Docker in Action

docker help
docker help cp
docker run --detach --name web nginx:latest
docker run -d --name mailer
docker run --interactive --tty --link web:web --name web_test busybox:latest /bin/sh
docker run -it --name agent --link web:insideweb --link mailer:insidemailer  dockerinaction/ch2_agent
docker ps
docker restart web
docker restart mailer
docker restart agent
docker logs web
docker run -d --name namespaceA busybox:latest /bin/sh -c "sleep 30000"
docker run -d --name namespaceB busybox:latest /bin/sh -c "nc -l -p 0.0.0.0:80"
docker exec namespaceA ps
docker exec namespaceB ps
docker run --pid host busybox:latest ps
docker run –d --name webConflict nginx:latest
docker logs webConflict
docker exec webConflict nginx -g 'daemon off‘
docker run -d --name webA nginx:latest
docker logs webA
docker run -d --name webB nginx:latest
docker logs webB
docker run -d --name webid nginx
docker rename webid webid-old
docker run -d --name webid nginx
docker exec 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5 ps
docker stop 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5
docker create nginx
CID=$(docker create nginx:latest)
echo $CID
docker create --cidfile /tmp/web.cid nginx
cat /tmp/web.cid
CID=$(docker ps --latest --quiet)
echo $CID
CID=$(docker ps -l –q)
echo $CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker create nginx)
AGENT_CID=$(docker create --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker ps -a
docker start $WEB_CID
docker start $AGENT_CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker run -d nginx)
AGENT_CID=$(docker run -d --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker run -d --name wpdb -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5
docker run -d --name wp2 --link wpdb:mysql -p 80 --read-only wordpress:4
docker logs wp2
docker run -d --name wp3 --link wpdb:mysql -p 80 -v /run/lock/apache2/ -v /run/apache2/ --read-only wordpress:4
SQL_CID=$(docker create -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
docker start $SQL_CID
MAILER_CID=$(docker create dockerinaction/ch2_mailer)
docker start $MAILER_CID
WP_CID=$(docker create --link $SQL_CID:mysql -p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create --link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run --env MY_ENVIRONMENT_VAR="this is a test" \
busybox:latest \
env
docker create --env WORDPRESS_DB_HOST=<my database hostname> wordpress:4
docker create \
--env WORDPRESS_DB_HOST=<my database hostname> \
--env WORDPRESS_DB_USER=site_admin \
--env WORDPRESS_DB_PASSWORD=MeowMix42 \
wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_a_wp wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_b_wp wordpress:4
DB_CID=$(docker run -d -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
if [ ! -n "$CLIENT_ID" ]; then
echo "Client ID not set”
exit 1
fi
WP_CID=$(docker create \
--link $DB_CID:mysql \
--name wp_$CLIENT_ID \
-p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
-e WORDPRESS_DB_NAME=$CLIENT_ID \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create \
--name agent_$CLIENT_ID \
--link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run -d --name backoff-detector --restart always busybox date
docker run -d -p 80:80 --name lamp-test tutum/lamp
docker top lamp-test
docker exec lamp-test ps
docker exec lamp-test kill <PID>
docker run --entrypoint="cat" wordpress:4 /entrypoint.sh
docker ps -a
docker rm wp
docker run --rm --name auto-exit-test busybox:latest echo Hello World
docker rm -vf $(docker ps -a -q)
docker search postgres
docker rmi dockerinaction/ch3_ex2_hunt
docker rmi <mystery repository>
docker pull quay.io/dockerinaction/ch3_hello_registry:latest
docker pull busybox:latest
docker save -o myfile.tar busybox:latest
docker rmi busybox
docker load –i myfile.tar
git clone https://github.com/dockerinaction/ch3_dockerfile.git
docker build -t dia_ch3/dockerfile:latest ch3_dockerfile
docker rmi dia_ch3/dockerfile
rm -rf ch3_dockerfile
docker pull dockerinaction/ch3_myapp
docker pull dockerinaction/ch3_myotherapp
docker images -a 
docker rmi dockerinaction/ch3_myapp dockerinaction/ch3_myotherapp java:6
--storage-driver
docker run -d \
--volume /var/lib/cassandra/data \
--name cass-shared alpine echo Data Container
docker run -d --volumes-from cass-shared --name cass1 cassandra:2.2
docker run –it --rm --link cass1:cass cassandra:2.2 cqlsh cass
docker stop cass1
docker rm -vf cass1
docker run -d --volumes-from cass-shared --name cass2 cassandra:2.2
docker run –it --rm --link cass2:cass cassandra:2.2 cqlsh cass
docker rm -vf cass2 cass-shared
docker run -d --name bmweb -v ~/example-docs:/usr/local/apache2/htdocs  -p 80:80 httpd:latest
docker rm -vf bmweb
docker run --name bmweb_ro --volume ~/example-docs:/usr/local/apache2/htdocs/:ro -p 80:80 httpd:latest
docker run --rm -v ~/example-docs:/testspace:ro alpine /bin/sh -c 'echo test > /testspace/test'
ls ~/example-docs/absent
docker run --rm -v ~/example-docs/absent:/absent alpine:latest /bin/sh -c 'mount | grep absent'
ls ~/example-docs/absent
docker run -d -v /var/lib/cassandra/data --name cass-shared alpine echo Data Container
