Day 1

Monolithic Service & Micro Service

Server Provisioning :

1) VM based Provisioning : Hardware based Virtualization

A hypervisor is a kind of emulator; it is

computer software, firmware or hardware
that creates and runs virtual machines. A
computer on which a hypervisor runs one or
OS1
more virtual machines is called a host
machine, and each virtual machine is called
ABC OS2 OS3 a guest machine.

Hypervisor

When we run multiple application in one machine is called Monolithic. All application using common Library.
Any update in OS & library file get update. Updated Library file may not be compatible with one application. So,
we were distributing application across different machine.( One application, One machine)

If there are 100 requirement then we have to setup 100 machines resources (1G RAM, 1 CPU , 10 GB HDD)
2) Container based Provisioning ( OS based virtualization): Isolate application in OS or isolate application file.
Earlier we were giving 10 OS for 10 application . All container will have separate Library file , Ip, port. With this we will
save lots of cost. As it will save VM costing.

If OS gets down, then Kubernetes will migrate whole cluster to new location. ( managing number of dockers via
Kubernetes)

A B C D

OS
Docker : Docker is community name which provides container solution. Container solution given by many companies.
Everyone is using container of Docker community. ( Like Linux is being used of Redhat in many companies)

Container : It is an micro machine which isolates application binary/library in OS. Or we can run multiple application
inside the same OS without any conflict. Container only contain SW dependencies.If we need updated file then we will
update container.
There are many containers available Rocket , Drawbridge or LXD
Advantage :
1) LOW HW Footprint
2) Environment isolation ; On a single machine 4 teams are working with separate environment
3) Quick deployment : On Single click one can create deploy application .
4) Multiple environment deployment
5) Reusability :
( Containers not impacting performance of application)

Host can run many containers depends upon CPU & memory utilization of base machine.
If we haven’t defined CPU , memory while creating application then container will use based on requirement.
Day 2
Docker Architecture :

Docker host : Machine where container is being run. It can be any OS linux/windows. In most of the cases
docker host is Linux based. Container are portable & can be run on any OS. It can be run on any HW , Cloud based .
CPU, memory depends on how many application we want to run & CPU/Utilization of those application. Container is a
process & we can launch n number of container. Container works on thin provision . If we haven’t define allocation
then each container can use memory/CPU as per their requirement

Docker is open community. We 2 have docker edition . One is CE ( community edition) & EE ( enterprise edition , u got
support from docker community). Redhat also provided enterprise edition. Commands are same for both edition,
Redhat is providing complete solution i.e docker + orchestrtation & is called open shift. In RHEL 7 , docker is termed
as atomic host in RHEL-8 it is called podman. IN redhat we can install containerization technology from Redhat or
Docker.
Docker image : Every container is launched via image. Without Image we can't run container. Image is lightweight
package which contains required file to run application.

OS contains kernel, file system,, Binary. Image is a micro-Image.

Who provides Image

1) Community Image ( Ready to use)

Docker Community
Redhat Community
Google community
Every community gives open source and enterprise images ( More secure )

2) Custom Own images

You want to make your own images or if images are not available in community

Docker registry server : Community uploads images on some servers. These all called Docker registry server/
Docker : docker.hub/docker.io
Redhat : registry.access.redhat.com/registry.redhat.io/quay.io
These are public registry server or community based registry
Private registry server : If we need for specific purpose

Container : Running mode of docker image. Every container will have IP , Process, file system , Virtual NIC card.
These things are also called namespace. One container can have lot of namespaces.

