Image courtesty of: threatstack.com

The Implementation of Docker and the Docker Engine


Date
Event
Location
Kupfrian Hall, New Jersey Institute of Technology

Notes

These notes supplement the presentation. They outline basic usages of Docker in the context of spinning up a Wordpress server.

In order to view the presentation, please click on the slides or pdf links above.

Install Docker

 curl -sSL https://get.docker.com | sh
# Executing docker install script, commit: 92d5116
+ sudo -E sh -c apt-get update -qq >/dev/null
+ sudo -E sh -c apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sudo -E sh -c curl -fsSL "https://download.docker.com/linux/raspbian/gpg" | apt-key add -qq - >/dev/null
Warning: apt-key output should not be parsed (stdout is not a terminal)
+ sudo -E sh -c echo "deb [arch=armhf] https://download.docker.com/linux/raspbian stretch edge" > /etc/apt/sources.list.d/docker.list
+ [ raspbian = debian ]
+ sudo -E sh -c apt-get update -qq >/dev/null
+ sudo -E sh -c apt-get install -y -qq --no-install-recommends docker-ce >/dev/null
+ sudo -E sh -c docker version
Client:
 Version:	18.04.0-ce
 API version:	1.37
 Go version:	go1.9.4
 Git commit:	3d479c0
 Built:	Tue Apr 10 18:25:24 2018
 OS/Arch:	linux/arm
 Experimental:	false
 Orchestrator:	swarm

Server:
 Engine:
  Version:	18.04.0-ce
  API version:	1.37 (minimum version 1.12)
  Go version:	go1.9.4
  Git commit:	3d479c0
  Built:	Tue Apr 10 18:21:25 2018
  OS/Arch:	linux/arm
  Experimental:	false
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:

  sudo usermod -aG docker [user]

Remember that you will have to log out and back in for this to take effect!

WARNING: Adding a user to the "docker" group will grant the ability to run
         containers which can be used to obtain root privileges on the
         docker host.
         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
         for more information.

Basic Docker Command

docker run --name nginxHost -d -p 1537:80 nginx

Breakdown of options * --name: give the container a name * -d: detach from the container at startup but keep running * :80 Have the container broadcast to docker bridge over port 80 * 1537: Have the host broadcast html over port 1537

Completely Remove Everything

$ docker rm -f nginxHost    # removes the container even if running
nginxHost

Show all locally stored docker images, even unused ones

$ docker images -a
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              5e9a751dd34b        7 days ago          88MB

erase a locally stored image by name

mikey@raspberrypi:~ $ docker rmi nginx
Untagged: nginx:latest
Untagged: nginx@sha256:18156dcd747677b03968621b2729d46021ce83a5bc15118e5bcced925fb4ebb9
Deleted: sha256:5e9a751dd34bb183e7420687b1267bbaacce6db1ac46ea50e4c940bc65341b55
Deleted: sha256:da6e92160985350cc11d8f2b2574f4df8ab6719cbe6f928d61fc45dca18f74c7
Deleted: sha256:08d44e544461d26f1c31c8f8aff193ce514a2a2c59cc479f7686ec9181fb9206
Deleted: sha256:ce5f8bad44b279bcfff7c568fe6eca2650592cc0a7109ea424aac8061a87ec3b

From DockerFile

DockerFile:

FROM ubuntu:14.04
MAINTAINER md537@njit.edu
RUN apt-get install -y apache2
EXPOSE 80
CMD [“apache2ctl””, “-D”, “FOREGROUND”]

Pull a docker image into a custom dockerfile in the current working directory. :1.0 gives the dockerfile a version.

$ docker build -t webhost:1.0 .

Run the container from dockerfile detached and broadcasting from port 1538 on the host.

$ docker run -it --name apacheHost -d  -p 1538:80

Docker ps vs Docker ls try docker ps or docker container ls

What about docker port nginxHost?

Big Guns

Okay. Lets build a wordpress manually using docker containers and the docker bridge.

Database

$ mkdir -p ~/docker/db
$ docker run -d -v /home/mikey/docker/db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=cs332 -p 1540:3306 --name wordpressdb mariadb:10.0.25
  • -e: this passes in an environment variable specified by the container. The mariadb contaner allows an admin to pass in the mysqlroot password before it is startedu p. it will configure itself as such.
  • view in sql client 127.0.0.1 root | cs332 this is not a talk on setting up apache we will use the existing wordpress container
$ docker pull wordpress:4.6.1-php7.0-apache

Lets get some things straight docker images

$ docker run -d --name wordpressHost --link wordpressdb:mysql -p 8080:80 wordpress:4.6.1-php7.0-apache

This should automatically pick up the ip:port of the wordpressdb container. To troubleshoot, if there is an issue we can broadcast over the default 3306.

We can now browse to localhost:8080 and see the wp startup.

TLDR

docker run --name nginxHost -d -p 1537:80 nginx

Visit and be amazed

$ mkdir -p ~/docker/db
$ docker run -d -v /home/mikey/docker/db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=cs332 -p 1540:3306 --name wordpressdb mariadb:10.0.25

We now have a database running (docker ps) but now web server. Lets pull in an html server

$ docker pull wordpress:4.6.1-php7.0-apache

We now have to ‘link’ the webserver with the database over the docker bridge SDN.

$ docker run -d --name wordpressHost --link wordpressdb:mysql -p 8080:80 wordpress:4.6.1-php7.0-apache

Visit