= Docker = == Managing docker containers == Listing running containers: {{{ docker ps }}} Listing all (including stopped) containers: {{{ docker ps -a }}} Starting, stopping and restarting containers: {{{ docker (start|stop|restart) }}} Connecting to a container to e.g. look at log files or modify configuration: {{{ docker exec -ti /bin/bash }}} Placing a tail at the container output: {{{ docker logs -f --tail=100 }}} Kill all running containers: {{{ docker kill $(docker ps -q) }}} == Managing docker images == Listing all docker images: {{{ docker images }}} Cleaning up unused (untagged/dangling) images: {{{ docker rmi $(docker images -q -f dangling=true) }}} == Docker registry == == Volume containers == == Backup and restore == === Backup data in a container === Using this method you can create backups outside your container of any data stored in a volume. General command: {{{ docker run -ti --rm --volumes-from -v : ubuntu }}} Examples: {{{ #Docker registry backup docker run -ti --rm --volumes-from registry_volume -v /scratch:/backup ubuntu tar-pczvf /backup/registry_data.tgz /etc/registry /srv/registry-data #Nexus backup docker run -ti --rm --volumes-from nexus_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nexus_data.tgz /sonatype-work #Nginx backup docker run -ti --rm --volumes-from nginx_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nginx_data.tgz /etc/nginx /usr/share/nginx/html /var/log/nginx }}} === Restore data in a container === = Dockerized applications = == CLARIN private docker registry == {{{ #pull from docker registry docker pull registry:latest #or import from image export docker load -i docker_registry.tgz #Create volume container docker create --name registry_volume -v /etc/registry -v /srv/registry-data tianon/true #Create application container docker create --name registry --volumes-from registry_volume -p 127.0.0.1:5000:5000 -e GUNICORN_OPTS=["--preload"] registry:latest #Optionally restore data into the volume container docker run -ti --rm --volumes-from registry_volume -v /data/backup/:/backup debian tar -xzf /backup/registry_data.tgz -C / #Start the registry container docker start registry #Check running containers and registry container state docker ps docker logs registry }}} === Issues === After moving the clarin docker registry from stoor146 to clarinvm and following the above instructions, we ran into the following error when starting the registry container: {{{ OSError: [Errno 2] No such file or directory: './registry._setup_database.lock' }}} As documented in [https://github.com/docker/docker-registry/issues/892 #892], adding the '-e GUNICORN_OPTS=["--preload"]' resolved the issue === CLARIN nexus repository === {{{ #pull from docker registry docker pull sonatype/nexus:latest #or import from image export docker load -i docker_nexus.tgz #Create volume container docker create --name nexus_volume -v /sonatype-work tianon/true #Create application container docker create --name nexus --volumes-from nexus_volume -p 127.0.0.1:8081:8081 sonatype/nexus:latest #Optionally restore data into the volume container docker run -ti --rm --volumes-from nexus_volume -v /data/backup/:/backup debian tar -xzf /backup/nexus_data.tgz -C / #Start the registry container docker start nexus #Check running containers and registry container state docker ps docker logs nexus }}} === NGinx proxy === {{{ #pull from docker registry docker pull clarin:nginx #or import from image export docker load -i docker_nginx.tgz #Create volume container docker create --name nginx_volume -v /etc/nginx -v /etc/nginx/ssl -v /usr/share/nginx/html -v /var/log/nginx tianon/true #Create application container docker create --name nginx --volumes-from nginx_volume -v /root/certstore/wildcard-clarin-eu/bundle.cer:/etc/nginx/ssl/bundle.cer -v /root/certstore/wildcard-clarin-eu/privateKey.key:/etc/nginx/ssl/privateKey.key -p 80:80 -p 443:443 --link nexus:nexus --link registry:registry clarin/nginx #Optionally restore data into the volume container docker run -ti --rm --volumes-from nginx_volume -v /data/backup/:/backup debian tar -xzf /backup/nginx_data.tgz -C / #Start the registry container docker start nginx #Check running containers and registry container state docker ps docker logs nginx }}} == Security Considerations == * [https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html Don't expose the Docker socket (not even to a container)] * [http://reventlov.com/advisories/using-the-docker-command-to-root-the-host Using the docker command to root the host (totally not a security issue)] == Relevant Links == * Docker volumes * https://medium.com/@ramangupta/why-docker-data-containers-are-good-589b3c6c749e * Docker Application configuration * https://dantehranian.wordpress.com/2015/03/25/how-should-i-get-application-configuration-into-my-docker-containers/ * Docker containers and images visually explained: * http://merrigrove.blogspot.nl/2015/10/visualizing-docker-containers-and-images.html