Cgroup : It restricts namespace usage. ( Memory, CPU ). It is linux feature. Configuration at back end is done by C
group.
Amazon EC2 ( Elastic Compute Cloud )

One will have to create AWS account ( Optional)

Public key gets

automatically downloaded
to instance

Public Key

AWS Instance

Private Key

User downloads public key

Day 3
Linux commands

root@dockerhost:~# ls -ltr
total 8
drwxr-xr-x 4 root root 4096 Sep 6 10:44 snap
-rw-r--r-- 1 root root 23 Sep 12 17:26 abc

root@dockerhost:~# man ls ( Help Command)

root@dockerhost:~# cd snap ( Change Directory)

root@dockerhost:~/snap# cat > xyz ( Create a file )

root@dockerhost:~# cat >> xyz ( append a file)

root@dockerhost:~# vim xyz ( create/modify a file)

root@dockerhost:~# ifconfig ( To check ip address)

root@dockerhost:~# ip address show

root@dockerhost:~# curl ifconfig.me ( To verify NAT)

root@dockerhost:~# cat /proc/$$/cmdline ( To verify current shell)

root@dockerhost:~# touch <file name> ( Create file)

root@dockerhost:~# cat <filename> | grep -i root

root@dockerhost:~# ps –ef ( To check running process in machine)

root@dockerhost:~# top ( To check utilization of each process)

root@dockerhost:~# df –kh ( Disk space Utilization)

Basic Commands :

Image ( only required files not full os ) , Registry server

Community Images :

Registry server : Mosttly used community registery server : https://hub.docker.com/search?type=image

First Install docker & then check status of docker

root@ip-172-31-16-240:~# systemctl status docker

● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset>
Active: active (running) since Tue 2021-08-31 09:16:25 UTC; 1min 2s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 2646 (dockerd)
Tasks: 9
Memory: 46.2M
CGroup: /system.slice/docker.service
└─2646 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/cont>

root@ip-172-31-16-240:~# docker search nginx

NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 15390 [OK] ( Build & Uploaded by Docker community) ( Looks into docker.io or docker hub)
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2061 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 816 [OK] ( By thirdparty )
jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 238
linuxserver/nginx An Nginx container, brought to you by LinuxS… 152
tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 140 [OK]
jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 135 [OK]
root@ip-172-31-16-240:~# docker search registry.access.redhat.com/nginx ( Path of redhat registry server)
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
rhscl/nginx-112-rhel7 Nginx is a web server and a reverse proxy se… 0
ubi8/nginx-118 Platform for running nginx 1.18 or building … 0
ubi8/nginx-118 Platform for running nginx 1.18 or building … 0
rhscl/nginx-18-rhel7 Nginx 1.8 server and a reverse proxy server 0
rhscl/nginx-110-rhel7 Nginx container image that delivers an nginx… 0
rhscl/nginx-16-rhel7 Nginx 1.6 server and a reverse proxy server 0
rhscl/nginx-114-rhel7 Nginx is a web server and a reverse proxy se… 0
ubi7/nginx-118 Platform for running nginx 1.18 or building … 0
3scale-amp23/apicast-gateway 3scale's API gateway (APIcast) is an OpenRe… 0
3scale-amp20/apicast-gateway 3scale's API gateway (APIcast) is an OpenRes… 0
rhamp10/apicast-gateway 3scale's API gateway (APIcast) is an OpenRes… 0
3scale-amp20-beta/apicast-gateway 3scale's API gateway (APIcast) is an OpenRes… 0
3scale-amp25/apicast-gateway 3scale's API gateway (APIcast) is an OpenRes… 0
3scale-amp21/apicast-gateway 3scale AMP image used for API gateway 0
3scale-amp24/apicast-gateway No description

Image can be pulled from any registry server

Docker images can be pulled from any registry server)
On docker we can install redhat images
On redhat we can install docker images

root@ip-172-31-16-240:~# docker pull nginx ( if we don’t specify any path then it will go to docker.io and will pull official image)
Using default tag: latest
latest: Pulling from library/nginx
e1acddbe380c: Pull complete
e21006f71c6f: Pull complete
f3341cc17e58: Pull complete
2a53fa598ee2: Pull complete
12455f71a9b5: Pull complete
root@ip-172-31-16-240:~# docker pull nginx:1.18 ( One can specify version to be installed) ( One can search for version in docker .io & it will give the command as well)
1.18: Pulling from library/nginx
f7ec5a41d630: Pull complete
0b20d28b5eb3: Pull complete
1576642c9776: Pull complete
c12a848bad84: Pull complete
03f221d9cf00: Pull complete