docker inspect -f "{{json .Volumes}}" cass-shared
mkdir ~/web-logs-example
docker run --name plath -d -v ~/web-logs-example:/data dockerinaction/ch4_writer_a
docker run --rm -v ~/web-logs-example:/reader-data alpine:latest head /reader-data/logA
cat ~/web-logs-example/logA
docker stop plath
docker run --name woolf -d \
--volume ~/web-logs-example:/data \
dockerinaction/ch4_writer_a
docker run --name alcott -d \
-v ~/web-logs-example:/data \
dockerinaction/ch4_writer_b
docker run --rm --entrypoint head \
-v ~/web-logs-example:/towatch:ro \
alpine:latest \
/towatch/logA
docker run --rm \
-v ~/web-logs-example:/toread:ro \
alpine:latest \
head /toread/logB
docker run --name fowler \
-v ~/example-books:/library/PoEAA \
-v /library/DSL \
alpine:latest \
echo "Fowler collection created."
docker run --name knuth \
-v /library/TAoCP.vol1 \
-v /library/TAoCP.vol2 \
-v /library/TAoCP.vol3 \
-v /library/TAoCP.vol4.a \
alpine:latest \
echo "Knuth collection created"
docker run --name reader \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest ls -l /library/
docker inspect --format "{{json .Volumes}}" reader
docker run --name aggregator \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest \
echo "Collection Created."
docker run --rm \
--volumes-from aggregator \
alpine:latest \
ls -l /library/
docker run --name chomsky --volume /library/ss \
alpine:latest echo "Chomsky collection created."
docker run --name lamport --volume /library/ss \
alpine:latest echo "Lamport collection created."
docker run --name student \
--volumes-from chomsky --volumes-from lamport \
alpine:latest ls -l /library/
docker inspect -f "{{json .Volumes}}" student
docker rm -v student
docker rm -v $(docker ps -aq)
docker run --name dpvc \
-v /config \
dockerinaction/ch4_packed /bin/sh -c 'cp /packed/* /config/'
docker run --rm --volumes-from dpvc \
alpine:latest ls /config
docker run --rm --volumes-from dpvc \
alpine:latest cat /config/packedData
docker rm -v dpvc
docker run --name tools dockerinaction/ch4_tools
docker run --rm \
--volumes-from tools \
alpine:latest \
ls /operations/*
docker run -d --name important_application \
--volumes-from tools \
dockerinaction/ch4_ia
docker exec important_application /operations/tools/someTool
docker rm -vf important_application
docker rm -v tools
docker run --name devConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /development/* /config/'
docker run --name prodConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /production/* /config/'
docker run --name devApp \
--volumes-from devConfig \
dockerinaction/ch4_polyapp
docker run --name prodApp \
--volumes-from prodConfig \
dockerinaction/ch4_polyapp
docker run --rm \
--net none \
alpine:latest \
ip addr
docker run --rm \
--net none \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--net bridge \
alpine:latest \
ip addr
docker run --rm \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--hostname barker \
alpine:latest \
nslookup barker
docker run --rm \
--dns 8.8.8.8 \
alpine:latest \
nslookup docker.com
docker run --rm \
--dns-search docker.com \
busybox:latest \
nslookup registry.hub
docker run --rm \
--dns-search dev.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search test.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search mycompany \
--dns-search myothercompany ...
docker run --rm \
--add-host test:10.10.10.255 \
alpine:latest \
nslookup test
docker run --rm \
--hostname mycontainer \
--add-host docker.com:127.0.0.1 \
--add-host test:10.10.10.2 \
alpine:latest \
cat /etc/hosts
docker run -p 3333:3333
docker run -p 192.168.0.32::2222 ...
docker run -d --name dawson \
-p 5000 \
-p 6000 \
-p 7000 \
dockerinaction/ch5_expose
docker run -d --name woolery \
-P \
dockerinaction/ch5_expose
docker run -d --name philbin \
--expose 8000 \
-P \
dockerinaction/ch5_expose
docker port philbin
docker run -it --rm dockerinaction/ch5_nmap -sS -p 3333 172.17.0.0/24
docker -d --icc=false
docker -d --bip "192.168.0.128" 
docker -d --fixed-cidr "192.168.0.192/26"
docker -d –mtu 1200
docker -d -b mybridge ...
docker -d --bridge mybridge
docker run -d --name brady \
--net none alpine:latest \
nc -l 127.0.0.1:3333
docker run -it \
--net container:brady \
alpine:latest netstat –al
docker run --rm \
--net host \
alpine:latest ip addr
docker run -d --name importantData \
--expose 3306 \
dockerinaction/mysql_noauth \
service mysql_noauth start
docker run -d --name importantWebapp \
--link imporantData:db \
dockerinaction/ch5_web startapp.sh -db tcp://db:3306
docker run -d --name buggyProgram \
dockerinaction/ch5_buggy
docker run --link a:alias-a --link b:alias-b --link c:alias-c
docker run -d --name mydb --expose 3306 \
alpine:latest nc -l 0.0.0.0:3306
docker run -it --rm \
dockerinaction/ch5_ff echo This "shouldn't" work.
docker run -it --rm \
--link mydb:wrongalias \
dockerinaction/ch5_ff echo Wrong.
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff echo It worked.
docker stop mydb && docker rm mydb
docker run -d --name mydb \
--expose 2222 --expose 3333 --expose 4444/udp \
alpine:latest nc -l 0.0.0.0:2222
