Girl Develop It is here to provide affordable and accessible programs to learn software through mentorship and hands-on instruction.
Some "rules"
Tell us about yourself.
The software industry has changed!
The file system and configuration of our application which are used to create containers.
Running instances of Docker images — containers run the actual applications. A container includes an application and all of its dependencies. It shares the kernel with other containers, and runs as an isolated process in user space on the host OS.
The background service running on the host that manages building, running and distributing Docker containers.
The command line tool that allows the user to interact with the Docker daemon.
A registry of Docker images. You can think of the registry as a directory of all available Docker images. You'll be using this later in this tutorial.
In your Docker environment, just run the following command:
$ docker run busybox echo hello world
hello world
That was our first container.
Let's run a more exciting container:
$ docker run -it ubuntu
root@04c0bb0a6c07:/#
root@04c0bb0a6c07:/# figlet hello
bash: figlet: command not found
Alright, we need to install it.
Let's check how many packages are installed here.
root@04c0bb0a6c07:/# dpkg -l | wc -l
189
We want figlet, so let's install it:
root@04c0bb0a6c07:/# apt-get update
...
Fetched 1514 kB in 14s (103 kB/s)
Reading package lists... Done
root@04c0bb0a6c07:/# apt-get install figlet
Reading package lists... Done
...
One minute later, figlet is installed!
# figlet hello _ __
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
Just exit the shell, like you would usually do.
(E.g. with ^D or exit)
root@04c0bb0a6c07:/# exit
What if we start a new container, and try to run figlet again?
$ docker run -it ubuntu
root@b13c164401fb:/# figlet
bash: figlet: command not found
We will run a small custom container.
This container just displays the time every second.
$ docker run jpetazzo/clock
Fri Feb 20 00:28:53 UTC 2015
Fri Feb 20 00:28:54 UTC 2015
Fri Feb 20 00:28:55 UTC 2015
...
Containers can be started in the background, with the -d flag (daemon mode):
$ docker run -d jpetazzo/clock
47d677dcfba4277c6cc68fcaa51f932b544cab1a187c853b7d0caf4e8debe5ad
How can we check that our container is still running?
With docker ps, just like the UNIX ps command, lists running processes.
$ docker ps
CONTAINER ID IMAGE ... CREATED STATUS ...
47d677dcfba4 jpetazzo/clock ... 2 minutes ago Up 2 minutes ...
Docker tells us:
Let's start two more containers:
$ docker run -d jpetazzo/clock
57ad9bdfc06bb4407c47220cf59ce21585dce9a1298d7a67488359aeaea8ae2a
$ docker run -d jpetazzo/clock
068cc994ffd0190bbe025ba74e4c0771a5d8f14734af772ddee8dc1aaf20567d
Check that docker ps correctly reports all 3 containers.
To see only the last container that was started:
$ docker ps -l
CONTAINER ID IMAGE ... CREATED STATUS ...
068cc994ffd0 jpetazzo/clock ... 2 minutes ago Up 2 minutes ...
To see only the ID of containers:
$ docker ps -q
068cc994ffd0
57ad9bdfc06b
47d677dcfba4
Combine those flags to see only the ID of the last container started!
$ docker ps -lq
068cc994ffd0
We said that Docker was logging the container output.
Let's see that now.
$ docker logs 068
Fri Feb 20 00:39:52 UTC 2015
Fri Feb 20 00:39:53 UTC 2015
...
To avoid being spammed with eleventy pages of output, we can use the --tail option:
$ docker logs --tail 3 068
Fri Feb 20 00:55:35 UTC 2015
Fri Feb 20 00:55:36 UTC 2015
Fri Feb 20 00:55:37 UTC 2015
The parameter is the number of lines that we want to see.
Just like with the standard UNIX command tail -f, we can follow the logs of our container:
$ docker logs --tail 1 --follow 068
Fri Feb 20 00:57:12 UTC 2015
Fri Feb 20 00:57:13 UTC 2015
^C
There are two ways we can terminate our detached container.
The first one stops the container immediately, by using the KILL signal.
The second one is more graceful. It sends a TERM signal, and after 10 seconds, if the container has not stopped, it sends KILL.
Reminder: the KILL signal cannot be intercepted, and will forcibly terminate the container.
Let's stop one of those containers:
$ docker stop 47d6
47d6
This will take 10 seconds:
Let's be less patient with the two other containers:
$ docker kill 068 57ad
068
57ad
The stop and kill commands can take multiple container IDs.
Those containers will be terminated immediately (without the 10 seconds delay).
Let's check that our containers don't show up anymore:
$ docker ps
We can also see stopped containers, with the -a (--all) option.