If we want to make container then first, we will have to being images onto docker host

root@ip-172-31-16-240:~# docker images ( Shows images installed on docker host)

REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest dd34e67e3371 13 days ago 133MB ( docker.io) (every version has unique image id , everyone will have same id of the image, whenerver images gets
committed then imaged id is created , this is used for versioning)
nginx 1.18 c2c45d506085 4 months ago 133MB ( Only changes gets installed in the updated version , it will not download whole image, only delta
will be added)
hello-world latest d1165f221234 5 months ago 13.3kB

root@ip-172-31-16-240:~# docker rmi dd34e67e3371 ( To remove the image)

Untagged: nginx:latest

root@ip-172-31-16-240:~# docker ps ( To show how many containers are running)

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
( By pulling the image we have just downloaded files however images are not in running mode )
root@ip-172-31-16-240:~# docker search registry.access.redhat.com/httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server 0
rhmap45/httpd Provides an extension to the RHSCL Httpd ima… 0
cloudforms46-beta/cfme-openshift-httpd CloudForms is a management and automation pl… 0
rhmap44/httpd Provides an extension to the RHSCL Httpd Doc… 0
cloudforms46/cfme-openshift-httpd Web Server image for a multi-pod Red Hat® Cl… 0
rhmap42/httpd Provides an extension to the RHSCL Httpd Doc… 0
rhmap47/httpd Provides an extension to the RHSCL Httpd ima… 0
root@ip-172-31-16-240:~# docker pull registry.access.redhat.com/rhscl/httpd-24-rhel7 ( sepcify the path if to be downloaded from redhat)
Using default tag: latest

oot@ip-172-31-16-240:~# docker info | grep -i root ( Root directory of docker)

WARNING: No swap limit support
Docker Root Dir: /var/lib/docker

root@ip-172-31-16-240:~# df -TH /
Filesystem Type Size Used Avail Use% Mounted on
/dev/root ext4 8.3G 3.3G 5.0G 40% /

root@ip-172-31-16-240:~# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.20 61dd30d467c2 13 days ago 133MB ( Ready to use image)
mysql 5.6 7f8929383df0 13 days ago 303MB
mysql 5.7 6c20ffa54f86 13 days ago 448MB
registry.access.redhat.com/rhscl/httpd-24-rhel7 latest 5069275de3db 4 weeks ago 314MB
hello-world latest d1165f221234 5 months ago 13.3kB
centos latest 300e315adb2f 8 months ago 209MB ( minor layer of OS , it is not full OS, only base command can be run, OS compatibility)

( ready to use image/raw image)

Running a container :

root@ip-172-31-16-240:~# docker run -it --name=test1 nginx:1.20 ( I. Interactive , T : Terminal , Mostly used in raw images)
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh

you are inside container now

root@ip-172-31-16-240:~# docker ps
root@ip-172-31-16-240:~# docker top test1
UID PID PPID C STIME TTY TIME CMD
root 4733 4712 0 10:45 pts/0 00:00:00 nginx: master process nginx -g daemon off;
systemd+ 4793 4733 0 10:45 pts/0 00:00:00 nginx: worker process

root@ip-172-31-16-240:~# docker ps –a ( Also shows exited container)

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4a4f7edacaf6 centos "/bin/bash" About a minute ago Exited (0) About a minute ago test2 ( exit commands kills shell )
f714252a9ffe centos "--name=test2" 3 minutes ago Created quirky_haslett
a77a948cb908 nginx:1.20 "/docker-entrypoint.…" 8 minutes ago Exited (0) 3 minutes ago test1
1ad0b2bedc7a hello-world "/hello" 2 hours ago Exited (0) 2 hours ago magical_gates

root@ip-172-31-16-240:~# docker start test2

test2

root@ip-172-31-16-240:~# ps –ef
root@ip-172-31-16-240:~# docker top test2 (check PPID in base m/c)
root@ip-172-31-16-240:~# docker attach test2 ( attach will work if container containes /bin/bash shell, if any container is not having then /bin/bash then we cant
attach,you can check if top is showing /bin/bash)
[root@4a4f7edacaf6 /]#

