Version 13 (modified by 8 years ago) (diff) | ,
---|
Docker
Policies
Building containers
Packer
Git
Data
Kind of data | How to use it with Docker |
---|---|
Variable data on which app configuration does not directly depend | on volume per content set |
Application configuration | within image of application |
Global configuration (used by more than one container) | on volume per type of configuration |
Secrets (passwords, private key files) | on isolated volume (exactly the same across hypervisors) |
Naming
Volumes:
Volume containers:
Containers:
Images:
Git repositories:
Layering, inheritance
- One base image. If possible, this image is both a demo and production image.
- If not possible: separate demo and production images that inherit from the base image.
Managing docker containers
Listing running containers:
docker ps
Listing all (including stopped) containers:
docker ps -a
Starting, stopping and restarting containers:
docker (start|stop|restart) <container_name>
Connecting to a container to e.g. look at log files or modify configuration:
docker exec -ti <container_name> /bin/bash
Placing a tail at the container output:
docker logs -f --tail=100 <container_name>
Kill all running containers:
docker kill $(docker ps -q)
Managing docker images
Listing all docker images:
docker images
Cleaning up unused (untagged/dangling) images:
docker rmi $(docker images -q -f dangling=true)
Docker registry
<to be filled in>
Volume containers
Backup and restore
Backup data in a container
Using this method you can create backups outside your container of any data stored in a volume.
General command:
docker run -ti --rm --volumes-from <container_name> -v <host directory>:<container directory> ubuntu <backup command>
Examples:
#Docker registry backup docker run -ti --rm --volumes-from registry_volume -v /scratch:/backup ubuntu tar-pczvf /backup/registry_data.tgz /etc/registry /srv/registry-data #Nexus backup docker run -ti --rm --volumes-from nexus_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nexus_data.tgz /sonatype-work #Nginx backup docker run -ti --rm --volumes-from nginx_volume -v /scratch:/backup ubuntu tar -pczvf /backup/nginx_data.tgz /etc/nginx /usr/share/nginx/html /var/log/nginx
Restore data in a container
Dockerized applications
CLARIN private docker registry
#pull from docker registry docker pull registry:latest #or import from image export docker load -i docker_registry.tgz #Create volume container docker create --name registry_volume -v /etc/registry -v /srv/registry-data tianon/true #Create application container docker create --name registry --volumes-from registry_volume -p 127.0.0.1:5000:5000 -e GUNICORN_OPTS=["--preload"] registry:latest #Optionally restore data into the volume container docker run -ti --rm --volumes-from registry_volume -v /data/backup/:/backup debian tar -xzf /backup/registry_data.tgz -C / #Start the registry container docker start registry #Check running containers and registry container state docker ps docker logs registry
Issues
After moving the clarin docker registry from stoor146 to clarinvm and following the above instructions, we ran into the following error when starting the registry container:
OSError: [Errno 2] No such file or directory: './registry._setup_database.lock'
As documented in #892, adding the '-e GUNICORN_OPTS=--preload?' resolved the issue
CLARIN nexus repository
#pull from docker registry docker pull sonatype/nexus:latest #or import from image export docker load -i docker_nexus.tgz #Create volume container docker create --name nexus_volume -v /sonatype-work tianon/true #Create application container docker create --name nexus --volumes-from nexus_volume -p 127.0.0.1:8081:8081 sonatype/nexus:latest #Optionally restore data into the volume container docker run -ti --rm --volumes-from nexus_volume -v /data/backup/:/backup debian tar -xzf /backup/nexus_data.tgz -C / #Start the registry container docker start nexus #Check running containers and registry container state docker ps docker logs nexus
NGinx proxy
#pull from docker registry docker pull clarin:nginx #or import from image export docker load -i docker_nginx.tgz #Create volume container docker create --name nginx_volume -v /etc/nginx -v /etc/nginx/ssl -v /usr/share/nginx/html -v /var/log/nginx tianon/true #Create application container docker create --name nginx --volumes-from nginx_volume -v /root/certstore/wildcard-clarin-eu/bundle.cer:/etc/nginx/ssl/bundle.cer -v /root/certstore/wildcard-clarin-eu/privateKey.key:/etc/nginx/ssl/privateKey.key -p 80:80 -p 443:443 --link nexus:nexus --link registry:registry clarin/nginx #Optionally restore data into the volume container docker run -ti --rm --volumes-from nginx_volume -v /data/backup/:/backup debian tar -xzf /backup/nginx_data.tgz -C / #Start the registry container docker start nginx #Check running containers and registry container state docker ps docker logs nginx
Security Considerations
- Don't expose the Docker socket (not even to a container)
- Using the docker command to root the host (totally not a security issue)
Relevant Links
- Docker volumes
- Docker Application configuration
- Docker containers and images visually explained: