Learning Docker

Table of Contents

Learning Docker

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Getting Started with Docker

An introduction to Docker

Docker on Linux

Differentiating between containerization and virtualization

The convergence of containerization and virtualization

Containerization technologies

Installing the Docker engine

Installing from the Ubuntu package repository

Installing the latest Docker using docker.io script

Understanding the Docker setup

Client server communication

Downloading the first Docker image

Running the first Docker container

Running a Docker container on Amazon Web Services

Troubleshooting

Summary

2. Handling Docker Containers

Clarifying the Docker terms

Docker images and containers

A Docker layer

A Docker container

Docker Registry

Docker Repository

Working with Docker images

Docker Hub Registry

Searching Docker images

Working with an interactive container

Tracking changes inside containers

Controlling Docker containers

Housekeeping containers

Building images from containers

Launching a container as a daemon

Summary

3. Building Images

Docker's integrated image building system

A quick overview of the Dockerfile's syntax

The Dockerfile build instructions

The FROM instruction

The MAINTAINER instruction

The COPY instruction

The ADD instruction

The ENV instruction

The USER instruction

The WORKDIR instruction

The VOLUME instruction

The EXPOSE instruction

The RUN instruction

The CMD instruction

The ENTRYPOINT instruction

The ONBUILD instruction

The .dockerignore file

A brief overview of the Docker image management

Best practices for writing Dockerfiles

Summary

4. Publishing Images

Understanding the Docker Hub

Pushing images to the Docker Hub

Automating the building process for images

Private repositories on the Docker Hub

Organizations and teams on the Docker Hub

The REST APIs for the Docker Hub

Summary

5. Running Your Private Docker Infrastructure

The Docker registry and index

Docker registry use cases

Run your own index and registry

Step 1 – Deployment of the index components and the registry from GitHub

Step 2 – Configuration of nginx with the Docker registry

Step 3 – Set up SSL on the web server for secure communication

Push the image to the newly created Docker registry

Summary

6. Running Services in a Container

A brief overview of container networking

Envisaging the Container as a Service

Building an HTTP server image

Running the HTTP server Image as a Service

Connecting to the HTTP service

Exposing container services

Publishing container ports – the -p option

Network Address Translation for containers

Retrieving the container port

Binding a container to a specific IP address

Auto-generating the Docker host port

Port binding using EXPOSE and the -P option

Summary

7. Sharing Data with Containers

The data volume

Sharing host data

The practicality of host data sharing

Sharing data between containers

Data-only containers

Mounting data volume from other containers

The practicality of data sharing between containers

Avoiding common pitfalls

Directory leaks

The undesirable effect of data volume

Summary

8. Orchestrating Containers

Linking containers

Orchestration of containers

Orchestrate containers using docker-compose

Installing docker-compose

The docker-compose.yml file

The docker-compose command

Common usage

Summary

9. Testing with Docker

A brief overview of the test-driven development

Testing your code inside Docker

Running the test inside a container

Using a Docker container as a runtime environment

Integrating Docker testing into Jenkins

Preparing the Jenkins environment

Automating the Docker testing process

Summary

10. Debugging Containers

Process level isolation for Docker containers

Control groups

Debugging a containerized application

The Docker exec command

The Docker ps command

The Docker top command

The Docker stats command

The Docker events command

The Docker logs command

Installing and using nsenter

Summary

11. Securing Docker Containers

Are Docker containers secure enough?

The security facets – virtual machines versus Docker containers

The security features of containers

Resource isolation

Resource accounting and control

The root privilege – impacts and best practices

The trusted user control

Non-root containers

Loading the Docker images and the security implications

The emerging security approaches

Security-Enhanced Linux for container security

SELinux-inspired benefits

The best practices for container security

Digital signature verification

Secure deployment guidelines for Docker

The future

Summary

Index

Learning Docker

Learning Docker

Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: June 2015

Production reference: 1240615

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78439-793-7

www.packtpub.com

Credits

Authors

Pethuru Raj

Jeeva S. Chelladhurai

Vinod Singh

Reviewers

Shashikant Bangera

Sergei Vizel

Baohua Yang

Commissioning Editor

Sarah Crofton

Acquisition Editor

Larissa Pinto

Content Development Editor

Kirti Patil

Technical Editors

Dhiraj Chandanshive

Narsimha Pai

Copy Editors

Vikrant Phadke

Rashmi Sawant

Trishla Singh

Project Coordinator

Nidhi Joshi

Proofreader

Safis Editing

Indexer

Hemangini Bari

Graphics

Sheetal Aute

Production Coordinator

Nitesh Thakur

Cover Work

Nitesh Thakur

About the Authors

Pethuru Raj, PhD, works as a cloud architect at the IBM Global Cloud Center of Excellence (CoE) in Bangalore, India. He completed his CSIR-sponsored PhD degree at Anna University, Chennai, and continued his UGC-sponsored postdoctoral research at the Department of Computer Science and Automation of IISc, Bangalore. Thereafter, he was granted a couple of international research fellowships (JSPS and JST) to work as a research scientist for 3 years at two leading Japanese universities.