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff env
docker stop mydb && docker rm mydb
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024
--user nobody \
--cap-drop all \
dockerfile/mariadb
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--user nobody \
--cap-drop net_raw \
--link ch6_mariadb \
wordpress:4.1
docker run -d \
--cpuset-cpus 0 \
--name ch6_stresser dockerinaction/ch6_stresse
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
docker -d -u nobody --name ch6_ipc_producer \
dockerinaction/ch6_ipc -producer
docker -d -u nobody --name ch6_ipc_consumer \
dockerinaction/ch6_ipc -consumer
docker logs ch6_ipc_producer
docker logs ch6_ipc_consumer
docker rm -v ch6_ipc_consumer
docker -d --name ch6_ipc_consumer \
--ipc container:ch6_ipc_producer \
dockerinaction/ch6_ipc -consumer
docker -d --name ch6_ipc_producer \
--ipc host \
dockerinaction/ch6_ipc –producer
docker -d --name ch6_ipc_consumer \
--ipc host \
dockerinaction/ch6_ipc -consumer
docker rm -vf ch6_ipc_producer ch6_ipc_consumer
docker create --name bob busybox:latest ping localhost
docker inspect bob
docker inspect --format "{{.Config.User}}" bob
docker run --rm --entrypoint "" busybox:latest whoami
docker run --rm --entrypoint "" busybox:latest id
docker run --rm busybox:latest awk -F: '$0=$1' /etc/passwd
docker run --rm \
--user nobody \
busybox:latest id
docker run --rm \
-u nobody:default \
busybox:latest id
docker run --rm \
-u 10000:20000 \
busybox:latest id
docker run -it --name escalation -u nobody busybox:latest \
/bin/sh -c "whoami; su -c whoami"
echo "e=mc^2" > garbage
chmod 600 garbage
sudo chown root:root garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u nobody \
ubuntu:latest cat /test/garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u root ubuntu:latest cat /test/garbage
# Outputs: "e=mc^2"
# cleanup that garbage
sudo rm -f garbage
mkdir logFiles
sudo chown 2000:2000 logFiles
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo This is important info > /logFiles/important.log"
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo More info >> /logFiles/important.log"
sudo rm –r logFiles
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
--cap-drop net_raw \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm -u nobody \
--cap-add sys_admin \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm \
--privileged \
ubuntu:latest id
docker run --rm \
--privileged \
ubuntu:latest capsh –print
docker run --rm \
--privileged \
ubuntu:latest ls /dev
docker run --rm \
--privileged \
ubuntu:latest ifconfig
docker run -d \
--lxc-conf="lxc.cgroup.cpuset.cpus=0,1" \
--name ch6_stresser dockerinaction/ch6_stresser
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker run --name hw_container ubuntu:latest touch /HelloWorld
docker commit hw_container hw_image
docker rm -vf hw_container
docker run --rm hw_image ls -l /HelloWorld
docker run -it --name image-dev ubuntu:latest /bin/bash
apt-get –y install git
git version
exit
docker diff image-dev
docker run --name tweak-a busybox:latest touch /HelloWorld
docker diff tweak-a
docker run --name tweak-d busybox:latest rm /bin/vi
docker run --name tweak-c busybox:latest touch /bin/vi
docker diff tweak-c
docker rm -vf tweak-a
docker rm -vf tweak-d
docker rm -vf tweak-c
docker commit -a "@dockerinaction" -m "Added git" image-dev ubuntu-git
docker run --rm ubuntu-git git version
docker run --rm ubuntu-git
docker run --name cmd-git --entrypoint git ubuntu-git
docker commit -m "Set CMD git" -a "@dockerinaction" cmd-git ubuntu-git
docker rm -vf cmd-git
docker run --name cmd-git ubuntu-git version
docker run --name rich-image-example \
-e ENV_EXAMPLE1=Rich -e ENV_EXAMPLE2=Example \
busybox:latest
docker commit rich-image-example rie
docker run --rm rie \
/bin/sh -c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker run --name rich-image-example-2 \
--entrypoint "/bin/sh" \
rie \
-c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker commit rich-image-example-2 rie
docker run --rm rie
docker run --name mod_ubuntu ubuntu:latest touch /mychange
docker diff mod_ubuntu
docker run --name mod_busybox_delete busybox:latest rm /etc/profile
docker diff mod_busybox_delete
docker run --name mod_busybox_change busybox:latest touch /etc/profile
docker diff mod_busybox_change
docker commit mod_ubuntu
docker commit mod_ubuntu myuser/myfirstrepo:mytag
docker tag ubuntu-git:latest ubuntu-git:1.9
docker run --name image-dev2 \
--entrypoint /bin/bash \
ubuntu-git:latest -c "apt-get remove -y git"
docker commit image-dev2 ubuntu-git:removed
docker tag -f ubuntu-git:removed ubuntu-git:latest
docker images
docker history ubuntu-git:removed
docker run --name export-test dockerinaction/ch7_packed:latest ./echo For Export
docker export --output contents.tar export-test
docker rm export-test
tar -tf contents.tar
docker run --rm -v "$(pwd)":/usr/src/hello \
-w /usr/src/hello golang:1.3 go build -v
docker import -c "ENTRYPOINT [\"/hello\"]" - \
dockerinaction/ch7_static < static_hello.tar
docker run dockerinaction/ch7_static
docker history dockerinaction/ch7_static

# An example Dockerfile for installing Git on Ubuntu
FROM ubuntu:latest
MAINTAINER "dockerinaction@allingeek.com"
RUN apt-get install -y git
ENTRYPOINT ["git"]

docker build --tag ubuntu-git:auto . 
docker run --rm ubuntu-git:auto
RUN apt-get install -y git
docker build --tag ubuntu-git:auto .


.dockerignore
mailer-base.df
mailer-logging.df
mailer-live.df

FROM debian:wheezy
MAINTAINER Jeff Nickoloff "dia@allingeek.com"
RUN groupadd -r -g 2200 example && \
useradd -rM -g example -u 2200 example
ENV APPROOT="/app" \
APP="mailer.sh" \
VERSION="0.6"
LABEL base.name="Mailer Archetype" \
base.version="${VERSION}"
WORKDIR $APPROOT
ADD . $APPROOT
ENTRYPOINT ["/app/mailer.sh"]
EXPOSE 33333
# implementations will not be able to update the image
# USER example:example
docker build -t dockerinaction/mailer-base:0.6 -f mailer-base.df
docker inspect dockerinaction/mailer-base:0.6

FROM dockerinaction/mailer-base:0.6
COPY ["./log-impl", "${APPROOT}"]
RUN chmod a+x ${APPROOT}/${APP} && \
chown example:example /var/log
USER example:example
VOLUME ["/var/log"]
CMD ["/var/log/mailer.log"]

