[[docker]]

Docker

Docker est un programme libre de création, gestion et déploiement de conteneurs. Vous pouvez trouver plus d'informations sur Wikipédia et sur de nombreux sites.

Prérequis

Un Raspberry Pi fonctionnel avec une distribution supportant Docker, comme Ubuntu Mate ou HypriotOS. Il faut que le noyau soit récent pour bénéficier de toutes les possibilités.

Installation

Sur Ubuntu Mate, on peut l'installer via les paquets :

$ sudo apt-get install docker.io

Vérifications

On peut vérifier qu'il est bien installé et trouver les infos importantes avec les commandes suivantes :

$ sudo docker 
Usage: docker [OPTIONS] COMMAND [arg...]
       docker daemon [ --help | ... ]
       docker [ --help | -v | --version ]
 
A self-sufficient runtime for containers.
 
Options:
 
  --config=~/.docker              Location of client config files
  -D, --debug                     Enable debug mode
  -H, --host=[]                   Daemon socket(s) to connect to
  -h, --help                      Print usage
  -l, --log-level=info            Set the logging level
  --tls                           Use TLS; implied by --tlsverify
  --tlscacert=~/.docker/ca.pem    Trust certs signed only by this CA
  --tlscert=~/.docker/cert.pem    Path to TLS certificate file
  --tlskey=~/.docker/key.pem      Path to TLS key file
  --tlsverify                     Use TLS and verify the remote
  -v, --version                   Print version information and quit
 
Commands:
    attach    Attach to a running container
    build     Build an image from a Dockerfile
    commit    Create a new image from a container's changes
    cp        Copy files/folders between a container and the local filesystem
    create    Create a new container
    diff      Inspect changes on a container's filesystem
    events    Get real time events from the server
    exec      Run a command in a running container
    export    Export a container's filesystem as a tar archive
    history   Show the history of an image
    images    List images
    import    Import the contents from a tarball to create a filesystem image
    info      Display system-wide information
    inspect   Return low-level information on a container or image
    kill      Kill a running container
    load      Load an image from a tar archive or STDIN
    login     Register or log in to a Docker registry
    logout    Log out from a Docker registry
    logs      Fetch the logs of a container
    network   Manage Docker networks
    pause     Pause all processes within a container
    port      List port mappings or a specific mapping for the CONTAINER
    ps        List containers
    pull      Pull an image or a repository from a registry
    push      Push an image or a repository to a registry
    rename    Rename a container
    restart   Restart a container
    rm        Remove one or more containers
    rmi       Remove one or more images
    run       Run a command in a new container
    save      Save an image(s) to a tar archive
    search    Search the Docker Hub for images
    start     Start one or more stopped containers
    stats     Display a live stream of container(s) resource usage statistics
    stop      Stop a running container
    tag       Tag an image into a repository
    top       Display the running processes of a container
    unpause   Unpause all processes within a container
    update    Update resources of one or more containers
    version   Show the Docker version information
    volume    Manage Docker volumes
    wait      Block until a container stops, then print its exit code
 
Run 'docker COMMAND --help' for more information on a command.
 
$ sudo docker version
Client:
 Version:      1.10.3
 API version:  1.22
 Go version:   go1.6.1
 Git commit:   20f81dd
 Built:        Wed, 20 Apr 2016 14:19:16 -0700
 OS/Arch:      linux/arm
 
Server:
 Version:      1.10.3
 API version:  1.22
 Go version:   go1.6.1
 Git commit:   20f81dd
 Built:        Wed, 20 Apr 2016 14:19:16 -0700
 OS/Arch:      linux/arm
 
$ sudo docker info
[sudo] password for simon: 
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.10.3
Storage Driver: overlay
 Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Plugins: 
 Volume: local
 Network: bridge null host
Kernel Version: 4.1.19-v7+
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 925.8 MiB
Name: rpi2
ID: K5PJ:JHJS:AEOJ:QMBV:N6GY:LEJY:L6GW:DJGT:7TCV:A247:62PI:O6H5
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support

Bonus

Pour ne pas devoir utiliser sudo et pour limiter la surface d'attaque de Docker, on peut utiliser cette astuce :

# On ajoute le groupe docker s'il n'existe pas déjà.
$ sudo groupadd docker
 
# On ajoute l'utilisateur courant (nous) "${USER}" au groupe.
# On peut y mettre n'importe quel utilisateur
# Il faudra peut-être de reconnecter pour que les modifications prennent effet.
$ sudo gpasswd -a ${USER} docker
 
# On redémarre le daemon.
$ sudo service docker restart

La procédure est là : itzgeek.com

Mon premier essais consiste à faire tourner un code en C# via un conteneur mono disponible sur le Docker Hub :

