Archive for September, 2018

Portus is open-source Docker registry where we can store and manage our Docker images.

Installing Docker/docker compose

wget -qO- https://get.docker.com/ | sh

The above command downloads and executes a small installation script written by the Docker team.

Add your user to the docker group with the following command.

sudo usermod -aG docker $(whoami)

Log out and log in from your server to activate your new groups.

Set Docker to start automatically at boot time:

sudo systemctl enable docker.service

Finally, start the Docker service:

sudo systemctl start docker.service

Install docker-compose

sudo yum install epel-release
sudo yum install -y python-pip

Then you can install Docker Compose:

sudo pip install docker-compose

Set hostname (needed for SSL certificate)

vi /etc/hostname
[root@docker secrets]# cat /etc/hosts
127.0.0.1 docker.com localhost.localdomain localhost4 localhost4.localdomain4

Clone Portus gitclone repositiry

git clone https://github.com/SUSE/Portus.git Install Self-signed certificate in Portus/examples/compose/secrets folder generate sertificates

openssl genrsa -des3 -out server.key 4096

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

mv server.crt portus.crt
mv server.key portus.key

1.PNG

0.PNG

Edit /Portus/examples/compose/nginx/nginx.conf (change hostname)

server {
listen 443 ssl http2;
server_name docker.com;
root /srv/Portus/public;

Edit /Portus/examples/compose/docker-compose.yml

Remove all links (exampe below)

links:
- db

links:
- portus:portus

Under nginx section add hostname variable:

nginx:
image: library/nginx:alpine
networks:
 default:
  aliases:
   - ${MACHINE_FQDN}

At the top of file add environment varaible

environment:
- CCONFIG_PREFIX=PORTUS

Edit /Portus/examples/compose/.env file, set MACHINE_FQDN

MACHINE_FQDN=docker.com

SECRET_KEY_BASE=b494a25faa8d22e430e843e220e424e10ac84d2ce0e64231f5b636d21251eb6d267adb042ad5884cbff0f3891bcf911bdf8abb3ce719849ccda9a4889249e5c2
PORTUS_PASSWORD=12341234
DATABASE_PASSWORD=portus

apply changes:

. .env

Run Portus image

docker-compose up -d

2.PNG

Test connection

I tested connection from Windows 10 machine, created a host record for linux Portus host

3.PNG

Set username/pass

4.PNG

Export sertificate to file.

5.PNG

Import certificate to Trusted root certification authority

5-1.PNG

5-2.PNG

Now Sertificate warning will go away.

Define Repository name

4-1.PNG

6.PNG

7.PNG

Pushing & Pulling images to/from Portus repository

C:\Users\ja>docker login docker.com
Username: admin
Password:
Login Succeeded

Tag image to point to Portus registry

tag docker4w/nsenter-dockerd:latest docker.com/registry:ncenter
docker push docker.com/registry:ncenter

8.PNG

Pulling same image from repository

C:\Users\ja>docker rmi docker.com/registry:ncenter
Untagged: docker.com/registry:ncenter
Untagged: docker.com/registry@sha256:2bcdfb81dab062c329a337218a70f48f0f2b973f47cd8afb7f7f96aa78d99a8c
C:\Users\ja>docker pull docker.com/registry:ncenter
ncenter: Pulling from registry
Digest: sha256:2bcdfb81dab062c329a337218a70f48f0f2b973f47cd8afb7f7f96aa78d99a8c
Status: Downloaded newer image for docker.com/registry:ncenter

Advertisements

First create free account on https://hub.docker.com.

Create repository:

1.png

Choose visibility

2.png

Log in to Your repostitory

docker login docker.io

Because i’m already authenticated by Docker for Windows app, othervise, i would need to provide Docker hub credentials

3.png

4.PNG

Push image to Docker Hub:

5.PNG

We need to re-tag image to match our repository name

6.PNG

docker tag httpd:latest dragan979/myrepo:myhttpd

and push it to Docker Hub

docker push dragan979/myrepo:myhttpd

 

6-1.PNG

 

7.PNG

Docker-Adding network

Posted: September 27, 2018 in docker

To add a network named test-net:

docker network create test-net

to add container to network (quirky-meitner is container name):

docker network connect test-net quirky_meitner

To check if container is deployed to test-net:

docker network inspect test-net

5.png

to list all networks:

docker network ls

3.PNG

To add new container to specific network

docker run -d --network test-net nginx

Adding network using docker-compose

Compose is a tool for defining and running multi docker containers.

