About Docker, looks awesome. Easy to create bootable, runnable images, easy to deploy because the global hub site is a crucial part of the proposition. The free usage of the hub, encourages the publication and sharing of images which are then imported over the internet. Originally written the summer of 2015, and revised in the Summer of 2016

I’ll need to have a think about enterprise architectures and the needs for data leakage controls, but time for another day.

Started | Virtual Box | Management | Containers | Virtual Networking | WordPress | Mongo | Apache | daemons | Shipyard | More Networking | Volumes & Devices

Read these first

  1. Installing Docker on Ubuntu 16.04 at digitalocean.com
  2. http://www.dockerbook.com/, this has changed since 2015, but I am still working thorough the older book
  3. https://docs.docker.com/engine/understanding-docker/
  4. https://docs.docker.com/articles/basics/
  5. https://docs.docker.com/userguide/
  6. https://docs.docker.com/engine/reference/builder/

Getting Started

From the digital ocean pages document above

# # On Ubuntu

# apt-get update
# apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
# echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
# apt-get update
# apt-get install -y docker-engine
# systemctl status docker

For shipyard you will have to bind the docker engine to the host ports, see Networking Docker below.. If using a Virtual Box guest this will need to be the ip address bound to the host driver. Shipyard is implemented as docker packages and can be implemented using docker run & docker pull

Virtual Box

If using a virtual box guest as a docker host, bridged networking no longer works for windows and two interfaces must be configured, NAT & Hosted. I originally stated that “the IP address specified in the defaults file must be checked against the address used.” This needs to be checked in 2016. When binding the docker engine to the network, if needs to be bound to the Hosted interface. See Networking Docker below.

Running a container.

  1. https://docs.docker.com/reference/commandline/cli/
  2. http://docs.docker.com/reference/run/
  3. Run a service automatically in a docker container, from StackOverflow

Networking (Containers)

  1. http://blog.sequenceiq.com/blog/2014/08/12/docker-networking/
  2. https://blog.codecentric.de/en/2014/01/docker-networking-made-simple-3-ways-connect-lxc-containers/
  3. https://docs.docker.com/engine/userguide/networking/work-with-networks/

In 2016, I used the EXPOSE command with the run -p command; make sure the service is running; looks like the host web server needs to be turned off or at least not listening to the publicly exposed port. This page in the Docker documentation may apply, the link is repeated in the More Networking section below.

WordPress

  1. https://registry.hub.docker.com/_/wordpress/
  2. https://www.digitalocean.com/community/tutorials/how-to-dockerise-and-deploy-multiple-wordpress-applications-on-ubuntu

This is easy peasy, first we need the name, the  db root password and name of a mysql container together with the label of a file system location, then,

docker pull wordpress
docker run -e WORDPRESS_DB_PASSWORD=${password} --name wordpress \
    -v ${whatever}:/var/www/html --link ${db_container_name}:mysql \
    -p ${whatever}:80 -d wordpress

This code located the complete wordpress installation on the filestore location and therefore persists versions, themes, plugins and uploads directory.

Mysql

Another daemon, and we need to be able to log in to the container to check the logs and diagnostics. Here’s the docker links,

the code [sudo] docker pull mysql gets the image, the docker file is documented here…

So,

# written 2 Sep 2016
docker pull mysql
...
sudo mkdir /data
sudo mkdir /data/mysql${UNIQ_ID}

docker run --name some-mysql -v /data/mysql$UNIQ_ID}:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql
docker exec -it --name somemysql-client some-mysql bash

The last command can be implemented via shipyard. Inspect the container and then enter the console and ask for a bash shell. In the bash shell, you can execute

mysql -uroot -pmy-secret-pw

Mongo

  1. https://github.com/dockerfile/mongodb
  2. http://docs.docker.com/examples/mongodb/

Apache

I used apache as my first exercise, and created two images in the docker hub, one has no run instructions, the second apache2d is designed to run as a daemon. It was updated in 2016.

