1. Up and Running
With Docker
Presented by Michelle Liu
https://github.com/anonmily/docker-up-and-running
2. Outline
1. What is Docker?
2. Applications of Docker
3. Terminology: How Docker Works
4. Tools
5. Installation
6. Images
7. Containers
8. Docker Registry
9. Docker Workflow
10. Docker Remote API
11. QA
3. The Deployment Dilemma
• Inter-dependent dependencies
• Inconsistent environments
• Development != Production
• “Works on my machine…”
9. Configuration Management
Remember the exact steps needed for
setup and do it all over again for all of
your servers (a recipe)
Docker/Containers
Set up a container/image just once with all
the necessary configuration, then deploy the
same image to all of your servers (a golden
image)
What’s the difference?
10. Terminology: Images and Containers
Image: A master template for creating Docker
containers, analogous to virtual machine
instances (a “golden image”)
Container: An instance of an image; multiple
containers can be created from a single image.
A container contains isolated processes and
filesystems acting in a similar fashion as virtual
machines; however, a container only includes
the filesystem on top of a shared kernel.
12. Virtual Machines
• Kernel not shared between virtual
machines
• Isolated operating systems
• Long-lasting use
• Slower to get running
• Many startup processes
• A single virtual machine image can be
used for multiple virtual machine
clones
Containers
• Kernel of linux host shared between all
containers
• Isolated processes/filesystems
• Ephemeral/long-lasting usage
• Fast to get running
• One startup process
• A single Docker image can be used for
multiple container instances
What’s the difference? Virtual Machines vs Containers
13. What is Docker used for?
• Ephemeral (temporary) isolated processes (e.g. Codepen, Codeship)
• Short running tasks, maintenance scripts, or worker processes that
receive then process a workload
• Running and deploying stateless applications
• Web frontends and backend APIs
• Running isolated environments with imposed CPU/memory limits
• …and more!
14. This means that containers are
• More lightweight
• Can be started, stopped, and
restarted more quickly
• Easier to migrate
• Easier to communicate
between containers
What’s the difference? Virtual Machines vs Containers
15. Docker Server vs Docker Client
Docker server/daemon:
The docker server/daemon runs containers within as
processes, acting as a virtual bridge to the host operating
system (containers are isolated)
Docker client: The command line interface (CLI) that is
able to connect to the Docker server (specified by the
DOCKER_HOST environmental variable) and tell it what to
do. This can run on your local machine or on the same
host as the Docker server.
24. Installation - Linux
yum install docker
service docker start
Fedora
curl https://raw.githubusercontent.com/anonmily/scripts/master/docker-setup-yum | bash
Or, just
25. Installation – Non-Linux
• Download and install the Docker
Toolbox
https://www.docker.com/docker-
toolbox
• Open the Docker Quickstart
Terminal
30. Docker Server/CLI
eval $(docker-machine-env host1)
Set environmental variables of CLI to communicate with a host
** If you get a “Cannot connect to the Docker daemon. Is the docker daemon running on this host?” error
when attempting to use the Docker CLI, make sure the environmental variables are set for your Docker host
31. Docker Images
• Docker images are a saved state of the
container. They’re the “golden image” for
your containers, and multiple containers
based off the same mage can be run at
the same time (executing different
commands etc in the same environment if
necessary)
• Image ID = hashed representation of the
image, a unique identifier
• A Dockerfile is a file that describes all the
steps needed to build a Docker image
32. Docker Images
• Images can be tagged with a name
and a version label (e.g.
nginx:latest, ubuntu:14:04)
• Images are stored in and can be
retrieve from Docker Repositories
• Docker Hub: Public repository with
common base images
• Private Registry: Deploy your own
Docker registry
33. Storing Docker Images
• Docker registry: A server that hosts your
Docker images; it acts in a fashion
analogous to repositories in that you can
push and pull images from the registry.
You can use a public registry like Docker
hub, or you can setup your own for private
images.
• Docker Hub: A public Docker registry that
is the default for pulling images. It
provides many common base images such
as Debian, Ubuntu, Fedora, etc.