Pethuru has contributed to a number of high-quality technology books that are edited by internationally acclaimed professionals. In association with another IBMer, he has recently submitted the complete manuscript for a book called Smart Cities: the Enabling Technologies and Tools, to be published by the CRC Press in the USA in May 2015. He has collaborated with a few established authors to publish a book called High-Performance Big Data Analytics, which will be published by Springer-Verlag, UK, in 2015. He maintains an IT portal at http://www.peterindia.net, and his LinkedIn profile can be found at https://www.linkedin.com/in/peterindia.

Jeeva S. Chelladhurai has been working as a technical project manager at the IBM Global Cloud Center of Excellence (CoE) in India for the last 8 years. He has more than 18 years of experience in the IT industry. In various capacities, he has technically managed and mentored diverse teams across the globe in envisaging and building pioneering telecommunication products. He specializes in cloud solution delivery, with a focus on data center optimization, software-defined environments (SDEs), and distributed application development, deployment, and delivery using the newest Docker technology. Jeeva is also a strong proponent of Agile methodologies, DevOps, and IT automation. He holds a master's degree in computer science from Manonmaniam Sundaranar University and a graduation certificate in project management from Boston University. He has been instrumental in crafting reusable assets for IBM solution architects and consultants in Docker-inspired containerization technology.

Vinod Singh is a lead architect for IBM's cloud computing offerings. He has more than 18 years of experience in the cloud computing, networking, and data communication domains. Currently, he works for IBM's cloud application services and partner marketplace offerings. Vinod has worked on architecting, deploying, and running IBM's PaaS offering (BlueMix) on the SoftLayer infrastructure cloud. He also provides consultancy and advisory services to clients across the globe on the adoption of cloud technologies. He is currently focusing on various applications and services on the IBM Marketplace/BlueMix/SoftLayer platform. He is a graduate engineer from the National Institute of Technology, Jaipur, and completed his master's degree at BITS, Pilani.

About the Reviewers

Shashikant Bangera is a DevOps architect with 16 years of IT experience. He has vast exposure to DevOps tools across the platform, with core expertise in open source. He has helped his customers adopt DevOps practice and implemented Enterprise DevOps for them and has also contributed to many open sources platforms, such as DevOps Publication. He has designed an automated on-demand environment with a set of open source tools and also an environment booking tool, which is available on GitHuB. His Twitter handle is @shzshi.

Sergei Vizel is a senior software engineer at Modera (modera.org). He is a full-stack web application developer with more than 10 years of impressive experience. He is a firm believer of the value and power of open source software and contributes to projects on GitHub. Sergei has published numerous pieces of open source code of his own. You can learn more about him and contact him on GitHub via https://github.com/cravler.

Baohua Yang is a research scientist on cloud-computing-related technologies at IBM. He is a contributor to many open source communities such as OpenStack, OpenvSwitch, Docker, and OpenDaylight. He is also a TPC member and a reviewer of a number of international conferences and journals.

Baohua's interests mainly include system and application architecture, performance optimization, and security issues in cloud networking and distributed systems, especially in emerging technologies such as cloud computing, SDN, and NFV. He has written many technical books and articles to introduce and analyze these techniques. He loves open source technologies and enjoys designing and implementing efficient systems with elegant architecture.

www.PacktPub.com

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

Preface

We have been fiddling with virtualization techniques and tools for quite a long time now in order to establish the much-demanded software portability. The inhibiting dependency factor between software and hardware needs to be decimated by leveraging virtualization, a kind of beneficial abstraction, through an additional layer of indirection. The idea is to run any software on any hardware. This is achieved by creating multiple virtual machines (VMs) out of a single physical server, with each VM having its own operating system (OS). Through this isolation, which is enacted through automated tools and controlled resource sharing, heterogeneous applications are accommodated in a physical machine.

With virtualization, IT infrastructures become open, programmable, remotely monitorable, manageable, and maintainable. Business workloads can be hosted in appropriately-sized virtual machines and delivered to the outside world, ensuring broader and more frequent utilization. On the other hand, for high-performance applications, virtual machines across multiple physical machines can be readily identified and rapidly combined to guarantee any kind of high-performance requirement.

The virtualization paradigm has its own drawbacks. Because of the verbosity and bloatedness (every VM carries its own operating system), VM provisioning typically takes a while, the performance goes down due to excessive usage of computational resources, and so on. Furthermore, the growing need for portability is not fully met by virtualization. Hypervisor software from different vendors comes in the way of ensuring application portability. Differences in the OS and application distributions, versions, editions, and patches hinder smooth portability. Computer virtualization has flourished, whereas the other, closely associated concepts of network and storage virtualization are just taking off. Building distributed applications through VM interactions invites and involves some practical difficulties.

