Archive for the ‘docker’ Category

Docker stack deploy

Posted: October 4, 2018 in docker

Docker stack is used to deploy containers on docker swarm. Syntax is very similar to docker-compose with some modification.

docker-compose.yml example file


services:
apache_httpd:
image: httpd:latest
deploy:
mode: replicated
replicas: 2
labels:
com.docker.descr: "test description"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == worker
preferences:
- spread: node.labels.zone
resources:
limits:
memory: 50M
reservations:
cpus: '0.10'
update_config:
parallelism: 1
delay: 10s
monitor: 4s

mode: replicated
replicas: 2

create 2 containers

labels: create docker label

placement:
constraints:
- node.role == worker

deploy container on worker

preferences:
- spread: node.labels.zone

deploy services evenly on all nodes with label zone.

resources:
limits:
memory: 50M

Assign 50 MB for each container

deply stack named stack:

docker stack deploy stack -c docker-compose.yml

list stack:

docker stack ps stack
ID                  NAME                       IMAGE               NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
px316bdihumh        stack_apache_httpd.1       httpd:latest        docker              Running             Running less than a second ago
wtkbnp1b2gmb         \_ stack_apache_httpd.1   httpd:latest        docker              Shutdown            Shutdown less than a second ago
9i6sxjt18igr        stack_apache_httpd.2       httpd:latest        docker              Running             Running less than a second ago
zhzz1keqtitc         \_ stack_apache_httpd.2   httpd:latest        docker              Shutdown            Shutdown less than a second ago</pre>
docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
8qanlez114d9 stack_apache_httpd replicated 2/2 httpd:latest *:80->80/tcp
Advertisements

Configuring Docker Swarm

Posted: October 2, 2018 in docker

A swarm is a group of machines that are running Docker and joined into a cluster.

Consider it as some kind of failover cluster.If one docker host is down, remaining containers will run on other docker host.Swarm has 2 nodes:

-manager:managing docker containers.

-worker:execute containers

Creating swarm:

docker swarm init

1.PNG

To join other docker host to this swarm type:

docker swarm join --token SWMTKN-1-49kz2okua328qsqibfmv0tiu5fxq3ou7ivu27qwwjxuim3g03m-3epqd7g12fkre623hzvl1ta41 172.23.124.227:2377

172.23.124.227 is IP of machine on which docker swarm is initiated

To check swarm status:

docker info

2.png

On swarm manager run bellow command to get docker members

docker node ls

3.PNG

4.PNG

We can see that docker host dockerswarm is swarm manager.

To promote worker to manager run following command on manager:

[root@dockerswarm ~]# docker node promote docker
Node docker promoted to a manager in the swarm.docker node promote docker

To create 6 nginx containers run:


docker service create --replicas 6 -p 80:80 nginx

5.PNG

6.PNG

To see service status:

docker service ps xenodochial_hawking

7.PNG

8.PNG

From picture above we can see that nginx container is evenly distributed among docker hosts.

We can access nginx container through docker host IP’s

curl 172.23.124.231

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.

To limit containers to particular dosker host:

docker service update --constraint-add "node.hostname==docker" xenodochial_hawking

To revert to previous configuration:

docker service update --rollback xenodochial_hawking

To remove service:

docker service rm xenodochial_hawking

Configuring Portus Docker registry

Posted: October 1, 2018 in docker

In last post we installed Portus registry.Now we’ll create user and Teams.

Under Users click Create New user

1.png

Set username/password

2.PNG

Teams are the way in which we can manage our users. Each team owns a set of namespaces, which are used to group repositories. Besides grouping namespaces, teams are used to manage the permissions in which each team member can push/pull certain repositories. This is done through Teams roles.

  • Viewer: viewers can only pull from the repositories owned by the team.
  • Contributor: contributors can both pull and push from the repositories owned by the team.
  • Owner: owners have the same permissions as contributors, but they can also manage the list of team members. Owners can: add/remove team members and edit the role of team members.