#!/bin/sh
printf "Logging Mailer has started.\n"
while true
do
MESSAGE=$(nc -l -p 33333)
printf "[Message]: %s\n" "$MESSAGE" > $1
sleep 1
done

docker build -t dockerinaction/mailer-logging -f mailer-logging.df .
docker run -d --name logging-mailer dockerinaction/mailer-logging

FROM dockerinaction/mailer-base:0.6
ADD ["./live-impl", "${APPROOT}"]
RUN apt-get update && \
apt-get install -y curl python && \
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" && \
python get-pip.py && \
pip install awscli && \
rm get-pip.py && \
chmod a+x "${APPROOT}/${APP}"
RUN apt-get install -y netcat
USER example:example
CMD ["mailer@dockerinaction.com", "pager@dockerinaction.com"]

#!/bin/sh
printf "Live Mailer has started.\n"
while true
do
MESSAGE=$(nc -l -p 33333)
aws ses send-email --from $1 \
--destination {\"ToAddresses\":[\"$2\"]} \
--message "{\"Subject\":{\"Data\":\"Mailer Alert\"},\
\"Body\":{\"Text\":{\"Data\":\"$MESSAGE}\"}}}"
sleep 1
done

docker build -t dockerinaction/mailer-live -f mailer-live.df .
docker run -d --name live-mailer dockerinaction/mailer-live

ONBUILD COPY [".", "/var/myapp"]
ONBUILD RUN go build /var/myapp

FROM busybox:latest
WORKDIR /app
RUN touch /app/base-evidence
ONBUILD RUN ls -al /app

FROM dockerinaction/ch8_onbuild
RUN touch downstream-evidence
RUN ls -al .

docker build -t dockerinaction/ch8_onbuild -f base.df .
ocker build -t dockerinaction/ch8_onbuild_down -f downstream.df .

#!/bin/bash
set -e
if [ -n "$WEB_PORT_80_TCP" ]; then
if [ -z "$WEB_HOST" ]; then
WEB_HOST='web'
else
echo >&2 '[WARN]: Linked container, "web" overridden by $WEB_HOST.'
echo >&2 "===> Connecting to WEB_HOST ($WEB_HOST)"
fi
fi
if [ -z "$WEB_HOST" ]; then
echo >&2 '[ERROR]: specify a linked container, "web" or WEB_HOST environment variable'
exit 1
fi
exec "$@" # run the default command

docker pull debian:jessie
FROM busybox:latest
USER 1000:1000
ENTRYPOINT ["nc"]
CMD ["-l", "-p", "80", "0.0.0.0"]

docker build \
-t dockerinaction/ch8_perm_denied \
-f UserPermissionDenied.df \
.
docker run dockerinaction/ch8_perm_denied
# Output:
# nc: bind: Permission denied

RUN groupadd -r postgres && useradd -r -g postgres postgres

FROM ubuntu:latest
# Set the SUID bit on whoami
RUN chmod u+s /usr/bin/whoami
# Create an example user and set it as the default
RUN adduser --system --no-create-home --disabled-password --disabled-login \
--shell /bin/sh example
USER example
# Set the default to compare the container user and
# the effective user for whoami
CMD printf "Container running as: %s\n" $(id -u -n) && \
printf "Effectively running whoami as: %s\n" $(whoami)

docker build -t dockerinaction/ch8_whoami .
docker run dockerinaction/ch8_whoami
docker run --rm debian:wheezy find / -perm +6000 -type f
docker run --rm debian:wheezy find / -perm +2000 -type f

RUN for i in $(find / -type f \( -perm +6000 -o -perm +2000 \)); \
do chmod ug-s $i; done

FROM busybox:latest
CMD echo Hello World

docker build \
-t <insert Docker Hub username>/hello-dockerfile \
-f HelloWorld.df \
docker login
docker push <insert Docker Hub username>/hello-dockerfile
docker search dockerinaction/hello-dockerfile

git init
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
git remote add origin \
https://github.com/<your username>/hello-docker.git

git add Dockerfile
git commit -m "first commit"
git push -u origin master

docker search <your username>/hello-docker
docker run -d -p 5000:5000 \
-v "$(pwd)"/data:/tmp/registry-dev \
--restart=always --name local-registry registry:2

docker pull dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker tag dockerinaction/ch9_registry_bound \
localhost:5000/dockerinaction/ch9_registry_bound
docker push localhost:5000/dockerinaction/ch9_registry_bound

