=====Docker=====
==== Install ====
Ubuntu:
Requirements:
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
Then:
curl -sSL https://get.docker.com | sh
Check also on:
https://docs.docker.com/engine/install/ubuntu/
SLES:
zypper se -s docker #get the version
zypper in -f docker=18.06.1_ce-98.21.1 #reference the version
Control service:
systemctl is-enabled docker.service
systemctl start docker.service
systemctl status docker.service
systemctl daemon-reload
systemctl restart docker
systemctl show --property Environment docker
==== Links ====
https://hub.docker.com
https://hub.docker.com/r/mysql/mysql-server/
https://hub.docker.com/_/mysql/
https://github.com/cmoro-deusto/docker-rpi-mysql
https://www.techrepublic.com/article/how-to-deploy-and-use-a-mysql-docker-container/
https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-docker-ce-1
https://docs.docker.com
https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
https://docs.docker.com/config/containers/multi-service_container/ #running multiple services in a container
==== Commands ====
===Node/ swarm===
docker node ls
docker node ls -q | xargs docker node inspect -f '{{ .Description.Hostname }}: {{ .Spec.Labels }}' | grep map | sed 's/ /\n\t/g' #show labels
docker service ls |grep container-name #check if container runs
docker service ps container-id #check on which node container runs
docker network create -d overlay --subnet=10.0.32.0/22 --attachable my_network_name
=== Container ===
Start, stop, manage containers:
docker container ls
docker container ls --all
docker container start 10095cc1e53d
docker start 176bd91300c3 #Start Container
docker container stop 00b9227af244
docker container rm b9e0eb78c272
docker rm $(docker ps --all -q -f status=exited)
docker rename CONTAINER_NAME NEW_NAME #Rename container
docker commit my-container ubuntu:16.04 #Commit changes from container "my-container" to image "ubuntu:16.04"
docker stats redis1 redis2 #command to live stream a container’s runtime metrics (cpu, mem etc.)
docker cp containerID:/path/to/file/file_or_foldername . #to copy a file or an folder from within the container to the docker-host
docker cp -a server.key cf755a260e93:/tmp
**Forcefully delete all containers, so pay attention!!**
docker container rm $(docker container ls -a -q)
===Image===
docker image ls
docker images -q #Just show "IMAGE ID"
docker images --digests #show "sha" value to get version of e. g. "lastest"
docker image ls --all
docker pull mysql/mysql-server:latest #Install image mysql
docker rmi image:tag #delete image-tag
**Forcefully delete all images, so pay attention!!**
docker rmi $(docker images -q) -f
Remove images (untagged):
docker rmi $(docker images -f "dangling=true" -q)
=== Save & Restore ===
docker image save 915f54b28a31 -o ubuntu-16.04.tar
docker load < ubuntu-16.04.tar ubuntu-16.04
docker exec some-mysql sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /some/path/on/your/host/all-databases.sql
===Build===
docker build -t "simple_flask:dockerfile" . #Build an image from a Dockerfile
docker build - < Dockerfile
docker build -t friendlyhello . #Create image using this directory's Dockerfile
docker build -t friendlyhello /usr/lib/docker/example/. #Create image using path Dockerfile
docker build -t ubuntu16-test:16.04 --no-cache .
docker history simple_flask:dockerfile
docker build -t ubuntu16-squid:16.04 /software/. #Build image "ubuntu16-squid" from Dockerfile within "/software/"
docker build --build-arg http_proxy=http://1.2.3.4:80 --build-arg https_proxy=http://1.2.3.4:80 -t ubuntu16-squid:16.04 .
docker build --no-cache -t tftp-alpine:latest .
docker build -t php:5-apache $(pwd)/.