Crtl P+Q to come out of container without killing container

root@ip-172-31-16-240:~# docker exec -it test2 ls /root

anaconda-ks.cfg anaconda-post.log original-ks.cfg

root@ip-172-31-16-240:~# docker exec -it test2 /bin/bash

[root@4a4f7edacaf6 /]#

root@ip-172-31-16-240:~# docker top test2 ( Now you will find 2 shells are running, earlier shell was getting exited/killed)

root@ip-172-31-16-240:~# docker stop test2

test2

root@ip-172-31-16-240:~# docker rm test2

test2

Difference between rm & rmi

Difference between run & exec ( exec works only if container is running)

root@ip-172-31-16-240:~# docker run -it --name=test4 --restart always centos ( Works even after restarting docker host)

docker run -d --name=test5 nginx ( used in case of service images)

Unable to find image 'nginx:latest' locally
root@ip-172-31-16-240:~# docker exec -it test5 /bin/bash
root@ip-172-31-16-240:~# docker inspect test4 | grep -i ipadd
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",

(/use/share/nginx/html echo “Hello Mates” > Index.html

Curl <docker ip>

root@ip-172-31-16-240:~# docker stats test4 ( Shows memory CPU . Mempry)

Day 4
Docker Memory & Utilization :

If we don’t allocate any memory or cpu while running container then by default it will use whatever required.

root@dockerhost:~# docker stats Test1

Above command gives us the view of CPU & memory being used by container.

CPU & memory to be defined at the time of creation of container.

root@dockerhost:~# docker run -d --name=test2 --memory=100M --cpus=0.5 nginx

root@dockerhost:~# cat /proc/cpuinfo ( Gives CPU info of m/c)

root@dockerhost:~# cat /proc/meminfo ( Gives memory info of m/c)

By default container size is 0KB
It opens image in memory and starts reading same.

root@dockerhost:~# docker system df

Size will be approx 0 because container is reading from file system in docker host.

root@dockerhost:~# ls -ld /var/lib/docker

drwx--x--x 13 root root 4096 Sep 13 11:57 /var/lib/docker

Container use file system from /var/lib/docker

If you will write in docker then it will occupy file system from above path.
Container Logs :

How to check if container is unable to start due to some reason

root@dockerhost:~# docker logs <container name>

root@dockerhost:~# docker run -d --name=sql1 mysql

root@dockerhost:~# docker logs mysql

2021-09-15 19:23:14+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.26-1debian10 started.
2021-09-15 19:23:14+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2021-09-15 19:23:14+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.26-1debian10 started.
2021-09-15 19:23:14+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
You need to specify one of the following:
- MYSQL_ROOT_PASSWORD
- MYSQL_ALLOW_EMPTY_PASSWORD
- MYSQL_RANDOM_ROOT_PASSWORD

root@dockerhost:~# docker run -d --name=mysql -e MYSQL_ROOT_PASSWORD=ubuntu mysql

(-e : Extra Variable)
It is responsibility of developer to provide logging or release notes. Documentation is available on registry server
( go to docker hub & look for documentation)
Docker Images :

If we want to build any image then we need to have base images

By default images are in read only mode

To read file system of any image we will have to run container

Any changes in the container will not directly impact the container

Storage
Image Container
namespace
Every container has its own writing layer else every application with that container will be impacted

root@dockerhost:~# docker commit <container name> <new image name>

1) Base Image
2) Run image
3) Make changes in image as required
4) Logout
5) Commit changes
root@dockerhost:/var/lib/docker# docker info | grep -i storage
Storage Driver: overlay2

One can read the file in image without running it if someone has knowledge of overlay

root@dockerhost:~# cd /var/lib/docker/overlay2/
Go inside image & diff folder

Every image has its own writing layer

Wrong practice if you update insidefile

root@dockerhost# docker inspect base1 | grep diff

"LowerDir":
"/var/lib/docker/overlay2/49058cffdbc75bc3be960a1482033f8208e768dd25255c4fe48181008fc5a032-init/diff:/
var/lib/docker/overlay2/da526189ebc0bef7ffc401c912b36cc2a4c2d21978ee255bfee4c71f73ee8c6b/diff",
"UpperDir":
"/var/lib/docker/overlay2/49058cffdbc75bc3be960a1482033f8208e768dd25255c4fe48181008fc5a032/diff",
Docker Network

