to randomly create one.

~$ sudo docker run --name=meaningful_name image_id

hostname --hostname=value

specify a specific hostname for the container rather than allowing a random one to be generated.

~$ sudo docker run --hostname=defined_hostname image_id

automatically delete containers upon exit --rm

a great time saving option that prevents you from having lots of stopped containers lingering.

~$ sudo docker run --rm image_id

disconnected -d

also called daemon mode

~$ sudo docker run -d --name=meaningful_name image_name:tag

container port(s) -p -P

start a container with a port or ports that pass through from the container to the host.

~$ sudo docker run -d --name meaningful_name -P image_name:tag      --------    This binds a random host port from 32768+ to the container listening port.
;$ sudo docker run -d -p 8080:80 --name=meaningful_name image_name:tag      --------    This binds the host port 8080 to the container port 80.

volume mount -v

mount a volume from the host into a specific location in the container. Allows a static location for files that live outside of the containers.

~$ sudo docker -d -p 8080:80 --name=meaningful_name -v /host/path:/container/path image_name:tag
ie. ~$ sudo docker -d -p 8080:80 --name=Webserver4 -v /home/user/www:/usr/share/ngnix/html nginx:latest

overwrite entry point -it --entrypoint=/bin/bash

overwrite the entry point used on the container startup. This allows you to log into the container in order to inspect it manually while preventing the normal startup entry point from executing.

~$ docker run -it --entrypoint=/bin/bash image_name:tag
ie. docker run -it --entrypoint=/bin/bash grafana/grafana:latest

environment variables -e --env --env-file

insert environment variables into a docker image, sometimes required for certain docker containers to run, like mysql.

~$ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash

list

There are a couple of different main options to consider when listing containers.

standard

no switches. This will list all the currently running containers.

~$ sudo docker container ls

all containers -a

add the -a switch if you want to see all containers including those that are not running.

~$ sudo docker container ls -a

only ids -q

list containers but just show their id

~$ sudo docker container ls -q

stop

stop a running container

~$ sudo docker stop container_id

stop after x seconds (--time)

~$ sudo docker stop --time 10 97974bf7be4

remove

remove a container

~$ sudo docker rm container_id

remove all stopped containers

~$ sudo docker rm `sudo docker container ls -a -q`

remove container by image name

~$ sudo docker rm $(docker container ls --all --quiet --filter "ancestor=ubuntu-pwsh")

start

start a container

~$ sudo docker start container_id

restart a container in an interactive shell

~$ sudo docker start -i container_id

restart

restart

restart a container

~$ sudo docker restart container_id

execute

exec

Sometimes you will need to execute a command within a contain. You can do this with the exec command.

~$ sudo docker exec container_id command
~$ sudo docker exec -it container_id /bin/bash     -------     execute a shell on a container and attach interactively.

copy

cp

You may need to copy files from a container to the host (example, setting up volumes), do you can do this with the cp command.

~$ sudo docker cp CONTAINER:SRC_PATH DEST_PATH
~$ sudo docker cp telegraf01:/etc/telegraf /home/user/Docker/telegraf/

Docker Hub

Docker Hub allows you to store your images either in private or public repositories. Personal accounts get (1) free private repo, Organizations do not get any free private repos. Both can purchase private repos at any time through a subscription model.

login

login to the docker hub.

~$ sudo docker login -u username

pull

download docker images for local deployment.

~$ sudo docker pull repository/software_name:tag

push

push a new or updated docker image.

~$ sudo docker push repository/software_name:tag

logout

~$ sudo docker logout

Docker Files

Docker files are used to create images and automatically configure the software.

Essentials

FROM image_name:tag

specifies the base image to start from.

FROM debian:stable

MAINTAINER

specifies the maintainer of the image, generally your dockerhub account and email.

MAINTAINER user_account <[email protected]>

RUN

explicitly runs commands after the container starts.

RUN apt-get update && apt-get upgrade -y

ENV

sets an environmental variable that can be used in the container

ENV MYVALUE my-value

EXPOSE

exposes explicit container ports to the host

EXPOSE 80

CMD

generally used to start a process or service.

-D because we are not running in a daemon mode

FOREGROUND because we want the service to run in the foreground.

CMD ["/usr/sbin/apache2ctl","-D","FOREGROUND"]