Let's move on to containerization. All of these barriers contribute to the unprecedented success of the idea of containerization. A container generally contains an application, and all of the application's libraries, binaries, and other dependencies are stuffed together to be presented as a comprehensive, yet compact, entity for the outside world. Containers are exceptionally lightweight, highly portable, easily and quickly provisionable, and so on. Docker containers achieve native system performance. The greatly articulated DevOps goal gets fully fulfilled through application containers. As best practice, it is recommended that every container hosts one application or service.

The popular Docker containerization platform has come up with an enabling engine to simplify and accelerate the life cycle management of containers. There are industry-strength and openly automated tools made freely available to facilitate the needs of container networking and orchestration. Therefore , producing and sustaining business-critical distributed applications is becoming easy. Business workloads are methodically containerized to be easily taken to cloud environments, and they are exposed for container crafters and composers to bring forth cloud-based software solutions and services. Precisely speaking, containers are turning out to be the most featured, favored, and fine-tuned runtime environment for IT and business services.

This book is meticulously designed and developed in order to empower developers, cloud architects, business managers, and strategists with all the right and relevant information on the Docker platform and its capacity to power up mission-critical, composite, and distributed applications across industry verticals.

What this book covers

Chapter 1, Getting Started with Docker, talks about the Docker platform and how it simplifies and speeds up the process of realizing containerized workloads to be readily deployed and run on a variety of platforms. This chapter also has step-by-step details on installing the Docker engine, downloading a Docker image from the centralized Docker Hub, creating a Docker container out of that image, and troubleshooting the Docker container.

Chapter 2, Handling Docker Containers, is primarily meant to expound the commands required to manage Docker images and containers. This chapter provides the basic Docker terminologies needed to understand the output of Docker commands. Other details covered here include starting an interactive session inside a container, managing your images, running containers, and tracking changes inside containers.

Chapter 3, Building Images, introduces Docker's integrated image building system. The other important topics covered in this chapter include a quick overview of a Dockerfile's syntax and a bit of theory on how Docker stores images.

Chapter 4, Publishing Images, focuses on publishing images on the centralized Docker Hub and how to get the most out of the Docker Hub. The other important contents in the chapter include greater details about the Docker Hub, how to push images to the Docker Hub, the automatic building of images, creating organizations on Docker Hub, and finally private repositories.

Chapter 5, Running Your Private Docker Infrastructure, explains how corporates can set up their own private repositories. Due to certain reasons, corporates may not want to host specific Docker images in publicly-available image repositories, such as the Docker Hub. Here, the need for their own private repository to keep up those images arises. This chapter has all of the information required to set up and sustain private repositories.

Chapter 6, Running Services in a Container, illustrates how a web application can be run inside a Docker container as a service, and how to expose the service for the outside world to find and access it. How the appropriate Dockerfile gets developed to simplify this task is also described in detail.

Chapter 7, Sharing Data with Containers, shows you how to use Docker's volumes feature to share data between the Docker host and its containers. The other topics covered here are how to share data between containers, the common use cases, and the typical pitfalls to avoid.

Chapter 8, Orchestrating Containers, focuses on orchestrating multiple containers towards composite, containerized workloads. It is a well-known truth that orchestration plays a major role in producing composite applications. This chapter includes some information about orchestration and the toolset made available for enabling the process of orchestration. Finally, you will find a well-orchestrated example of how containers can be orchestrated to bring forth highly reusable and business-aware containers.

Chapter 9, Testing with Docker, focuses on testing your code inside Docker images. In this chapter, you find out how to run the tests inside an ad hoc Docker image. Finally, you come across details of how to integrate Docker testing into a continuous integration server, such as Jenkins.

Chapter 10, Debugging Containers, teaches you how to debug applications running inside containers. Also, the details regarding how Docker ensures that processes running inside containers are isolated from the outside world are covered. Furthermore, descriptions of the usage of the nsenter and nsinit tools for effective debugging are included.

Chapter 11, Securing Docker Containers, is crafted to explain the brewing security and privacy challenges and concerns, and how they are addressed through the liberal usage of competent standards, technologies, and tools. This chapter inscribes the mechanism on dropping user privileges inside an image. There is also a brief introduction on how the security capabilities introduced in SELinux come in handy when securing Docker containers.

What you need for this book

The Docker platform requires a 64-bit hardware system to run on. Docker applications have been developed on Ubuntu 14.04 for this book, but this does not mean that the Docker platform cannot run on other Linux distributions, such as Redhat, CentOS, CoreOS, and so