===Deploy Container===
docker run ubuntu:16.04 #Download ans install ubuntu 16.04.
docker run --name=mysql-01 -d mysql/mysql-server:latest
docker run --name=ubuntu16.04-squid-1 ubuntu:16.04
docker run -d -p 8080:8080 --name=ubuntu16.04-squid-2 -ti ubuntu:16.04 #Deploy and keep running container from image "ubuntu:16.04"
docker run --rm -i --user="$(id -u):$(id -g)" --net=none -v "$PWD":/data blang/latex xelatex article.tex
docker run --name=mysql01 -d mysql:dockerfile
docker run -d -p 3306:3306 -v /path/in/host:/var/lib/mysql dordoka/rpi-mysql
docker run -d -p 3306:3306 --name=mysql01 -v /path/in/host:/var/lib/mysql -d mysql/mysql-server:latest
docker run --name=test-kibana -d rutsky/kibana-logtrail-kubernetes:4.6.1-0.1.7-2
docker run -p 8080:80 -p 8443:443 68b57f0b6302 apache2-foreground
docker run -dti -p 69:69/udp -v /data/tftp:/var/tftpboot tftp-alpine:latest
docker run -it --entrypoint /bin/bash container-ID
docker run --rm -tid -p 2080:80 -p 2443:443 haproxy-test:latest
=== Run ===
Run and connect to container. **When exiting, container stopps!**
docker run -ti ubuntu:latest /bin/bash
docker run -ti ubuntu /bin/bash
docker run -ti mysql:dockerfile
docker run -d -p 3306:3306 mysql:dockerfile
=== Info ===
docker version
docker info
docker logs mysql01
docker logs --follow jenkins
journalctl -fu docker
docker ps
docker ps --all
docker inspect f8f1140788d8
===Logs===
docker inspect --format='{{.LogPath}}' $CONTNAME | xargs tail -f
=== Connect ===
Connect to running (**!**) container:
docker exec -it mysql3 bash
docker exec -it 7079297b1b01 /bin/bash
docker exec -it 4c1d592d40d9 mysql -uroot -p
docker exec -it 176bd91300c3 bash
docker exec -it $(echo $(docker ps | grep -i esphome | awk '{print $1}')) bash
=== Volumes ===
docker volume create --name DataVolume1
docker volume create --label DataVolume1
docker volume create -d netapp --name myFirstVolume -opt size=1G
docker volume inspect DataVolume1
docker run -d \
--name=nginxtest \
-v nginx-vol:/usr/share/nginx/html:ro \
nginx:latest
docker run -d \
--name=nginxtest \
--mount source=nginx-vol,destination=/usr/share/nginx/html,readonly \
nginx:latest
docker run -ti --name=Container2 -v DataVolume2:/datavolume2 ubuntu
docker run -ti --name=Container2 -v DataVolume1:/datavolume1 ubuntu
docker run --rm -ti -v DataVolume1:/datavolume1 ubuntu
===Plugin===
docker plugin ls
docker plugin install netapp/trident-plugin:18.04 --alias netapp --grant-all-permissions
=== Path ===
/usr/lib/docker/
/var/lib/docker/
=== User ===
Use docker by a user that is a member of the docker group. If you do not have a user in that group, issue the command
sudo usermod -a -G docker USERNAME
usermod -aG docker tmade
====Dockerfile====
===Squid===
https://docs.docker.com/engine/reference/builder/
Example dockerfile which builds ubuntu 16.04 with compiled squid 4.8:
#Download base image ubuntu
FROM ubuntu:22.04
#FROM ubuntu:16.04
#FROM ubuntu:18.04
LABEL version="1.1"
LABEL maintainer="info@tmade.de"
ENV SQUID_VERSION="6.4"
ENV MAIN_VERSION="6"
ENV SQUIDURL="http://www.squid-cache.org/Versions/v${MAIN_VERSION}/squid-${SQUID_VERSION}.tar.gz"
#http://www.squid-cache.org/Versions/v5/squid-5.1.tar.gz
#http://www.squid-cache.org/Versions/v4/squid-4.10.tar.gz
# locales to UTF-8
#RUN locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8
#ENV LC_ALL C.UTF-8
#ENV SQUID_VERSION=3.5.12-1ubuntu7
RUN apt-get update && \
apt-get -y upgrade && \
apt-get -y install bash-completion \
build-essential \
libssl-dev \
wget \
curl \
netcat \
vim \
iputils-ping \
net-tools && \
apt-get -qy autoremove && \
rm -rf /var/lib/apt/lists/*
RUN wget ${SQUIDURL}
RUN tar -xzf squid-${SQUID_VERSION}.tar.gz
RUN cd /squid-${SQUID_VERSION} && ./configure --with-large-files \
