Docker
General
- Docker Hub
- Docker Docs
- Docker command reference
- Docker networking
- Dockerfile reference
- Images:
Install/start docker
dnf install docker systemctl start docker
Control images:
docker pull <name> docker image ls docker image rm <image>
Control containers:
- run creates a container from an image
- capture container stdin with -it
- map host filesystem into container in readonly mode and an SELinux label
docker run --name fedora -it --volume /home/docker:/mount:ro,Z fedora
- each container has its own network: need to bind container ports to host ports
docker run --name nginx -p 8080:80 -v /home/html:/usr/share/nginx/html:ro,Z nginx
docker start -d <container> docker stop <container> docker rm <container> docker ps docker ps -a docker port <container>
Networking
Network types:
- Bridge (default) : on separate 172. network
- host : no network isolation
- none : completely isolated
- ipvlan
- macvlan
Containers can communicate with a bridge network by IP, or better via built-in DNS (via container name) as long as the bridge network is named.
Show network drivers:
docker network ls
Show gateway and IPs that the containers have:
docker network inspect bridge
Create NewNetwork:
docker network create --driver bridge --subnet 192.168.7.0/24 NewNetwork
Storage
on host, in /var/lib/docker
- containers
- image
- volumes
Data is copy-on-write to the container, and never updates the underlying image, so gets lots when the container is destroyed.
Create a volume (in volumes):
docker volume create NewVol
Volume Mount for MySQL container:
docker run -v NewVol:/var/lib/mysqql mysql
Bind Mount to anywhere on the host filesystem with full path:
docker run -v /data/MySQL:/var/lib/mysqql mysql
But the preferred way is:
--mount type=bind,source=/data/MySQL,target=/var/lib/mysql
Create an image
Dockerfile:
# Some comment FROM baseimage:tag LABEL org.opencontainers.image.authors="me@example.com" LABEL version="1.0" WORKDIR /data COPY somefile . ENV PORT 8088 RUN somecommand ENTRYPPOINT ["python", "manage.py", "runserver"] CMD ["echo", "Hello World!]
Build:
docker build --rm -t name:tag .
Entrypoints / Commands
- ENTRYPOINT defines the command that is run as PID 1
- CMD adds options to it the entrypoint. If ENTRYPOINT is not specified, "/bin/sh -c" is assumed
- Anything added after image name in "docker run" command is treated as CMD arguments
Environment Variables
Pass into docker run:
docker run -e DBUSER=dbuser -e DBPORT=5432 <container>
Or using a value so it doesn't appear on process list:
docker run -e DBUSER=dbuser -e DBPASS <container>
Or from a file:
docker run --env-file ./env_vars
Push image
- Create a repository on Docker Hub, someuser/somerepo
When building a local image use the tag "someuser/somerepo", or tag an existing local image "local-image" with the dockerhub tag:
docker tag local-image someuser/somerepo
Login to docker (credential store in /root/.docker/config.json):
docker login
Push the image to dockerhub (tagname defaults to latest):
docker push someuser/somerepo:tagname
Push a new image:
docker tag local-image:tagname somerepo:tagname docker push somerepo:tagname
Debugging
Look at stdout from PID 1:
docker logs -f <container>
File is stored on host (see inspect for path) until container is removed. Has options -f and -n which act like tail.
Attach terminal to container (CTRL-p CTRL-q to exit) and see stdout:
docker attach <container>
Start an interactive shell into the container:
docker exec -it <container> /bin/bash
Pause/unpause:
docker pause <container> docker unpause <container>
See top for a container or stats for all containers on a host:
docker top container docker stats
See container definition/state (JSON):
docker inspect <container>
especially:
- Current state of the container. in the “State” property
- Path to the log history file, in the “LogPath” field
- Values of set environment vars, in the “Config.Env” field
- Mapped ports, in the “NetworkSettings.Ports” field
Show container history:
docker history <container>
Override ENTRYPOINT:
docker run -d -p 80:80 --entrypoint /bin/sh /myrepo/mydjangoapp
Docker Compose
TBC