$ docker pull mono
latest: Pulling from mono
675952da5001: Pull complete 
c527f527316d: Pull complete 
13be62761cfd: Pull complete 
d559e85a2176: Pull complete 
19a0cc119d92: Pull complete 
d1ddf658ac76: Pull complete 
Digest: sha256:26812170a5381cf482caa776d90d8ea4d38de0273894e894ecb7fabcb9f02cac
Status: Downloaded newer image for mono:latest
$ docker build -t drone-test .
Sending build context to Docker daemon 20.99 kB
Sending build context to Docker daemon 
Step 0 : FROM mono:3.10-onbuild
3.10-onbuild: Pulling from mono
2cbc5686618a: Pull complete 
ab0ae6bb20f1: Pull complete 
86f977c7a3e6: Pull complete 
6b14d937da83: Pull complete 
f973886e468c: Pull complete 
82a2a1e130db: Pull complete 
e04b34b9f606: Pull complete 
f69cd3d8fb2d: Pull complete 
4ae5a5dcc234: Pull complete 
3a0b1f94c975: Pull complete 
4f5c6ddeb70b: Pull complete 
675952da5001: Already exists 
c527f527316d: Already exists 
13be62761cfd: Already exists 
d559e85a2176: Already exists 
Digest: sha256:9e50fd95f1fddc16d30f16dfb15f716ec727845823fede6ff3270f8fd7f531e8
Status: Downloaded newer image for mono:3.10-onbuild
# Executing 4 build triggers
Trigger 0, COPY . /usr/src/app/source
Step 0 : COPY . /usr/src/app/source
Trigger 1, RUN nuget restore -NonInteractive
Step 0 : RUN nuget restore -NonInteractive
 ---> Running in e0a89a75599f
This folder contains no solution files, nor packages.config files.
INFO[0040] The command [/bin/sh -c nuget restore -NonInteractive] returned a non-zero code: 1 
$ docker start cptactionhank/atlassian-jira
$ docker stop gitlab
 
$ docker ps
CONTAINER ID        IMAGE                                 COMMAND                  CREATED             STATUS                        PORTS                                                          NAMES
ab2180a9e20f        cptactionhank/atlassian-jira:latest   "/docker-entrypoin..."   3 hours ago         Up 27 minutes                 0.0.0.0:8080->8080/tcp                                         jira
9118afb6987c        gitlab/gitlab-ce:latest               "/assets/wrapper"        2 days ago          Up About a minute (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:23->22/tcp   gitlab2
$ docker ps -a
CONTAINER ID        IMAGE                                 COMMAND                  CREATED             STATUS                     PORTS                                                          NAMES
ab2180a9e20f        cptactionhank/atlassian-jira:latest   "/docker-entrypoin..."   3 hours ago         Up 28 minutes              0.0.0.0:8080->8080/tcp                                         jira
f341e0f8de10        cptactionhank/atlassian-jira:latest   "/docker-entrypoin..."   4 hours ago         Exited (143) 3 hours ago                                                                  confident_goldstine
9118afb6987c        gitlab/gitlab-ce:latest               "/assets/wrapper"        2 days ago          Up 2 minutes (healthy)     0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:23->22/tcp   gitlab2
9ff27779cbe4        gitlab/gitlab-ce:latest               "/assets/wrapper"        2 days ago          Created                                                                                   gitlab
4e6d1af014eb        gitlab/gitlab-ce:latest               "/assets/wrapper"        2 days ago          Exited (0) 2 days ago                                                                     thirsty_keller
c5222668e5e2        gitlab/gitlab-ce:latest               "/assets/wrapper"        2 days ago          Created                                                                                   sharp_yalow
c1444e3e3239        cptactionhank/atlassian-jira:latest   "/docker-entrypoin..."   2 days ago          Exited (137) 2 days ago                                                                   loving_allen
a8841c425532        cptactionhank/atlassian-jira          "/docker-entrypoin..."   2 days ago          Exited (130) 2 days ago                                                                   peaceful_borg
$ docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
cptactionhank/atlassian-jira   latest              282b3a72b814        4 days ago          1.12GB
gitlab/gitlab-ce               latest              e5bfc2240b16        5 days ago          1.33GB
$ docker inspect jira

Supprimer un container

Après avoir regardé tous les containers existants sur la machine avec un docker ps -a, on peut supprimer ceux qui ne sont pas/plus utilisés :

$ docker rm confident_goldstine

Informations sur le réseau

$ docker network list
NETWORK ID          NAME                DRIVER              SCOPE
0417a114705a        bridge              bridge              local
d9d00b7cedb9        host                host                local
80176826d54c        none                null                local
$ docker network inspect 0417a114705a
[
    {
        "Name": "bridge",
        "Id": "0417a114705acee8bb5e464e06652d6134ce49e5d7956192201e48157253e708",
(...)
$ docker volume ls

Lancer un bash dans un container

$ docker exec -ti jira bash
daemon@ab2180a9e20f:/var/atlassian/jira$ 

Pinger un container depuis un autre

$ docker exec -ti jira ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: icmp_seq=0 ttl=64 time=0.036 ms
(...)
^C--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.036/0.080/0.117/0.034 ms
$ docker exec --help
 
Usage:	docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
 
Run a command in a running container
 
Options:
  -d, --detach               Detached mode: run command in the background
      --detach-keys string   Override the key sequence for detaching a container
  -e, --env list             Set environment variables
      --help                 Print usage
  -i, --interactive          Keep STDIN open even if not attached
      --privileged           Give extended privileges to the command
  -t, --tty                  Allocate a pseudo-TTY
  -u, --user string          Username or UID (format: <name|uid>[:<group|gid>])
  • docker.txt
  • Dernière modification: 2019/04/30 20:57
  • par simon