Grab and Use a Docker

© 2015 TechYugadi IT Solutions & Consulting

 Objectives
● Figure out what all you need to use a Docker
● Run a Docker that is already built and available
● Learn the first few essential Docker commands
● Update a docker image and commit
 Recap : What's a Docker
● For this phase of the Lab, just remember :
– A Docker is a container running a software – with all its
dependencies bundled within, and isolated from the
rest of the OS (like a machine nested inside your
machine)
– Although that sounds like a Virtual Machine, a Docker –
unlike a VM - uses your OS kernel directly instead of
emulating or re-installing an OS on top of the host OS
– So Dockers are lightweight and faster to boot
 Get Prepared to Run a Docker
● A Docker container runs directly on your OS kernel : so
your OS kernel must support Docker
– Recent versions of the Linux Kernel will do
– This virtual lab is running on a supported kernel
● You need a software that, given a container 'image', can
launch a running instance of the container
– Like a VMWare or VirtualBox Virtual Machine Player
– For this purpose, install the 'docker' package available for
your flavor of Linux
– Installation is already done for you
 Docker Daemon and Client
● On installing the docker package on Linux :
– A docker service (aka docker engine or daemon) is started
– A docker client (CLI) is installed
(both on the same machine : the docker host)
● Now, you can run docker CLI commands :
– To first 'pull' a suitable docker image (say, an Apache Web
Server docker image, if you want to run an Apache Web Server
instance in a docker, on your machine)
– Then, launch a running instance of the image
– The docker daemon will execute both the commands
 Docker Registry
● But where from will you 'pull' a container image?
● A docker image can be pulled from a docker registry :
– Docker, Inc maintains a public docker registry (DockerHub)
– By default, docker daemon pulls from DockerHub
– You can search and specify a suitable docker image (eg. Apache
Webserver) to pull from Docker Hub
– You may also create and specify a private Docker registry (possibly within
your company intranet) to pull images from
● You can actually build an image on your docker host and then use it
directly, without pulling from a registry
– Although you'll usually want to pull a base image (eg. Webserver image) in
the first place to build your desired container (eg. a wiki image)
Run a Docker (Visual Representation)
 Commands to Run a Docker
● Is Docker client installed ?
– Run : docker ­­version
● Is Docker daemon up and
running ?
– Run : systemctl status 
docker

● Now let's pull an Apache webserver docker image

– Run : docker pull fedora/apache
– fedora/apache is a unique name of a docker image published to docker hub
(docker registry)
– Please see Deep Dive Section in wiki for more details on naming of images
 Commands to Run a Docker
● When you run docker pull , you'll observe that the docker client is
connecting to the public docker registry (You need internet connection)
Pulling image (latest) from fedora/apache, endpoint: 
https://registry­1.docker.io/v1/
● Then after several messages indicating downloads, pulling file system
layers and retrieving metadata, the pull command completes
 Commands to Run a Docker
● List all images downloaded to the docker host : run docker images

●
The recommended way to run the apache webserver docker (above) is
documented here : docker run ­d ­p 8181:80 <image_id>
● Go ahead and run the docker (we'll explain the ­d and ­p options in a bit – we
want a small win first)
– Choose a port that is free on the docker host (eg. 8181)

●
The command launches a running instance of the (webserver) image in a
docker container and returns a long long container id c3183f95.. (above)
 Trouble-shooting
● Which users can run docker commands ?
– root, OR a user who can run the command as root (using sudo)
– A user belonging to thr 'docker' group
– Therefore, user 'techie' in this virtual lab can run docker commands(see picture below)
● Which users can start the docker service ?
– root, OR a user who can start the service as root (using sudo)
● Docker command returns error /var/run/docker.sock: no such file
– Most likely, docker daemon is not started (usually it should start on system boot)
– Start the docker service : sudo systemctl start docker
 Trouble-shooting
● While pulling an image from docker hub, DNS lookup fails. The error message shown is
similar to the following :
Pulling repository centos
INFO[0000] Get 
https://index.docker.io/v1/repositories/library/centos/images: 
dial tcp: lookup index.docker.io: no DNS servers
– Add at least one of the following two entries to /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
and restart the network : sudo service network restart
● (Not applicable to this Virtual Lab) If you are behind a proxy, and trying to pull a docker
image from docker hub,
– Use HTTP_PROXY environment variable, for example :
sudo HTTP_PROXY=http://<proxy_host_ip>:<proxy_port> docker pull busybox
 Take a Step Back
● Our docker image is a like a (lightweight) machine image with Apache web
server and all its dependencies installed
● The developer who published the image to DockerHub has inscribed
additional metadata into the image including
– what command to run when the image is launched (in this case, a suitable
command to start the webserver)
– On which port(s) a process running in the docker would listen, if any (in this case,
the webserver HTTP port – port 80)
● When you issue the docker run command, the docker daemon on your
docker host
– launches a RUNNING instance of the image in a docker container
– executes the command to run (the webserver), and
– exposes the container port (80) on which the running process (webserver) listens
 Exposing a Container Port
● A docker is usually intended to run a server process available on the network
– Hence, a running container is assigned an IP address
● To find out the IP address of your running webserver docker, first find out its
container id : run docker ps