docker rmi \
dockerinaction/ch9_registry_bound \
localhost:5000/dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker pull localhost:5000/dockerinaction/ch9_registry_bound
docker images -f "label=dia_excercise=ch9_registry_bound"
docker rm -vf local-registry

docker run -d --name ftp-transport -p 21:12 dockerinaction/ch9_ftpd
docker save -o ./registry.2.tar registry:2

docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e 'cd pub/incoming; put registry.2.tar; exit' ftp_server

docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e "cd pub/incoming; ls; exit" ftp_server

docker run --rm --link ftp-transport:ftp_server \
-v "$(pwd)":/data \
dockerinaction/ch9_ftp_client \
-e 'cd pub/incoming; get registry.2.tar; exit' ftp_server

docker load -i registry.2.tar

it init
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
git add Dockerfile
# git add *whatever other files you need for the image*
git commit -m "first commit"
git remote add origin https://github.com/<your username>/<your repo>.git
git push -u origin master

git clone https://github.com/<your username>/<your repo>.git
cd <your-repo>
docker build -t <your username>/<your repo> .

docker run -d --name personal_registry \
-p 5000:5000 --restart=always \
registry:2

docker tag registry:2 localhost:5000/distribution:2
docker push localhost:5000/distribution:2

docker rmi localhost:5000/distribution:2
docker pull localhost:5000/distribution:2

FROM gliderlabs/alpine:latest
LABEL source=dockerinaction
LABEL category=utility
RUN apk --update add curl
ENTRYPOINT ["curl"]
CMD ["--help"]
docker build -t dockerinaction/curl -f curl.df .

docker run --rm --net host dockerinaction/curl -Is
http://localhost:5000/v2/

docker run --rm -u 1000:1000 --net host \
dockerinaction/curl -s http://localhost:5000/v2/distribution/tags/list

docker tag \
localhost:5000/distribution:2 \
localhost:5000/distribution:two
docker push localhost:5000/distribution:two
docker run --rm \
-u 1000:1000 \
--net host \
dockerinaction/curl \
-s http://localhost:5000/v2/distribution/tags/list

upstream docker-registry {
server registry:5000;
}
server {
listen 80;
# Use the localhost name for testing purposes
server_name localhost;
# A real deployment would use the real hostname where it is deployed
# server_name mytotallyawesomeregistry.com;
client_max_body_size 0;
chunked_transfer_encoding on;
# We’re going to forward all traffic bound for the registry
location /v2/ {
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}


FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ./basic-proxy.conf /etc/nginx/conf.d/default.conf

docker build -t dockerinaction/basic_proxy -f basic-proxy.df .

docker run -d --name basic_proxy -p 80:80 \
--link personal_registry:registry \
dockerinaction/basic_proxy
docker run --rm -u 1000:1000 --net host \
dockerinaction/curl \
-s http://localhost:80/v2/distribution/tags/list

docker run --rm -e COMMON_NAME=localhost -e KEY_NAME=localhost \
-v "$(pwd)":/certs centurylink/openssl

upstream docker-registry {
server registry:5000;
}
server {
listen 443 ssl;
server_name localhost
client_max_body_size 0;
chunked_transfer_encoding on;
ssl_certificate /etc/nginx/conf.d/localhost.crt;
ssl_certificate_key /etc/nginx/conf.d/localhost.key;
location /v2/ {
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}

FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ["./tls-proxy.conf", \
"./localhost.crt", \
"./localhost.key", \
"/etc/nginx/conf.d/"]

docker build -t dockerinaction/tls_proxy -f tls-proxy.df .

docker run -d --name tls-proxy -p 443:443 \
--link personal_registry:registry \
dockerinaction/tls_proxy
docker run --rm \
--net host \
dockerinaction/curl -ks \
https://localhost:443/v2/distribution/tags/list

FROM debian:jessie
LABEL source=dockerinaction
LABEL category=utility
RUN apt-get update && \
apt-get install -y apache2-utils
ENTRYPOINT ["htpasswd"]

docker build -t htpasswd -f htpasswd.df .

docker run -it --rm htpasswd -nB <USERNAME>

# filename: tls-auth-proxy.conf
upstream docker-registry {
server registry:5000;
}
server {
listen 443 ssl;
server_name localhost
client_max_body_size 0;
chunked_transfer_encoding on;
# SSL
ssl_certificate /etc/nginx/conf.d/localhost.crt;
ssl_certificate_key /etc/nginx/conf.d/localhost.key;
location /v2/ {
auth_basic "registry.localhost";
auth_basic_user_file /etc/nginx/conf.d/registry.password;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}

FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ["./tls-auth-proxy.conf", \
"./localhost.crt", \
"./localhost.key", \
"./registry.password", \
"/etc/nginx/conf.d/"]

# Filename: tls-auth-registry.df
FROM registry:2
LABEL source=dockerinaction
LABEL category=infrastructure
# Set the default argument to specify the config file to use
# Setting it early will enable layer caching if the
# tls-auth-registry.yml changes.
CMD ["/tls-auth-registry.yml"]
COPY ["./tls-auth-registry.yml", \
"./localhost.crt", \
"./localhost.key", \
"./registry.password", \
"/"]

docker build -t dockerinaction/secure_registry -f tls-auth-registry.df .
docker run -d --name secure_registry \
-p 5443:5000 --restart=always \
dockerinaction/secure_registry

upstream docker-registry-v2 {
server registry2:5000;
}
upstream docker-registry-v1 {
server registry1:5000;
}
server {
listen 80;
server_name localhost;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v1/ {
proxy_pass http://docker-registry-v1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location /v2/ {
proxy_pass http://docker-registry-v2;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}

FROM nginx:latest
LABEL source=dockerinaction
LABEL category=infrastructure
COPY ./dual-client-proxy.conf /etc/nginx/conf.d/default.conf

docker build -t dual_client_proxy -f dual-client-proxy.df .

docker run -d --name registry_v1 registry:0.9.1

docker run -d --name dual_client_proxy \
-p 80:80 \
--link personal_registry:registry2 \
--link registry_v1:registry1 \
dual_client_proxy
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -s http://localhost:80/v1/_ping
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -Is http://localhost:80/v2/


docker run -d --name dual_client_proxy \
-p 80:80 \
--link personal_registry:registry2 \
--link registry_v1:registry1 \
dual_client_proxy
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -s http://localhost:80/v1/_ping
docker run --rm -u 1000:1000 \
--net host \
dockerinaction/curl -Is http://localhost:80/v2/

docker run -d -e REGISTRY_LOG_LEVEL=error registry:2

docker run -d -e REGISTRY_HTTP_DEBUG='' registry:2

# Filename: docker-compose.yml
wordpress:
image: wordpress:4.2.2
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: example

docker-compose up

docker ps
docker-compose ps
docker-compose rm -v

git clone https://github.com/dockerinaction/ch11_notifications.git
cd ch11_notifications
docker-compose up -d

docker-compose logs
docker-compose logs pump elasticsearch

docker-compose up -d db

coffee:
build: ./coffee
user: 777:777
restart: always
expose:
- 3000
ports:
- "0:3000"
links:
- db:db
environment:
- COFFEEFINDER_DB_URI=postgresql://postgres:development@db:5432/po...
- COFFEEFINDER_CONFIG=development
- SERVICE_NAME=coffee
labels:
com.dockerinaction.chapter: "11"
com.dockerinaction.example: "Coffee API"
com.dockerinaction.role: "Application Logic"

docker-machine help

docker-machine create --driver virtualbox host1
docker-machine create --driver virtualbox host2
docker-machine create --driver virtualbox host3

docker-machine ls

docker-machine inspect host1
docker-machine inspect --format "{{.Driver.IPAddress}}" host1

docker-machine upgrade host3

docker-machine ssh host1
touch dog.file
exit

docker-machine ssh host1 "echo spot > dog.file"

docker-machine scp host1:dog.file host2:dog.file
docker-machine ssh host2 "cat dog.file"

docker-machine stop host2
docker-machine kill host3
docker-machine start host2
docker-machine rm host1 host2 host3

ocker-machine env machine1
docker-machine env --shell powershell machine1
docker-machine env --shell cmd machine1
docker-machine env --shell fish machine1
docker-machine env --shell bash machine1

docker-machine env --shell=powershell machine1 | Invoke-Expression
docker-machine active
docker-machine ls

docker pull dockerinaction/ch12_painted

eval "$(docker-machine env machine2)"
docker images

docker-machine create --driver virtualbox local
eval "$(docker-machine env local)"

docker run --rm swarm create

docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
--swarm-master \
machine0-manager
docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
machine1
docker-machine create \
--driver virtualbox \
--swarm \
--swarm-discovery token://<TOKEN> \
machine2

eval "$(docker-machine env --swarm machine0-manager)"

docker-machine env --swarm machine0-master | Invoke-Expression

docker run -t -d --name hello-swarm \
dockerinaction/ch12_painted \
Hello Swarm

docker ps -a -f name=hello-swarm

docker-compose -f flock.yml scale bird=10

docker-compose -f flock.yml kill
docker-compose -f flock.yml rm –vf

 