Under Teams click Create new team.

3.png

Specify Teams owner

4.PNG

Once Teams is created, add members

5.png

Specify role

6.PNG

A namespace is simply a collection of repositories. Namespaces are the way in which Portus is able to manage repositories in a friendly and clear way. Each namespace belongs to a team.

To create namespace under Namespaces click Create new namespace

7.png

Specify teams for Namespace

8.PNG

 

9.PNG

We set Viewer role to test user.He can pull images from repository but can’t push anything to it

Tag image:

docker tag nginx docker.com/myteam/nginx:latest

Login as test user:

docker login docker.com/myteam
Username: test
Password:
Login Succeeded

Try pushing image to Portus, it will fail

docker push docker.com/myteam/nginx:latest
The push refers to repository [docker.com/myteam/nginx]
e8916cb59586: Layer already exists
3bbff39fa30b: Layer already exists
8b15606a9e3e: Layer already exists
errors:
denied: requested access to the resource is denied
unauthorized: authentication required

 

 

 

Portus is open-source Docker registry where we can store and manage our Docker images.

Installing Docker/docker compose

wget -qO- https://get.docker.com/ | sh

The above command downloads and executes a small installation script written by the Docker team.

Add your user to the docker group with the following command.

sudo usermod -aG docker $(whoami)

Log out and log in from your server to activate your new groups.

Set Docker to start automatically at boot time:

sudo systemctl enable docker.service

Finally, start the Docker service:

sudo systemctl start docker.service

Install docker-compose

sudo yum install epel-release
sudo yum install -y python-pip

Then you can install Docker Compose:

sudo pip install docker-compose

Set hostname (needed for SSL certificate)

vi /etc/hostname
[root@docker secrets]# cat /etc/hosts
127.0.0.1 docker.com localhost.localdomain localhost4 localhost4.localdomain4

Clone Portus gitclone repositiry

git clone https://github.com/SUSE/Portus.git Install Self-signed certificate in Portus/examples/compose/secrets folder generate sertificates

openssl genrsa -des3 -out server.key 4096

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

mv server.crt portus.crt
mv server.key portus.key

1.PNG

0.PNG

Edit /Portus/examples/compose/nginx/nginx.conf (change hostname)

server {
listen 443 ssl http2;
server_name docker.com;
root /srv/Portus/public;

Edit /Portus/examples/compose/docker-compose.yml

Remove all links (exampe below)

links:
- db

links:
- portus:portus

Under nginx section add hostname variable:

nginx:
image: library/nginx:alpine
networks:
 default:
  aliases:
   - ${MACHINE_FQDN}

At the top of file add environment varaible

environment:
- CCONFIG_PREFIX=PORTUS

Edit /Portus/examples/compose/.env file, set MACHINE_FQDN

MACHINE_FQDN=docker.com

SECRET_KEY_BASE=b494a25faa8d22e430e843e220e424e10ac84d2ce0e64231f5b636d21251eb6d267adb042ad5884cbff0f3891bcf911bdf8abb3ce719849ccda9a4889249e5c2
PORTUS_PASSWORD=12341234
DATABASE_PASSWORD=portus

apply changes:

. .env

Run Portus image

docker-compose up -d

2.PNG

Test connection

I tested connection from Windows 10 machine, created a host record for linux Portus host

3.PNG

Set username/pass

4.PNG

Export sertificate to file.

5.PNG

Import certificate to Trusted root certification authority

5-1.PNG

5-2.PNG

Now Sertificate warning will go away.