How the container communicates

1) 2 container should communicate with each other

Container by default use bridge network

During installation docket creates one bridge network
Bridge network provide unique IP address to each container
It isolates container network from docker hostnetwork

2) Container want to go outside docker host

3) External user want to connect your container ( port forwarding)

1 & 2 is by default true

We have single host docker network

root@dockerhost:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
53330d69e23d bridge bridge local
7cde5ae99833 host host local
1dfbc137f1a0 none null local

All container by default associate with bridge n/w/ It is SDN

root@dockerhost:~# docker network inspect bridge | grep -i subnet

"Subnet": "172.17.0.0/16",

[root@cf4bf3493c84 /]# route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
If bridge n/w is not there then all container will use
dockerhost eth0, if any container has used port 22 ,
80 or any other port then other container will not
be able to use same port
L2 Bridge N/W
Docker gateway,
docker0
Docker host eth0
How to setup custom bridge n/w

root@dockerhost:~# docker network create --subnet 192.168.10.0/24 --driver bridge frontend

64ba380c8dc11ce6ab93a1593a09e0122ba9b5c60c2b264cf137a3cdddb7f934

root@dockerhost:~# docker network ls

NETWORK ID NAME DRIVER SCOPE
53330d69e23d bridge bridge local
64ba380c8dc1 frontend bridge local
7cde5ae99833 host host local
1dfbc137f1a0 none null local

root@dockerhost:~# docker network connect bridge con1 ( Con1 will be part of 2 network now)

root@dockerhost:~# docker inspect con1 | grep -i network

"NetworkMode": "frontend",
"NetworkSettings": {
"Networks": {
"NetworkID": "53330d69e23d0c1740e47602d42e357c5a592f002441dfe72af9108d21c951d8",
"NetworkID": "64ba380c8dc11ce6ab93a1593a09e0122ba9b5c60c2b264cf137a3cdddb7f934",
root@dockerhost:~#

root@dockerhost:~# docker inspect network frontend | grep -i name

"Name": "frontend",
"Name": "con1",
root@dockerhost:~# docker inspect network bridge | grep -i name
"Name": "bridge",
"Name": "con1",
"Name": "con2",
"com.docker.network.bridge.name": "docker0",
Error: No such object: network
root@dockerhost:~# docker network disconnect bridge con1

root@dockerhost:~# docker run -it --name=webx --network frontend --ip=192.168.10.11 centos

[root@4fafb78962d6 /]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
45: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:0a:0b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.10.11/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
External user want to connect ( Port forwarding)

Private IP , not reachable from outside

Port : 80 Container

Port : 8080 eth0

User Trying access

Docker hostip:8080
root@dockerhost:~# docker run -d -p 8080:80 --name=web1 nginx ( Service port vary based on application)
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a330b6cecb98: Pull complete
e0ad2c0621bc: Pull complete
9e56c3e0e6b7: Pull complete
09f31c94adc6: Pull complete
32b26e9cdb83: Pull complete
20ab512bbb07: Pull complete
Digest: sha256:853b221d3341add7aaadf5f81dd088ea943ab9c918766e295321294b035f3f3e
Status: Downloaded newer image for nginx:latest
1afb4176624735e8c7e8278bf62f761182ac882989ec37d689106d71a97d6b30
root@dockerhost:~# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 27876/docker-proxy
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 378/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 590/sshd: /usr/sbin
tcp6 0 0 :::8080 :::* LISTEN 27881/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 590/sshd: /usr/sbin
root@dockerhost:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1afb41766247 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, :::8080->80/tcp web1
root@dockerhost:~# curl ifconfig.me
3.138.196.213root@dockerhost:~#

Type hostIP:8080
root@dockerhost:~# curl 3.138.196.213:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
[root@440d357f39f7 /]# yum install openssh-server –y