--disable-ipv6 --enable-follow-x-forwarded-for \
--sysconfdir=/etc/squid --localstatedir=/var/log/squid \
--enable-ssl --with-openssl --with-filedescriptors=16384 \
--enable-storeio=diskd,ufs --prefix=/usr/local/squid \
--with-included-ltdl
RUN cd /squid-${SQUID_VERSION} && make && make install
RUN useradd -r squid -s /bin/false && \
cat /etc/passwd && \
#RUN groupadd -r squid
touch /var/log/squid/logs/access.log && \
cd /var/log/squid/ && chmod -R 770 * && chown -R squid:squid * && \
chmod 660 /var/log/squid/logs/access.log
COPY squid-no-cache.conf /etc/squid/squid.conf
#COPY entrypoint.sh /usr/bin/entrypoint.sh
WORKDIR /etc/squid
USER squid
#ENTRYPOINT "/sbin/entrypoint.sh && /bin/bash"
#EXPOSE 8080/tcp
#ENTRYPOINT ["/sbin/entrypoint.sh"]
Squid entrypoint.sh:
#!/bin/sh
echo "start squid-proxy"
/usr/local/squid/sbin/squid -f /etc/squid/squid.conf
===Alpine===
Example alpine with apache2:
FROM alpine:3.11
LABEL version="1.4"
LABEL maintainer="info@tmade.de"
#ENV http_proxy "http://proxy:80"
#ENV https_proxy "https://proxy:80"
#ENV no_proxy="localhost,127.0.0.1,.local"
#ARG VERSION
RUN set -ex;
RUN apk update && apk upgrade && \
apk add --no-cache \
bash \
tini \
tar \
xz \
wget \
less \
man man-pages \
mdocml-apropos \
busybox-extras \
curl \
make \
gcc \
g++ \
apache2 \
apache2-ssl \
apache2-ldap \
apache2-utils
RUN makewhatis
RUN rm -rf /var/cache/apk/* && \
#mkdir /var/www/htdocs && \
#chown -R apache:www-data /var/www/htdocs && \
mkdir /etc/apache2/certificate && \
echo 'alias ll="ls -alh"' >> ~/.bashrc && \
echo 'alias ..="cd .."' >> ~/.bashrc && \
echo 'alias ...="cd ../.."' >> ~/.bashrc
COPY certificate/* /etc/apache2/certificate/
COPY httpd.conf /etc/apache2/
COPY ssl.conf /etc/apache2/conf.d/
COPY index.html /var/www/localhost/htdocs/
WORKDIR /etc/apache2
#USER apache
#EXPOSE 80 443
#ENTRYPOINT ["/bin/sh", "-c", "/bin/bash"] #exec form
#ENTRYPOINT /bin/bash #shell form
#ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] #exec form
#ENTRYPOINT /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf #shell form
#ENTRYPOINT /sbin/tini /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND", "-f", "/etc/apache2/httpd.conf"]
Build:
docker build --no-cache -t alpine-apache2:3.11 .
docker run -it -d -p 80:8080 -p 443:8443 --hostname myhost.local --name=alpine-apache2-1 alpine-apache2:3.11
docker run -it -d -p 80:80 -p 443:443 --hostname myhost.local --name=alpine-apache2-1 alpine-apache2:3.11
docker container ls -a | grep alpine
docker exec -ti PROCESS-ID /bin/bash
==== Config ====
=== Docker Root Dir ===
Just put this json into /etc/docker/daemon.json:
{
"graph": "/var/lib/docker"
}
==== Proxy ====
Files (SLES12 and Ubuntu 16.04/ 18.04/ 20.04/ 22.04):
/etc/systemd/system/docker.service.d/http-proxy.conf
/etc/systemd/system/docker.service.d/https-proxy.conf
Conf:
[Service]
Environment="HTTP_PROXY=proxy:80"
Environment="NO_PROXY=localhost,127.0.0.1"
[Service]
Environment="HTTPS_PROXY=proxy:80"
Environment="NO_PROXY=localhost,127.0.0.1"
Proxy-Setup for container-proxy-communication (version >= 17.07):
~/.docker/config.json
{
"proxies":
{
"default":
{
"httpProxy": "http://proxy:8080",
"httpsProxy": "https://proxy:8443",
"noProxy": "localhost, 127.0.0.1"
}
}
}
Check also on:
https://docs.docker.com/network/proxy/#configure-the-docker-client
==== docker-compose ====
https://docs.docker.com/compose/gettingstarted/#step-8-experiment-with-some-other-commands
https://docs.docker.com/compose/reference/overview/
https://docs.docker.com/compose/completion/
===Install===
apt-get install docker-compose
Or check releases for binary:
https://github.com/docker/compose/releases/
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
===Commands===
docker-compose up #inside directory where docker-compose.yml is located to run your service