Define Repository name

4-1.PNG

6.PNG

7.PNG

Pushing & Pulling images to/from Portus repository

C:\Users\ja>docker login docker.com
Username: admin
Password:
Login Succeeded

Tag image to point to Portus registry

tag docker4w/nsenter-dockerd:latest docker.com/registry:ncenter
docker push docker.com/registry:ncenter

8.PNG

Pulling same image from repository

C:\Users\ja>docker rmi docker.com/registry:ncenter
Untagged: docker.com/registry:ncenter
Untagged: docker.com/registry@sha256:2bcdfb81dab062c329a337218a70f48f0f2b973f47cd8afb7f7f96aa78d99a8c
C:\Users\ja>docker pull docker.com/registry:ncenter
ncenter: Pulling from registry
Digest: sha256:2bcdfb81dab062c329a337218a70f48f0f2b973f47cd8afb7f7f96aa78d99a8c
Status: Downloaded newer image for docker.com/registry:ncenter

First create free account on https://hub.docker.com.

Create repository:

1.png

Choose visibility

2.png

Log in to Your repostitory

docker login docker.io

Because i’m already authenticated by Docker for Windows app, othervise, i would need to provide Docker hub credentials

3.png

4.PNG

Push image to Docker Hub:

5.PNG

We need to re-tag image to match our repository name

6.PNG

docker tag httpd:latest dragan979/myrepo:myhttpd

and push it to Docker Hub

docker push dragan979/myrepo:myhttpd

 

6-1.PNG

 

7.PNG

Docker-Adding network

Posted: September 27, 2018 in docker

To add a network named test-net:

docker network create test-net

to add container to network (quirky-meitner is container name):

docker network connect test-net quirky_meitner

To check if container is deployed to test-net:

docker network inspect test-net

5.png

to list all networks:

docker network ls

3.PNG

To add new container to specific network

docker run -d --network test-net nginx

Adding network using docker-compose

Compose is a tool for defining and running multi docker containers.

Installing docker compose on Windows

In Powershell, since Github now requires TLS1.2, run the following:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Invoke-WebRequest "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\docker\docker-compose.exe

4.PNG

In CMD type C:\Program Files\Docker

In that path create docker-compose.yml file

version: '3.1'
services:
db:
image: mysql:latest
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
networks:
- backend
adminer:
image: adminer:latest
restart: always
ports:
- 8080:8080
networks:
- frontend
networks:
frontend:
driver: bridge
backend:
driver: bridge

This code created 2 networks:

frontend and backend,create 2 docker containers db and adminer and assignes frontend network to adminer and backend to db container

deploy container:

docker-compose up

Linking Docker containers

Posted: September 23, 2018 in docker

By linking containers we enable communication between docker containers.

Create httpd container:

docker run -d --name reuse_httpd httpd:latest

This container is running web server, it will start as detached (-d) without exposing ports,so it won’t be accessible from host

Now we’ll create another Docker container (i used mysq) and link it to httpd container created in previous step

docker run -it --link "reuse_httpd:web" mysql /bin/bash

we linked these 2 containers with –lin directive (web is alias for httpd container),now from mysql container try accessing httpd container:

apt-get update && apt-get install wget
wget http://web

root@0e9a0af44162:/# wget http://web
--2018-09-23 14:34:35-- http://web/
Resolving web (web)... 172.17.0.2
Connecting to web (web)|172.17.0.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45 [text/html]
Saving to: 'index.html.1'

index.html.1 100%[==================================================================================>] 45 --.-KB/s in 0s

2018-09-23 14:34:35 (10.5 MB/s) - 'index.html.1' saved [45/45]
root@0e9a0af44162:/# cat index.html

It works!

 

root@0e9a0af44162:/#

We can also see from docker logs that we reached web page of httpd docker

C:\Users\ja>docker logs reuse_httpd
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Sun Sep 23 14:27:56.576491 2018] [mpm_event:notice] [pid 1:tid 139809677555584] AH00489: Apache/2.4.34 (Unix) configured — resuming normal operations
[Sun Sep 23 14:27:56.576601 2018] [core:notice] [pid 1:tid 139809677555584] AH00094: Command line: ‘httpd -D FOREGROUND’172.17.0.3 – – [23/Sep/2018:14:34:26 +0000] “GET / HTTP/1.1” 200 45
172.17.0.3 – – [23/Sep/2018:14:34:35 +0000] “GET / HTTP/1.1” 200 45