[root@440d357f39f7 /]# /usr/sbin/sshd

Unable to load host key: /etc/ssh/ssh_host_rsa_key
Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[root@440d357f39f7 /]# ssh-keygen -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
[root@440d357f39f7 /]# ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key
[root@440d357f39f7 /]# ssh-keygen –f /etc/ssh/ssh_host_ed25519_key

Useradd mani

Yum install passwd

Passwd mani
Day 5
Dynamic port Forwarding :

Any free port of docker host will be bind to container port ( -P)
If container is restarted, then host port may change .
So we do not use Dynamic forwarding or temporarily used.

root@dockerhost:~# docker run -d -P --name=con6 nginx

272b38ed013e83183c5f161c33ccd754733168aa9a0ec689a25409818a1740eb
root@dockerhost:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
272b38ed013e nginx "/docker-entrypoint.…" 10 seconds ago Up 10 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp con6
932db7a81007 nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp con4
d827b6ddd0b7 mysql "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 3306/tcp, 33060/tcp con2
b51efca23d5d nginx "/docker-entrypoint.…" 40 minutes ago Up 40 minutes 80/tcp con1

root@dockerhost:~# docker stop con6

con6
root@dockerhost:~# docker start con6
con6
root@dockerhost:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
272b38ed013e nginx "/docker-entrypoint.…" 2 minutes ago Up 4 seconds 0.0.0.0:49154->80/tcp, :::49154->80/tcp con6 (port changed)

If there are multiple NIC card & we need to bind container with particular NIC card
root@dockerhost:~# docker run -d -p 172.31.25.38:8080:80 --name=web12 nginx
35462e9062993d1c2c3fa9aefd6aca056f6bd9049881c1fbdb1f117532cf9a15
Sometime there is requirement that container are part of host network and not using bridge network
If one has used one type of network with host network, then u can't run another container of same type and
cant get isolated environment specifically network card.
If we have only host n/w & not bridge n/w then we will not be able to get isolated environment
We do not need port forwarding for such type of containers

Private IP , not reachable Private IP , not reachable

from outside from outside

Port : Contain Port : Container

80 er 80
N/w card directly engage with host . No
Bridge need of Port forwarding.

eth0 eth0
Port :
8080

User Trying User Trying

access Docker access Docker
hostip:8080 hostip
root@dockerhost:~# docker run -it --name=con1 --network host centos

root@dockerhost:~# netstat -tnlp | grep -w 80

root@dockerhost:~# docker run -d --name=con6 --network=host nginx
1c3f980bf48566e9dbdbb682a8975c2d42a6106cb2ea5ee72d60a4dc20274e91
root@dockerhost:~# netstat -tnlp | grep -w 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 67936/nginx: master
tcp6 0 0 :::80 :::* LISTEN 67936/nginx: master
root@dockerhost:~# docker run -d --name=con7 --network=host nginx
9ccfd0090e0b0257a52478b2993c8b48e0a7f19edacecdd01156a94478405608
root@dockerhost:~# netstat -tnlp | grep -w 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 67936/nginx: master
tcp6 0 0 :::80 :::* LISTEN 67936/nginx: master
root@dockerhost:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c3f980bf485 nginx "/docker-entrypoint.…" 50 seconds ago Up 50 seconds con6
b1302f6fbd03 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp con5
root@dockerhost:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ccfd0090e0b nginx "/docker-entrypoint.…" 26 seconds ago Exited (1) 23 seconds ago con7
1c3f980bf485 nginx "/docker-entrypoint.…" 55 seconds ago Up 55 seconds con6
b1302f6fbd03 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp con5
7d67ad5b5b36 centos "/bin/bash" 5 minutes ago Exited (127) 2 minutes ago con1
root@dockerhost:~# curl 172.31.25.38 ( docker host ip)
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
root@dockerhost:~# docker run -it --name=con1 --network none centos
[root@c5a0d5753ea8 /]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever

Some time we want to run container for testing and do not generate any traffic then we define network as none
Docker volume:

Volume : Storage with filesystem

Where the data of container gets stored

If space gets full then what is solution
If any container lost and If made any changes then and then how will we retive container

