Docker Notes

Submitted by code_admin on Mon, 07/30/2018 - 13:35

Portainer.io

  1. mkdir ~/.portainer
  2. docker run -d -p 10101:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v ~/.portainer:/data portainer/portainer:1.16.5

Access http://localhost:10101/

Configure templates to point to https://rmetcalf9.github.io/portainer_files/main.json

Inside compose:

  1.   # A web based interface for managing docker containers.
  2.   portainer:
  3.     image: portainer/portainer:1.16.5
  4.     command: --templates http://templates/templates.json
  5.     volumes:
  6.       - /var/run/docker.sock:/var/run/docker.sock
  7.     # Enable you to access potainers web interface from your host machine
  9.     ports:
  10.         - "10001:9000"

x

Install:
https://docs.docker.com/engine/installation/linux/ubuntulinux/

Commands:

http://blog.zot24.com/tips-tricks-docker/

  1. sudo docker run hello-world
  2. sudo docker run -it ubuntu bash
  3. sudo docker info
  4. sudo docker images
  5. sudo docker ps
  6. sudo docker ps -a

Stop container: sudo docker stop

Oracle Docker Images

https://github.com/oracle/docker-images

Clean up

  1. docker rm $(docker ps -a -q)
  2. docker rmi $(docker images | grep "<none>" | awk '{print $3}')
  3. docker system prune
  4. docker volume ls -qf dangling=true | xargs -r docker volume rm
  5.  
  6. docker system df

Drastic:

  1. sudo service docker stop
  2. sudo rm -rf /var/lib/docker
  3. sudo service docker start

Run with shared FS

  1. docker run -it -v ~/Documents/tmp:/var/host_tmp oracle/jdk:8 bash

Docker on Catness

sudo apt install docker.io
sudo apt install docker-compose
docker --version
docker-compose --version

Allow docker to run with no sudo
sudo usermod -aG docker $(whoami)

Run drupal on it's own:
sudo docker run --name rjmtest-mysql -p 8080:80 -d drupal
sudo docker stop rjmtest-mysql
sudo docker start rjmtest-mysql

Clear then run these steps to link mysql with docker

sudo docker run --name rjmtest-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql
sudo docker run --name rjmtest-drupal --link rjmtest-mysql:mysql -p 8080:80 -d drupal

To run MYSQL on container

sudo docker run -it --link rjmtest-mysql:mysql --rm mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'

Run following commands:

CREATE DATABASE drupal;
grant ALL on drupal.* TO drupal_ro3p5cs@'172.17.%.%' IDENTIFIED BY 'PASS';

Get bash terminal into docker

Running container:

  1. docker exec -i -t container-name /bin/bash

bash shell into an image:

  1. docker run --rm --name container-name --entrypoint /bin/bash -it image-name

List dangling volumes

List and remove

  1. docker volume ls -qf dangling=true | xargs -r docker volume rm

Network analysis

Execute into a container and run the following:

  1. apt update
  2. apt install coreutils
  3. apt install tcpdump
  1. tcpdump -i any
  2. tcpdump -s 0 -A port 4440

Stack commands

Deploy stack

  1. docker stack deploy --compose-file=docker-compose.yml webservices

Restart single service in stack:

  1. docker service update webservices_konga

Why isn't service starting

  1. docker stack ps webservicesint --no-trunc

Permissions of mounted volumes

Sometimes volume directories need to be owned by a container specific user. This is how I set this up for neo4j

  1. docker run --volume=$(pwd)/data/neo4j/data:/data --entrypoint chown neo4j:3.4.7 -R neo4j /data
  2. docker run --volume=$(pwd)/data/neo4j/logs:/logs --entrypoint chown neo4j:3.4.7 -R neo4j /logs

Secrets

Create

  1. docker secret create secretName - <<EOF
  2. abc
  3. \$slash_if_I_want_dollar_in_secret
  4. EOF

or

  1. cat googleauth_client_secret.json | docker secret create saas_user_management_system_authprov_google -

View

  1. docker service create --name testService --secret secretName dockercloud/hello-world
  2. docker ps to find server name
  3. docker exec -it testService.1.nb5u83b4hy8nzefxvqavd88br cat /run/secrets/secretName
  4. docker service rm testService

If on my cluster the service needs to be pinned to the node I use to view:

  1. docker service create --name testService --secret secretName --constraint 'node.labels.legacy == true' dockercloud/hello-world

Network Creation

Creation of encrypted network on a swarm

  1. docker network create --driver=overlay --attachable main_net --opt encrypted

LAyers

Check out layers https://github.com/wagoodman/dive

Get file system from container

Good when there is no shell in container

  1. docker export 8858ab66fc88 -o tmp.tar
  2. mkdir t
  3. cd t
  4. mv ../tmp.tar .
  5. tar -xf tmp.tar

Needs a running container.

Tags

RJM Article Type
Quick Reference