Portainer.io
-
mkdir ~/.portainer
-
docker run -d -p 10101:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v ~/.portainer:/data portainer/portainer:1.16.5
Access http://localhost:10101/
Configure templates to point to https://rmetcalf9.github.io/portainer_files/main.json
Inside compose:
-
# A web based interface for managing docker containers.
-
portainer:
-
image: portainer/portainer:1.16.5
-
command: --templates http://templates/templates.json
-
volumes:
-
- /var/run/docker.sock:/var/run/docker.sock
-
# Enable you to access potainers web interface from your host machine
-
# using http://localhost:10101
-
ports:
-
- "10001:9000"
x
Install:
https://docs.docker.com/engine/installation/linux/ubuntulinux/
Commands:
http://blog.zot24.com/tips-tricks-docker/
-
sudo docker run hello-world
-
sudo docker run -it ubuntu bash
-
sudo docker info
-
sudo docker images
-
sudo docker ps
-
sudo docker ps -a
Stop container: sudo docker stop
Oracle Docker Images
https://github.com/oracle/docker-images
Clean up
-
docker rm $(docker ps -a -q)
-
docker rmi $(docker images | grep "<none>" | awk '{print $3}')
-
docker system prune
-
docker volume ls -qf dangling=true | xargs -r docker volume rm
-
-
docker system df
Drastic:
-
sudo service docker stop
-
sudo rm -rf /var/lib/docker
-
sudo service docker start
Run with shared FS
-
docker run -it -v ~/Documents/tmp:/var/host_tmp oracle/jdk:8 bash
Docker on Catness
sudo apt install docker.io
sudo apt install docker-compose
docker --version
docker-compose --version
Allow docker to run with no sudo
sudo usermod -aG docker $(whoami)
Run drupal on it's own:
sudo docker run --name rjmtest-mysql -p 8080:80 -d drupal
sudo docker stop rjmtest-mysql
sudo docker start rjmtest-mysql
Clear then run these steps to link mysql with docker
sudo docker run --name rjmtest-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql
sudo docker run --name rjmtest-drupal --link rjmtest-mysql:mysql -p 8080:80 -d drupal
To run MYSQL on container
sudo docker run -it --link rjmtest-mysql:mysql --rm mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'
Run following commands:
CREATE DATABASE drupal;
grant ALL on drupal.* TO drupal_ro3p5cs@'172.17.%.%' IDENTIFIED BY 'PASS';
Get bash terminal into docker
Running container:
-
docker exec -i -t container-name /bin/bash
bash shell into an image:
-
docker run --rm --name container-name --entrypoint /bin/bash -it image-name
List dangling volumes
List and remove
-
docker volume ls -qf dangling=true | xargs -r docker volume rm
Network analysis
Execute into a container and run the following:
-
apt update
-
apt install coreutils
-
apt install tcpdump
-
tcpdump -i any
-
tcpdump -s 0 -A port 4440
Stack commands
Deploy stack
-
docker stack deploy --compose-file=docker-compose.yml webservices
Restart single service in stack:
-
docker service update webservices_konga
Why isn't service starting
-
docker stack ps webservicesint --no-trunc
Permissions of mounted volumes
Sometimes volume directories need to be owned by a container specific user. This is how I set this up for neo4j
-
docker run --volume=$(pwd)/data/neo4j/data:/data --entrypoint chown neo4j:3.4.7 -R neo4j /data
-
docker run --volume=$(pwd)/data/neo4j/logs:/logs --entrypoint chown neo4j:3.4.7 -R neo4j /logs
Secrets
Create
-
docker secret create secretName - <<EOF
-
abc
-
\$slash_if_I_want_dollar_in_secret
-
EOF
or
-
cat googleauth_client_secret.json | docker secret create saas_user_management_system_authprov_google -
View
-
docker service create --name testService --secret secretName dockercloud/hello-world
-
docker ps to find server name
-
docker exec -it testService.1.nb5u83b4hy8nzefxvqavd88br cat /run/secrets/secretName
-
docker service rm testService
If on my cluster the service needs to be pinned to the node I use to view:
-
docker service create --name testService --secret secretName --constraint 'node.labels.legacy == true' dockercloud/hello-world
Network Creation
Creation of encrypted network on a swarm
-
docker network create --driver=overlay --attachable main_net --opt encrypted
LAyers
Check out layers https://github.com/wagoodman/dive
Get file system from container
Good when there is no shell in container
-
docker export 8858ab66fc88 -o tmp.tar
-
mkdir t
-
cd t
-
mv ../tmp.tar .
-
tar -xf tmp.tar
Needs a running container.