$ docker ps -a
CONTAINER ID IMAGE ... CREATED STATUS
068cc994ffd0 jpetazzo/clock ... 21 min. ago Exited (137) 3 min. ago
57ad9bdfc06b jpetazzo/clock ... 21 min. ago Exited (137) 3 min. ago
47d677dcfba4 jpetazzo/clock ... 23 min. ago Exited (137) 3 min. ago
5c1dfd4d81f1 jpetazzo/clock ... 40 min. ago Exited (0) 40 min. ago
b13c164401fb ubuntu ... 55 min. ago Exited (130) 53 min. ago
The distinction between foreground and background containers is arbitrary.
From Docker's point of view, all containers are the same.
All containers run the same way, whether there is a client attached to them or not. It is always possible to detach from a container, and to reattach to a container.
Analogy: attaching to a container is like plugging a keyboard and screen to a physical server.
What does -it stand for?
Start a container with a custom detach command:
$ docker run -ti --detach-keys ctrl-x,x jpetazzo/clock
Detach by hitting ^X x. (This is ctrl-x then x, not ctrl-x twice!)
Check that our container is still running:
$ docker ps -l
You can attach to a container:
$ docker attach <containerID>
Try it on our previous container:
$ docker attach $(docker ps -lq)
Check that ^X x doesn't work, but ^P ^Q does.
Warning: if the container was started without -it...
Remember: you can always detach by killing the Docker client
Use docker attach if you intend to send input to the container.
If you just want to see the output of a container, use docker logs.
$ docker logs --tail 1 --follow <containerID>
When a container has exited, it is in stopped state.
It can then be restarted with the start command.
$ docker start <yourContainerID>
The container will be restarted using the same options you launched it with.
You can re-attach to it if you want to interact with it:
$ docker attach <yourContainerID>
Use docker ps -a to identify the container ID of a previous jpetazzo/clock container, and try those commands.
Please complete the lab at the docker classroom.
An image is a collection of files + some meta data. (Technically: those files form the root filesystem of a container.)
Images are made of layers, conceptually stacked on top of each other.
Each layer can add, change, and remove files.
Images can share layers to optimize disk usage, transfer times, and memory use.
Let's give a couple of metaphors to illustrate those concepts.
Images are like templates or stencils that you can create containers from.
If an image is read-only, how do we change it?
There is a special empty image called scratch.
It allows to build from scratch.
The docker import command loads a tarball into Docker.
Note: you will probably never have to do this yourself.
We will explain both methods in a moment.
There are three namespaces:
Let's explain each of them.
The root namespace is for official images. They are put there by Docker Inc., but they are generally authored and maintained by third parties.
Those images include:
The user namespace holds images for Docker Hub users and organizations.
For example:
jpetazzo/clock
The Docker Hub user is:
jpetazzo
The image name is:
clock
This namespace holds images which are not hosted on Docker Hub, but on third party registries.
They contain the hostname (or IP address), and optionally the port, of the registry server.
For example:
localhost:5000/wordpres
Images can be stored:
You can use the Docker client to download (pull) or upload (push) images.
To be more accurate: you can use the Docker client to tell a Docker server to push and pull images to and from a registry.
Let's look at what images are on our host now.
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
fedora latest ddd5c9c1d0f2 3 days ago 204.7 MB
centos latest d0e7f81ca65c 3 days ago 196.6 MB
ubuntu latest 07c86167cdc4 4 days ago 188 MB
redis latest 4f5f397d4b7c 5 days ago 177.6 MB
postgres latest afe2b5e1859b 5 days ago 264.5 MB
alpine latest 70c557e50ed6 5 days ago 4.798 MB
debian latest f50f9524513f 6 days ago 125.1 MB
busybox latest 3240943c9ea3 3 days ago 1.114 MB
training/namer latest 902673acc741 2 weeks ago 289.3 MB
jpetazzo/clock latest 12068b93616f 9 months ago 2.433 MB
We cannot list all images on a remote registry, but we can search for a specific keyword:
$ docker search zookeeper
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
jplock/zookeeper Builds a docker image ... 103 [OK]
mesoscloud/zookeeper ZooKeeper 42 [OK]
springxd/zookeeper A Docker image that ca... 5 [OK]
elevy/zookeeper ZooKeeper configured t... 3 [OK]
There are two ways to download images.
$ docker pull debian:jessie
Pulling repository debian
b164861940b8: Download complete
b164861940b8: Pulling image (jessie) from debian
d1881793a057: Download complete
Don't specify tags:
Do specify tags:
Time permitting, you can complete these exercises in class or as homework.