Docker

Managing docker containers

Listing running containers:

docker ps

Listing all (including stopped) containers:

docker ps -a

Starting, stopping and restarting containers:

docker (start|stop|restart) <container_name>

Connecting to a container to e.g. look at log files or modify configuration:

docker exec -ti <container_name> /bin/bash

Placing a tail at the container output:

docker logs -f --tail=100 <container_name>

Kill all running containers:

docker kill $(docker ps -q)

Managing docker images

Listing all docker images:

docker images

Cleaning up unused (untagged/dangling) images:

docker rmi $(docker images -q -f dangling=true)

Docker registry

<to be filled in>

Volume containers

Backup and restore

Backup data in a container

Using this method you can create backups outside your container of any data stored in a volume.

General command:

docker run -ti --rm --volumes-from <container_name> -v <host directory>:<container directory> ubuntu <backup command>

Examples:

#Docker registry backup
docker run -ti --rm --volumes-from registry_volume -v /scratch:/backup ubuntu tar-pczvf /backup/registry_data.tgz /etc/registry /srv/registry-data

#Nexus backup
docker run -ti --rm --volumes-from nexus_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nexus_data.tgz /sonatype-work

#Nginx backup
docker run -ti --rm --volumes-from nginx_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nginx_data.tgz /etc/nginx /usr/share/nginx/html /var/log/nginx

Restore data in a container

Dockerized applications

CLARIN private docker registry

#pull from docker registry
docker pull registry:latest
#or import from image export
docker load -i docker_registry.tgz

#Create volume container
docker create --name registry_volume -v /etc/registry -v /srv/registry-data tianon/true

#Create application container
docker create --name registry --volumes-from registry_volume -p 127.0.0.1:5000:5000 -e GUNICORN_OPTS=["--preload"] registry:latest

#Optionally restore data into the volume container
docker run -ti --rm --volumes-from registry_volume -v /data/backup/:/backup debian tar -xzf /backup/registry_data.tgz -C /

#Start the registry container
docker start registry

#Check running containers and registry container state
docker ps
docker logs registry

Issues

After moving the clarin docker registry from stoor146 to clarinvm and following the above instructions, we ran into the following error when starting the registry container:

OSError: [Errno 2] No such file or directory: './registry._setup_database.lock'

As documented in ​#892, adding the '-e GUNICORN_OPTS=--preload?' resolved the issue

CLARIN nexus repository

#pull from docker registry
docker pull sonatype/nexus:latest
#or import from image export
docker load -i docker_nexus.tgz

#Create volume container
docker create --name nexus_volume -v /sonatype-work tianon/true

#Create application container
docker create --name nexus --volumes-from nexus_volume -p 127.0.0.1:8081:8081 sonatype/nexus:latest

#Optionally restore data into the volume container
docker run -ti --rm --volumes-from nexus_volume -v /data/backup/:/backup debian tar -xzf /backup/nexus_data.tgz -C /

#Start the registry container
docker start nexus

#Check running containers and registry container state
docker ps
docker logs nexus

NGinx proxy

#pull from docker registry
docker pull clarin:nginx
#or import from image export
docker load -i docker_nginx.tgz

#Create volume container
docker create --name nginx_volume -v /etc/nginx -v /etc/nginx/ssl -v /usr/share/nginx/html -v /var/log/nginx tianon/true

#Create application container
docker create --name nginx --volumes-from nginx_volume -v /root/certstore/wildcard-clarin-eu/bundle.cer:/etc/nginx/ssl/bundle.cer -v /root/certstore/wildcard-clarin-eu/privateKey.key:/etc/nginx/ssl/privateKey.key -p 80:80 -p 443:443 --link nexus:nexus --link registry:registry clarin/nginx

#Optionally restore data into the volume container
docker run -ti --rm --volumes-from nginx_volume -v /data/backup/:/backup debian tar -xzf /backup/nginx_data.tgz -C /

#Start the registry container
docker start nginx

#Check running containers and registry container state
docker ps
docker logs nginx

Security Considerations

• ​Don't expose the Docker socket (not even to a container)
• ​Using the docker command to root the host (totally not a security issue)

Relevant Links

• Docker volumes
  • ​https://medium.com/@ramangupta/why-docker-data-containers-are-good-589b3c6c749e
• Docker Application configuration
  • ​https://dantehranian.wordpress.com/2015/03/25/how-should-i-get-application-configuration-into-my-docker-containers/
• Docker containers and images visually explained:
  • ​http://merrigrove.blogspot.nl/2015/10/visualizing-docker-containers-and-images.html