37. Docker Images
docker pull nginx:latest
Pull/get an image (from Docker Hub)
# login to DockerHub
docker login
# private registry
docker login https://myownregistry.com:5000
Login to a registry
• Docker will save your login credentials in ~/.docker/config.json
docker images
See your downloaded/available images
38. Docker Images
docker build –t webapp1:latest .
Build a new image tagged “webapp1:latest” from a Dockerfile
docker run --name="myapp" -p 80:80 -d nginx:latest nginx
-g "daemon off;"
Run a container from an image
• --name=“myapp” Run a new container called “myapp”
• -p 80:80 Expose port 80 of the host and map it to port 80 of the container
• -d Run daemonized
• nginx:latest Base image
• nginx –g “daemon off;” Command to start the container with
39. Docker Images
docker exec –it nodeapp bash
Execute a command into a container
docker ps # running containers
docker ps –a # all containers
List containers
docker stop nodeapp
Stop container
docker rm nodeapp
Remove container
40. Docker Images
docker save myimage:latest > myimage.tar
Save an image to a tarball
docker import myimage.tar
Import an image from a tarball
docker commit –m “newconfig” mycontainer myimage:latest
Commit/save the current state of a container to the image
41. Docker Images
docker rmi myimage:latest
Remove an image
docker rmi $(docker images –q –f “dangling=true”)
Delete all untagged images
docker rmi $(docker images –q -)
Delete all images on Docker host
42. What is a Dockerfile?
• Instructions for how to build a
Docker image
FROM anonmily/node:latest
MAINTAINER Michelle Liu
<michelle@michelleliu.io>
COPY src/node_modules /src/node_modules
COPY certs /src/certs
EXPOSE 443
WORKDIR /src
ENV PATH /src/bin:$PATH
COPY src/bin /src/bin
COPY src/app /src/app
COPY src/server.js src/app.js
src/package.json Makefile /src/
CMD ["startserver"]
43. Anatomy of a Dockerfile
• FROM what base image to use for the new image
• MAINTAINER who maintains the image
• COPY source destination copy files from the source location to destination
• ENV set environmental variables
• WORKDIR set working directory of the container
• CMD run command
• EXPOSE indicates what ports should be available for exposure
45. Utilizing the Layer Cache
FROM anonmily/node:latest
MAINTAINER Michelle Liu <michelle@michelleliu.io>
COPY src/node_modules /src/node_modules
COPY certs /src/certs
EXPOSE 443
WORKDIR /src
ENV PATH /src/bin:$PATH
COPY src/bin /src/bin
COPY src/app /src/app
COPY src/server.js src/app.js src/package.json
Makefile /src/
CMD ["startserver"]
Least changed
files on top
More
frequently
changed files
on bottom
46. Building the image
# ./bin/buildapi
docker build -t myregistry.com/nodeapi:latest .
# ./bin/pushapi
docker push myregistry.com/nodeapi:latest
47. Updating to a newer image
# ./bin/updatecontainer
docker pull myregistry.com/nodeapi:latest
docker kill nodeapicontainer;
docker rm nodeapicontainer;
docker run --name nodeapi01
-p 443:443
-dit
--env-file /home/production.env
myregistry.com/nodeapi:latest
startserver
48. An easy way to deploy
1. Push the new image up onto the Docker registry (e.g. 1.0.0)
2. From the servers, pull down the new image
3. Kill the currently running container based off the old outdated image
4. Run a new container based off the new image
50. Startserver
#!/bin/bash
pm2 dump
pm2 start /src/server.js -i 0 --name
nodeapi --no-daemon &
If you want to start your container up with more than
one command, use a bash script
51. Docker remote API
An API for the Docker daemon/server that allows you to make requests
to/query the server for creating/editing or for information on
containers/images.
52. Docker remote API
By default, the Docker daemon will run on the unix port at
/var/run/docker.sock. To get started with the Docker remote API, make sure
that you have a cURL version greater than 7.40 so that the –unix-socket
option is available. Then, we can use curl to interact with the remote API by:
curl --unix-socket /var/run/docker.sock http://containers/json
53. Docker remote API
It’s also possible to bind the Docker daemon to a TCP port at startup by:
docker daemon –H tcp://0.0.0.0:2375 –H /var/run/docker.sock
It will then be possible to access the remote API on the host publicly (though
it is a security issue).
curl http://localhost:2375/containers/json