Docker-in-Action.pdf In 2011, I started working at Amazon.com. In that first week my life was changed as I learned how to use their internal build, dependency modeling, and deployment tool- ing. This was the kind of automated management I had always known was possible but had never seen. I was coming from a team that would deploy quarterly and take 10 hours to do so. At Amazon I was watching rolling deployments push changes I had made earlier that day to hundreds of machines spread all over the globe. If big tech firms had an engineering advantage over the rest of the corporate landscape, this was it. Early in 2013, I wanted to work with Graphite (a metrics collection and graphing suite). One day I sat down to install the software and start integrating a personal proj- ect. At this point I had several years of experience working with open source applica- tions, but few were as dependent on such large swaths of the Python ecosystem. The installation instructions were long and murky. Over the next several hours, I discov- ered many undocumented installation steps. These were things that might have been more obvious to a person with deeper Python ecosystem knowledge. After pouring over several installation guides, reading through configuration files, and fighting an epic battle through the deepest parts of dependency hell, I threw in the towel. Those had been some of the least inspiring hours of my life. I wanted nothing to do with the project. To make matters worse, I had altered my environment in a way that was incompatible with other software that I use regularly. Reverting those changes took an embarrassingly long time. I distinctly remember sitting at my desk one day in May that year. I was between tasks when I decided to check Hacker News for new ways to grow my skillset. Articles about a technology called Docker had made the front page a few times that week. That evening I decided to check it out. I hit the site and had the software installed within a few minutes. I was running Ubuntu on my desktop at home, and Docker only had two dependencies: LXC and the Linux kernel itself. Licensed to Stephanie Bernal <nordicka.n@gmail.com> PREFACE xiv Like everyone else, I kicked the tires with a “Hello, World” example, but learned little. Next I fired up Memcached. It was downloaded and running in under a minute. Then I started WordPress, which came bundled with its own M y SQL server. I pulled a couple different Java images, and then Python images. Then my mind flashed back to that terrible day with Graphite. I popped over to the Docker Index (this was before Docker Hub) and did a quick search. The results came back, and there it was. Some random user had created a Graphite image. I pulled it down and created a new container. It was running. A simple but fully configured Graphite server was running on my machine. I had accomplished in less than a minute of download time what I had failed to do with several hours a few months earlier. Docker was able to demonstrate value with the simplest of examples and minimum effort. I was sold. Over the next week, I tried the patience of a close friend by struggling to direct our conversations toward Docker and containers. I explained how package management was nice, but enforcing file system isolation as a default solved several management problems. I rattled on about resource efficiency and provisioning latency. I repeated this conversation with several other colleagues and fumbled through the container story. Everyone had the same set of tired questions, “Oh, it’s like virtualization?” and “Why do I need this if I have virtual machines?” The more questions people asked, the more I wanted to know. Based on the popularity of the project, this is a story shared by many. I began including sessions about Docker when I spoke publicly. In 2013 and 2014, only a few people had heard of Docker, and even fewer had actually tried the software. For the most part, the crowds consisted of a few skeptical system administrator types and a substantial number of excited developers. People reacted in a multitude of ways. Some were pure rejectionists who clearly preferred the status quo. Others could see problems that they experienced daily solved in a matter of moments. Those peo- ple reacted with an excitement similar to mine. In the summer of 2014, an associate publisher with Manning called me to talk about Docker. After a bit more than an hour on the phone he asked me if there was enough content there for a book. I suggested that there was enough for a few books. He asked me if I was interested in writing it, and I became more excited than I had been for some time. That fall I left Amazon.com and started work on Docker in Action. Today, I'm sitting in front of the finished manuscript. My goal in writing this book was to create something that would help people of mixed backgrounds get up to speed on Docker as quickly as possible, but in such a way that they understand the underlying mechanisms. The hope is that with that knowledge, readers can under- stand how Docker has been applied to certain problems, and how they might apply it in their own use-cases.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

张博208

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值