Installing docker compose on Windows

In Powershell, since Github now requires TLS1.2, run the following:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Invoke-WebRequest "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\docker\docker-compose.exe

4.PNG

In CMD type C:\Program Files\Docker

In that path create docker-compose.yml file

version: '3.1'
services:
db:
image: mysql:latest
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
networks:
- backend
adminer:
image: adminer:latest
restart: always
ports:
- 8080:8080
networks:
- frontend
networks:
frontend:
driver: bridge
backend:
driver: bridge

This code created 2 networks:

frontend and backend,create 2 docker containers db and adminer and assignes frontend network to adminer and backend to db container

deploy container:

docker-compose up

This code will list all EC2 instances for every region and if termination protection is enabled, it will be disabled

import json
import boto3
def lambda_handler(event, context):
client = boto3.client('ec2')
ec2_regions = [region['RegionName'] for region in client.describe_regions()['Regions']]
for region in ec2_regions:
client = boto3.client('ec2', region_name=region)
conn = boto3.resource('ec2',region_name=region)
instances = conn.instances.filter()
for instance in instances:
#if instance.state["Name"] == "running":
#print instance.id # , instance.instance_type, region)
terminate_protection=client.describe_instance_attribute(InstanceId =instance.id,Attribute = 'disableApiTermination')
protection_value=(terminate_protection['DisableApiTermination']['Value'])
if protection_value == True:
client.modify_instance_attribute(InstanceId=instance.id,Attribute="disableApiTermination",Value= "False" )

 

Linking Docker containers

Posted: September 23, 2018 in docker

By linking containers we enable communication between docker containers.

Create httpd container:

docker run -d --name reuse_httpd httpd:latest

This container is running web server, it will start as detached (-d) without exposing ports,so it won’t be accessible from host

Now we’ll create another Docker container (i used mysq) and link it to httpd container created in previous step

docker run -it --link "reuse_httpd:web" mysql /bin/bash

we linked these 2 containers with –lin directive (web is alias for httpd container),now from mysql container try accessing httpd container:

apt-get update && apt-get install wget
wget http://web

root@0e9a0af44162:/# wget http://web
--2018-09-23 14:34:35-- http://web/
Resolving web (web)... 172.17.0.2
Connecting to web (web)|172.17.0.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45 [text/html]
Saving to: 'index.html.1'

index.html.1 100%[==================================================================================>] 45 --.-KB/s in 0s

2018-09-23 14:34:35 (10.5 MB/s) - 'index.html.1' saved [45/45]
root@0e9a0af44162:/# cat index.html

It works!

 

root@0e9a0af44162:/#

We can also see from docker logs that we reached web page of httpd docker

C:\Users\ja>docker logs reuse_httpd
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Sun Sep 23 14:27:56.576491 2018] [mpm_event:notice] [pid 1:tid 139809677555584] AH00489: Apache/2.4.34 (Unix) configured — resuming normal operations
[Sun Sep 23 14:27:56.576601 2018] [core:notice] [pid 1:tid 139809677555584] AH00094: Command line: ‘httpd -D FOREGROUND’172.17.0.3 – – [23/Sep/2018:14:34:26 +0000] “GET / HTTP/1.1” 200 45
172.17.0.3 – – [23/Sep/2018:14:34:35 +0000] “GET / HTTP/1.1” 200 45

Docker container healthcheck

Posted: September 23, 2018 in docker

Dockerfile (create httpd image,install curl,define healtchcheck parameters:

FROM httpd:latest

RUN apt-get update && apt-get install -y --no-install-recommends curl && apt-get clean

EXPOSE 80

HEALTHCHECK --interval=15s --retries=5 --timeout=30s --start-period=30s CMD curl -I -f "http://localhost:80" || exit 1
  • --interval=DURATION (default 30s)  – healthcheck interval
  • --timeout=DURATION (default 30s) – healtheck duration, if healtcheck takes more than timeout,check will be considered as failed
  • --retries=N (default 3) – how much time to retry healtcheck before declaring check as failed

curl :

-f, –fail

(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and more). This flag will prevent curl from outputting that and return error 22.

This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407).

-I, –head

(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the command HEAD which this uses to get nothing but the header of a document. When used on an FTP or FILE file, curl displays the file size and last modification time only.

exit can 2 outputs:

1-container not OK

0-container OK

build container (i tagged it http:check)

docker build . -t http:check

start it:

docker run -d -p 80:80 http:check

After docker is started inspect it’s state:

1.PNG

Healthcheck collects the data (healt:starting)

If we run same command after 5-6 seconds we’ll see healtcheck output.

2.PNG

We can check docker log by running

docker logs -f 844bdf650179

1.PNG

-f (will “update” logs-new lines will appear in the output)

–tail 10 -will return last 10 emtries in docker logs

2 years ago i wrote a post how to map volumes to docker images when docker is running on Linux.Now we’ll see how we can perform same when Docker is running on Windows.

I created a folder php on my Windows 10 (you fist need to create folder dockerfiles otherwise docker run command wont work !)

4.PNG

i put sample php script in it (script.php)

5.PNG

Browse to php folder (cd “path to php script”)

get current folder path:

SET var=%cd%

Following command will create php docker container, create home folder and will copy challenge.php to home  folder (note that we need to use forward slash (/) as we’re on Linux

docker run -it --rm -v "%var%/script.php:/home/challenge.php" php:latest /bin/bash

Docker will prompt for sharing drive and will ask for windows password

1.PNG

 

 

2.PNG

File is copied to doker container as we can see in following picture

 

3.PNG