How we map external volume for container

root@dockerhost:~# docker info | grep -i root

Docker Root Dir: /var/lib/docker ( one can map disk in /var file system)

How to change docker root dir

Map a disk in cloud :

Check availability zone of EC instance and disk has to be mapped with same availability zone

Now go to Elastic Block Store >> Volumes

Add Tag
Now map this disk to instance
root@dockerhost:~# lsblk ( list information about all available block devices , It reads mounted and unmounted file system, df reads only mounted file system , df reports
file system disk space usage)
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 33.3M 1 loop /snap/amazon-ssm-agent/3552
loop1 7:1 0 25M 1 loop /snap/amazon-ssm-agent/4046
loop2 7:2 0 55.4M 1 loop /snap/core18/2128
loop3 7:3 0 55.5M 1 loop /snap/core18/1997
loop4 7:4 0 32.3M 1 loop /snap/snapd/13170
loop5 7:5 0 70.3M 1 loop /snap/lxd/21029
loop7 7:7 0 32.3M 1 loop /snap/snapd/12883
loop8 7:8 0 61.8M 1 loop /snap/core20/1081
loop9 7:9 0 67.3M 1 loop /snap/lxd/21545
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdf 202:80 0 5G 0 disk

root@dockerhost:~# lsblk –f (info containing file system info)

NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
loop0 squashfs 0 100% /snap/amazon-ssm-agent/3552
loop1 squashfs 0 100% /snap/amazon-ssm-agent/4046
loop2 squashfs 0 100% /snap/core18/2128
loop3 squashfs 0 100% /snap/core18/1997
loop4 squashfs 0 100% /snap/snapd/13170
loop5 squashfs 0 100% /snap/lxd/21029
loop7 squashfs 0 100% /snap/snapd/12883
loop8 squashfs 0 100% /snap/core20/1081
loop9 squashfs 0 100% /snap/lxd/21545
xvda
└─xvda1 ext4 cloudimg-rootfs e8070c31-bfee-4314-a151-d1332dc23486 3.3G 57% /
xvdf
root@dockerhost:~# mkfs.xfs /dev/xvdf (formatting disk) ( make file system)
meta-data=/dev/xvdf isize=512 agcount=4, agsize=327680 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=1310720, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0

root@dockerhost:~# mkdir /docker

root@dockerhost:/docker# mount /dev/xvdf /docker ( Mount file system)

root@dockerhost:~# cd /usr/lib/systemd/system ( where all daemon file are stored)

root@dockerhost:~# vi /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -g /docker -H fd:// --containerd=/run/containerd/containerd.sock ( red high lighted is new file system ) ( type in google to change docker file
system)

root@dockerhost:~# systemctl daemon-reload

root@dockerhost:~# systemctl stop docker

root@dockerhost:~# systemctl start docker

Now pull any image it will be stored in /docker , check overlay dir
 Server 1 – 100 GB External Disk

OS User data

If Serevr1 OS gets correupted then user data will also be lost if OS & data are on same server

Similarly, if we make any changes in container those will be lost if container base image is corrupted or lost

Create 5 gb harddisk, Attach , format & mount

root@dockerhost:~# mkdir /volume

root@dockerhost:~# mount /dev/xvdg /volume
root@dockerhost:~# docker run -d --name=con1 -v /volume:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=mysql1 mysql
95f8b0243426d5eb5a8f1b02b340c964053b80a41b16ae49eafc69a459f7f553

:/var/lib/mysql is root of mysql

root@dockerhost:~# docker exec -it con1 /bin/bash

root@95f8b0243426:/# mysql -u root -p

Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database data1

-> ;
Query OK, 1 row affected (0.01 sec)

mysql> create database data2;

Query OK, 1 row affected (0.00 sec)

mysql> create database data3;

Query OK, 1 row affected (0.00 sec)

mysql> create database data4;