.

docker run -d

The container command that is the final argument to docker run -d must not be a background process, or more accurately mustn’t be a nohup call to a service daemon. i.e. the daemon program call must be used.

service apache2 start is no good, /usr/sbin/apache2 is required, and it seems we have a -D flag to force foreground execution. This is a feature of the apache binary, but for other services it may become a part of the service control standards? Anyway the runes are,

$ dosh run -d dfl1955/apache2 /usr/sbin/apachectl -D FOREGROUND

where dosh is an alias for “sudo docker”. This article by slopjong was most helpful once I understood that a docker daemonised/detached container must take the server i.e. the unending program as the argument and once I understood that the -D flag would force apache to run in the FOREGROUND. This article by someone called Mon, speaks of how to use run -i -t to start an apache service in an interactive container

Private Registries

  1. https://blog.docker.com/2013/07/how-to-use-your-own-registry/
  2. https://docs.docker.com/registry/deploying/

boot2docker

  1. http://odewahn.github.io/docker-jumpstart/boot2docker.html

Managing (Shipyard)

I returned to Docker in 2016.

In order to install Shipyard, I worked through all the instructions at

  1. https://shipyard-project.com/docs/deploy/manual/

This eventually comes up. It can see no resources. I then bound the docker engine to the ipv4 address. See Networking Docker below. On the way I created a local registry, it made no difference, maybe I’ll suss this out next. It is necessary to bind the docker daemon to tcp and not a file based socket. i.e. the daemon has to be a network resource. (Obvious really)

Here’s how,

  1. Read the Shipyard Documentation
  2. Ignore everything google says about V1, which will talk about an agent.
  3. Bind the docker daemon to a tcp location, this will be not be 127.0.0.1, nor its alias. It’s possible that the Virtual Box host makes a difference.

Here are some links,

  1. http://shipyard-project.com/

The dashboard is on 8080 and has initial password credentials of admin/shipyard.

Networking Docker

This section was written in 2014. This article refers to Shipyard V1 which now superseded. It documents how to bind the daemon to the network. It involves editing, /etc/default/docker and amending the DOCKER_OPTS flag. It should be noted that 127.0.0.1 is a relative address and thus the tcp/ip address of the daemon host should be used. I have not tested if the hosts file alias works or not. The Shipyard quick start points to a section, bind docker to another host port…. in the Docker Basics documentation.

  1. http://serverascode.com/2014/05/25/docker-shipyard-multihost.html
  2. https://docs.docker.com/articles/basics/#bind-docker-to-another-hostport-or-a-unix-socket
  3. https://docs.docker.com/engine/userguide/networking/default_network/binding/

I have set the default file, /etc/default/docker to

DOCKER_OPTS="-H tcp://192.168.0.20x:2376  \
             -H unix:///var/run/docker.sock"

This was found in 2016, may be worth checking out.

  1. http://containertutorials.com/network/basic_network.html

Volumes and Devices

 

https://youtu.be/hk6wqNBLlxQ

Use volumes for extent based databases i.e. data managers with large files.

We have the choice of using  docker volumes or remote file systems.

8 Replies

  1. I am now running my first docker host. (a bash shell). This is awesome and easy. Why didn’t Sun do this with Zones? They had the technology 10 years ago.

    However despite the noise and the real political power the open source advocates had, Sun never got the tendency to monopoly in chips & hardware. As with so much of Solaris they rejected the concept of the third party repo, although the advocates of Indiana did their best, and, unlike Oracle , who recognised the threat from MySQL, failed to effectively recognise that the second competitive advantage that Linux had over Solaris was an ease of install. Zones were never easy and Sun on Intel was always an after thought.

    I thought I was better. 🙂

  2. I have returned to Docker today. docs.docker takes me here… for installation guidance and I have worked through these steps except, I have not turned memory & swap accounting on, uncomplicated firewall is not enabled or running, and have enabled the google DNS servers in the docker defaults file.

  3. In attempting to get the simple apache example working, I spent hours tracking down an ERR_CONNECTION_REFUSED when attempting to read the served home page. The ultimate error was that I had failed to start the service inside my docker package. I went down the failure to bind to ports route, investigated the use of virtual servers on the host, mucked around with apache directing statements about port 8080, turning the hosts apache server on an off, and fooling around with the firewall, including installing gufw. The lesson is that the error was nearest the problem, I was running a docker image and it was misconfigured..

  4. I removed the following comments today,

    The run command is mysqld, but they also define the entrypoint as a proprietary piece of code, which evaluates parameters, the V5.5 entrypoint.sh is here….

    Do I need to build my own, theirs is based on debian wheezy and I prefer ubuntu and it has kept to some standards that I want to break. i.e. file placement policies. I think I prefer to provide my configurations as files, but the default and its documentation page, see above, show how to add configuration files using the -v parameter. Think I’ll try that first. I didn’t.

  5. Pingback: notify-send |

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.