6. Docker Container
• A container is a group of isolated processes
– cgroups
– namespace
• Isolated processes run straight on the host
– native CPU performance
– minimal memory overhead
– minimal network performance overhead
8. Cgroups (control groups)
• Linux kernel feature
• Groups of processes
• Resource limitations
– Like limits.conf
but the scope is a set of processes instead of uid/gid
• May be nested
16. Create a container with interactive shell
$ docker run -t -i base:centos62 /bin/bash
[root@4d8c4b81f6d7 /]# exit (exited)
$ -t, --tty
Allocate a pseudo-TTY
$ -i, --interactive
Keep STDIN open even if not attached
30. The solution
Windows / OS X
boot2docker
Container Container 80
80
80
Docker
port
forwarding Vagrant
port forwarding
31. More about Docker ports forwarding
$ docker run -ti -p 80:80 base:centos62 /bin/bash
• -p, --publish
Publish a container's port to the host
• format:
– ip:hostPort:containerPort (10.1.1.1:80:80)
– ip::containerPort (10.1.1.1::80)
– hostPort:containerPort (80:80)
33. Volume from other container
(useful to share data)
$ docker run -ti --volumes-from apache
base:centos62 /bin/bash
# ls /var/log/httpd
34. Link
$ docker run -ti --link apache:apache.trendmicro.com
base:centos62 /bin/bash
# cat /etc/hosts
• Exposes information from source container to recipient
container in two ways:
– Environment variables
– Updating the /etc/hosts file
• format:
– name:alias
35. useful in multi-node situation
12/25/2014
service
(hadoop-client)
data
(hadoop-client)
link
36. Docker in client/server mode
Windows / OS X
boot2docker
(Docker client)
Linux server
Docker Engine
Container Container
37. Server: bind Docker engine to a tcp port
$ docker -d -H 10.1.1.1:2375 -H
unix:///var/run/docker.sock
• -d, --daemon
daemon mode
• -H, --host
the socket(s) to bind in daemon mode
38. Docker client
$ export DOCKER_HOST=tcp://10.1.1.1:2375
$ docker images
$ docker run -ti --rm centos:centos6 /bin/bash
(start container on the server)
• Note:
– expose tcp port could let someone get root access to the host
– not recommended in open network
39. Running containers in background
(Detached mode)
$ hadoop=$(docker run -d -p 50070:50070
tmh6:centos62)
$ docker inspect $hadoop
44. First: commit an existing container
• Do changes manually, then commit
quick and dirty
suitable for experiment
might be deleted in the future
45. Second: Build from Dockerfile
• Dockerfile is a series of instructions
• Use "Docker build" command to build images
• pros:
– build images automatically by following instructions
– visible and easy to understand instructions
– enable Docker specific functions in the image
– repeatability
46. A sample httpd service Dockerfile
FROM base:centos62
COPY index.html /var/www/html/index.html
RUN yum -y install httpd
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
47. Build
$ mkdir apache-server
$ cd apache-server
$ echo "our first docker image" > index.html
$ vi Dockerfile (paste the sample and save it)
$ docker build -t apache:0.1 ./
48. Build context
• docker build -t apache:0.1 ./
• ./ will be transferred to Docker daemon as build
context
• Must have a Dockerfile there
– ./Dockerfile
• DO NOT build at /
– docker build -t apache:0.1 /
49. Run the apache image
$ docker run -d --name apache apache:0.1
$ docker run -ti --rm --link apache:a01
base:centos62 /bin/bash
# curl $A01_PORT_80_TCP_ADDR
(you see how link and expose work together)
51. An httpd service example
FROM base:centos62
COPY index.html /var/www/html/index.html
RUN yum -y install httpd
EXPOSE 80
ENTRYPOINT ["/usr/sbin/httpd"]
CMD ["-D", "FOREGROUND"]
52. The difference
$ docker run -ti --rm apache:0.1 /bin/bash
# (get into the container)
$ docker run -ti --rm apache:0.2 /bin/bash
show httpd helper message
the only thing you can do is to pass args to httpd
53. Make sure init script always being executed
FROM base:centos62
…
ENTRYPOINT ["init_wrapper_script"]
CMD ["default_args"]
https://docs.docker.com/articles/dockerfile_best-practices/
59. MySQL
$ docker run -d --name some-mysql -e
MYSQL_ROOT_PASSWORD=demo mysql
$ docker run -it --link some-mysql:mysql --rm mysql sh -c 'exec
mysql
-h"$MYSQL_PORT_3306_TCP_ADDR"
-P"$MYSQL_PORT_3306_TCP_PORT"
-uroot
-p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'
https://registry.hub.docker.com/_/mysql/
63. Recap docker run
• we’ve learned:
– port forwarding
– volume mounting
– linking containers together
– running containers at remote
64. Recap docker build
• we’ve learned:
– how to write a Dockerfile
– how expose and link work together
– use entrypoint to bind a specific executable with image
– ship images to the registry