Docker Installation

To get the most recent stable docker version on a Debian, system, add the docker repository as explained in Docker community edition for Debian. Then run :

sudo apt-get install docker-ce

Build

Instructions to create a container are storred in a Dockerfile. Docker hub is a collection of Dockerfiles. Containers stored on docker hub can be pulled and started directly from the docker run command. The section below explain how to write your own Docker file.

Docker file

docs.docker.com best practices for writing Dockerfiles

Build a container based on the Dockerfile in the present working directory

docker build -t friendlyhello .

Dockerfile from R packages:

I used R CMD build inside the docker file to build a package.

# Set the working directory to /R
WORKDIR /R

# Copy the current directory contents into the container at /R/packagename
ADD . /R/packagename

RUN R CMD build packagename

# R CMD build generates the file name from the description file
# Remember to update file name here below after a version update
RUN R -e 'install.packages("packagename_0.1.0.tar.gz")'

Compose file

docs.docker.com how services work

Compose several containers in a service Networking in compose from version 2, links are not required, for example with

db: image: postgres ports: - “8001:5432”

“Within the web container [in the same compose file], your connection string to db would look like postgres://db:5432, and from the host machine, the connection string would look like postgres://{DOCKER_IP}:8001.”

Restart policy

deploy:
  restart_policy:
    condition: on-failure

Volumes

docs.docker https://docs.docker.com/engine/admin/volumes/volumes/#create-and-manage-volumes List volumes:

docker volume ls

Inspect a volume:

docker volume inspect my-vol

Create a volume

docker volume create my-vol

Remove volumes:

docker volume rm <volume name>
docker volume rm $(docker volume ls -q) # all volumes

Start

Start containers

Start a container

sudo docker run hello-world

Restart a container

sudo docker restart hello-world

Stop a container

sudo docker stop [OPTIONS] CONTAINER [CONTAINER...]

Docker run options

  • -i, --interactive Keep STDIN open even if not attached
  • rm=true|false “Automatically remove the container when it exits (incompatible with -d). The default is false.”
  • -t, --tty Allocate a pseudo-TTY
  • -v, –volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) The -v option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the –volumes-from option.

Start services

Create a compose file then start the service with:

docker stack deploy -c docker-compose.yml servicename 

Stop the service with:

docker stack rm servicename 

swarm init error:

I specified the IP address Stackoverflow could not choose and IP address Error

Monitor

Monitor running containers

run metrics

docker stats <container-id>

Start a bash shell inside a container, -it stands for interactive

docker ps # find the ID of the running container
docker exec -it <container-id> bash 

Start a script within a container, non interactively

docker exec <container-id> /path/to/test.sh

Find the IP of a container:

sudo docker ps # look for the process id
sudo docker inspect <container id>

The IP is at the end. it can also be extracted with a template:

 sudo docker inspect -f '{{range .NetworkSettings.Networks}} IP {{.IPAddress}}{{end}}' <container id> 

Inspect options

Inspect the run restart policies Get the number of times a container was restarted:

docker inspect -f "{{ .RestartCount }}" my-container

Get the last time the container was (re)started;

docker inspect -f "{{ .State.StartedAt }}" my-container

Container logs

docker logs [OPTIONS] <container id>

Monitor stopped containers

See stopped containers

docker ps --filter "status=exited"

Inspect a stopped container

docker inspect <container-id>

Monitor running services

see which stacks are running

sudo docker stack ls
sudo docker stack services <stackname>

see which services are running

docker service ls

see which containers are running inside a service

docker service ps <service_name> 

You can also run docker ps to see all running processes.

Manage container images

Show available images on the system:

sudo docker images

Update a container image

How to upgrade docker container after its image changed Has information on the difference between volumes and bind mounts for data backup.

docker pull <image-name> 
docker stop <container-id> 
docker rm <image-name> 
docker run <image-name> [options]

If the container is part of a stack, you only need docker pull, then docker stack deploy.

Cleanup

A container should be stopped before it can be removed. Stop a container

docker ps
docker stop <container-id>

Remove a stopped container

docker rm <container-id>

Remove all stopped containers

docker container prune

Remove images

docker images # list available images
docker image rm  <image-id>

Security

docs.docker.com Manage sensitive data with Docker secrets * Example use secrets with a Wordpress service * Use secrets in compose * Declare the location of secrets :

 secrets:
   db_password:
     file: db_password.txt
   db_root_password:
     file: db_root_password.txt
  • give access to secrets to a service :

    db: image: mysql:latest volumes: - db_data:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD_FILE: /run/secrets/db_password secrets: - db_root_password - db_password

Stackoverflow Docker and securing passwords previous solution recommended passing passwords as environement variables. Docker now has a native solution to deal with secrets.