docker-compose up -d #to run your services in the background (still runs after system reboot)
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d #to run your services in the background ("-d")
docker-compose -f /scripts/dockerfiles/gitlab/docker-compose.yml down
docker-compose -f docker-compose.yml up -d
docker-compose down
docker-compose ps
===Example===
docker-compose.yaml (located inside "dockerfile" folder):
version: '2'
services:
mysql:
image: mysql:dockerfile
container_name: test-mysql
ports:
#localport:containerport
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: "mypassword"
volumes:
- /data/db:/var/lib/mysql
restart: always
gitlab-ce:
https://www.ivankrizsan.se/2018/06/23/gitlab-ce-on-docker/
# GitLab CE deployment using two external volumes; one for data and another
# for configuration. These volumes needs to be created prior to starting GitLab
# using the following commands:
# docker volume create gitlab-data
# docker volume create gitlab-config
#
# In addition you may want to change the hostname value in the Docker-Compose
# configuration below to match the name of your server/computer on which
# GitLab is to be run.
#
# Once started, access GitLab using the URL http://localhost:8880.
#
# The following ports are exposed by GitLab:
# 8880 (HTTP)
# 443 (if you configure HTTPS)
# 8080 (used by Unicorn)
# 8822 (used by the SSH daemon)
#
# The GitLab documentation suggests the following line to be added to the
# GITLAB_OMNIBUS_CONFIG environment variable.
# external_url 'http://hostname:8880'
# However, with this line present I am unable to access the GitLab webpage.
version: '2'
#version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: hostname
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 8822
ports:
- "8443:443"
- "8880:80"
- "8822:22"
# The logs directory can be mapped to the logs directory in the same director
# as the docker-compose file using the following entry under volumes:
volumes:
- gitlab-config:/etc/gitlab
- gitlab-data:/var/opt/gitlab
- ./logs:/var/log/gitlab
restart: always
volumes:
gitlab-data:
external: true
gitlab-config:
external: true
Jenkins:
version: '2'
services:
jenkins:
image: jenkins/jenkins:lts
user: "1000:1000" #has to match lokal jenkins user´s uid and gid!
#user: "${UID}:${GID}"
container_name: jenkins-master
ports:
- 8888:8080
- 50000:50000
volumes:
- /data/jenkins/:/var/jenkins_home
restart: always
tftp:
version: '2'
services:
tftp:
image: tftp-alpine:latest
#user: "1003:1003"
#user: "${UID}:${GID}"
container_name: tftp-alpine
ports:
- "69:69/udp"
#- 69:69/udp
volumes:
- /data/tftp:/var/tftpboot
restart: always
====Private Registry====
https://docs.docker.com/engine/security/certificates/
mkdir -p /var/lib/docker/private-registry/auth
mkdir -p /var/lib/docker/private-registry/data
mkdir -p /var/lib/docker/private-registry/cert
docker run --entrypoint htpasswd registry:2 -Bbn admin mysecret >> /var/lib/docker/private-registry/auth/htpasswd
docker container ls -a |grep registry
docker container rm $(docker ps |grep registry |awk '{ print $1 }')
"/var/lib/docker/docker-compose.yml":
registry:
restart: always
image: registry:2
container_name: registry
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /cert/my.crt
REGISTRY_HTTP_TLS_KEY: /cert/my.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /var/lib/docker/private-registry/data:/var/lib/registry
- /var/lib/docker/private-registry/cert:/cert
- /var/lib/docker/private-registry/auth:/auth
Start and stop:
docker-compose -f /var/lib/docker/docker-compose.yml up -d
docker-compose -f /var/lib/docker/docker-compose.yml down
Login:
docker login --username admin my-registry:5000
====MISC====
sudo usermod -aG docker myuser #add user "myuser" to docker group