● The image and command fields help you identify the container you're looking for
● Next run docker inspect <container_id> and fish out the IPv4 address
from the command output :
"NetworkSettings": {
 ...
 "IPAddress": "172.17.0.2"
 Exposing a Container Port
●
So, one way of accessing the web server running in a docker is through its IP
address. From within your docker host, run

●
But, by default the IP address assigned to the docker is available only within
the docker host, on a private network created when the container is launched
● It is not available to the external world, and you may not even want to expose
a docker directly to the internet
●
So, docker allows you to map a port exposed by a container (80) to a specified
free port (8181) on the docker host using the option ­p 8181:80 passed to
docker run
– Now this will work :
 Running A Docker in Background
● Let's revisit the -d flag to docker run command
● First stop the running webserver docker
– Run docker stop <container_id>

● Next, for a moment, run the docker without ­d flag

● You'll find the Apache webserver process generating familiar log

messages on the console, and waiting on the console, in the foreground
 Running A Docker in Background
● Most server processes like Apache
webserver are run in background
● To facilitate this behaviour when
running server processes in a
docker, the ­d flag is provided
● You can still retrieve logs for the
background process by running
docker logs <container_id>
– Stop the docker running Apache: from
a different console, type
docker stop <container_id>
– Re-launch the webserver docker, and
run docker logs
 Revisting docker run Command
●
Actually you can pull a docker image and run it in a single step : simply pass the unique image name
(in the docker registry) to docker run instead of an image id
●
If the image is already downloaded on the docker host (and not deleted), it will be run directly. Else,
docker run will download it first
● Try running a tiny docker called busybox : docker run ­t ­i busybox
– A download is started before launching the container.
● Actually this takes you into a shell prompt within the docker.Type exit to stop the docker and come
out of it.
Updating and Committing an Image
● Suppose we want to host a web-page in our docker-based webserver
● Obviously you need to create and modify files inside the webserver
container, and possibly run OS commands inside the container
● It may seem difficult to run commands and apply changes to a docker
started with ­d option and running in background
● This is where the docker exec command comes in. It allows you to
execute command(s) on a running docker
– The commands are executed as root user on the docker container
● For our purpose, we'd like to execute a bash shell on our running
webserver docker and run a few commands :
docker exec ­i ­t <container_id> /bin/bash
 Updating and Committing an Image
● docker exec options explained :
– ­t assigns a pseudo-tty (terminal) inside a running docker
– ­i lets us grab the STDIN assigned to the running docker (to type commands)
● We have passed the command /bin/bash as argument to docker exec: so, we jump into a bash
prompt in the webserver docker
● Run two commands to create a web-page (test.html) at the webserver DocRoot (/var/www/html) and
exit from bash prompt to terminate this docker exec command
– The new web-page is accessible using curl
 Updating and Committing an Image
● The changes applied will persist in the container, but will not reflect in the
underlying image
– Try docker stop <container_id> followed by docker start <container_id>,
and acces the new web-page using curl localhost:8181/test.html
● But containers are most often launched and disposed cheaply within a
developer's machine
● What if you want to preserve the changes applied to the webserver docker for
QA testing or hand-off to a colleague for enhancement?
● You may even want to launch an full website (with many web pages) in a docker
● Docker allows you to 'commit' changes to a container into a new docker image
or a new version of an existing image
● Whosoever wants, may launch a new container from the image created by
running docker commit
Updating and Committing an Image
● Run : docker commit ­m  '1st web page' ­a 'techie' 
<container_id> techie/apache
– <container_id> refers to web-server container where you applied the changes
– You can specify a check-in comment (­m) and author (­a)
● Run new container (mapped to port 8282) off the newly created image
(techie/apache). Verify that test.html is accessible
 Docker Lifecycle Commands
Developer B
Pull and run docker Image:
docker run
Developer A
Build a docker Image: Apply changes to container:
Docker docker exec
docker build Registry
Commit changes to an Image:
Publish docker Image: docker commit
docker push
Stop container:
docker stop

Remove container :
docker rm
This is a common sequence of steps, but
you may not need to use all of them. Delete image :
For syntax, use : docker <cmd> ­­help docker rmi
 Docker Lifecycle Commands
● Tips and Caveats :
– docker stop will stop a running container, but will not remove it. You
can restart the container using docker start <container_id>

– A container may have stopped / failed to start unexpectedly, hence not

listed by docker ps . Use docker ps ­a to list all (including
stopped) containers
● You can run docker logs <container_id> on stopped containers also, to
diagnose why they stopped running

– Images may require several hundred MB of disk space. Delete

unneeded images using docker rmi <image_id>
● Images not being used by any container may be deleted (else use ­f option)
 Next Steps
● Try attempting a few 'Do-It-Yourself' Challenges
in the wiki
● You will also find more details on commands,
configuration, and a summary of what happens
under the hood, in the Deep Dive section
● References :
https://docs.docker.com/