Query OK, 1 row affected (0.00 sec)

mysql> exit
root@dockerhost:~# docker rm -f con1
con1
root@dockerhost:~# docker run -d --name=con2 -v /volume:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=mysql1 mysql
30bd24d5a4d248b892dfce27924c50282524d3ef0ac46db86de60c5684c2d3aa
root@dockerhost:~# docker exec -it con2 /bin/bash
root@30bd24d5a4d2:/#
root@30bd24d5a4d2:/#
root@30bd24d5a4d2:/#
root@30bd24d5a4d2:/# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.26 MySQL Community Server - GPL

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases

-> ;
+--------------------+
| Database |
+--------------------+
| data1 |
| data2 |
| data3 |
| data4 |
| information_schema |
| mysql |
root@dockerhost:~# docker volume create volume2
volume2
root@dockerhost:~# docker volume ls
DRIVER VOLUME NAME
local volume2
root@dockerhost:~# docker volume inspect volume2
[
{
"CreatedAt": "2021-09-27T06:06:34Z",
"Driver": "local",
"Labels": {},
"Mountpoint": "/docker/volumes/volume2/_data",
"Name": "volume2",
"Options": {},
"Scope": "local"
}
]
root@dockerhost:~# docker run -d --name=con4 -v volume2:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=sql12345 mysql

/docker1 all docker file are stored

Volume : user data is stored
By default files gets stoted in overlay , So if container deleted then files are deleted
root@dockerhost:~# cd /docker
root@dockerhost:/docker# ls
buildkit containers image network overlay2 plugins runtimes swarm tmp trust volumes
root@dockerhost:/docker# cd volumes/
root@dockerhost:/docker/volumes# ls
backingFsBlockDev metadata.db volume2

root@dockerhost:/docker/volumes# docker run -it --name=con8 -v volume2:/opt centos ( file written in /opt path of container)
Unable to find image 'centos:latest' locally

Docker commit vs docker volume

Only system changes are committed in image

User data is stored in volume

Container backup solution : Storage data on external volume

Moving file from container

1) Pickup from overlay
2) root@dockerhost:/docker/volumes# docker cp /etc/fstab con4:/tmp
3) docker cp con4:/tmp/were .
Day 6
Docker file : ( image build)

Commit : We are changing image manually. ( docker commit <containername> <imagename>

Here we go inside container & changing image

Docker-file : file which contains instruction for image building.

( Instead of building image , write down steps)

For every image there is docker file. Docker file has “docker parameter” & “Values”.

FROM : It always contains base image name for building new image (Mandatory, Once per file)
MAINTAINER : one who build image/email ( optional)
RUN: what are the instruction to be executed

RUN command 1 && command 2 && command3 \

&& command 4 \
COPY: COPY the Source code ( copy data from local machine to image path) copies file local system to image
( if file is not local machine but on internet then COPY will not work , we use ADD in sucj case)
ENV: To Define Variable
WORKDIR: To change current working dir (
EXPOSE: PORT
CMD : like systemctl enable ( as sson as container start then excute script) ( diff between run & cmd, run triggers instruction during image build time, CMD triggers while
container is being formed)

ENTRYPOINT: ENTRYPOINT cant be override , CMD can be overrid

root@dockerhost:~# mkdir test
root@dockerhost:~# cd test
root@dockerhost:~/test# vim dockerfile
FROM centos:7
RUN yum install net-tools -y \
&& echo "Hello world" >/tmp/abc;
ENV BASE_DIR /var/lib/docker
COPY ./source.html $BASE_DIR/source.html

ADD https://openui5.hana.ondemand.com/1.36.4/docs/guide/f7cbafc9a76140ec8fc55b51a63cf467.html
$BASE_DIR/page.html
VOLUME /var/lib/docker
EXPOSE 80
CMD ["ifconfig"] root@dockerhost:~/test# docker build -t centosv . ( -t : tag new image with specified name)
root@dockerhost:~/test# docker run -it --name=con11 centosv
[root@2ce8ed07169b /]# ifconfig -a
Day 7
Docker compose : ( container creation process automation)

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a
YAML file to configure your application's services.
It reduces docker admin job. This is third party binary & by default it is not part of docker files.
( YAML is text-based file used for configuration data)
( do not run command manually to execute container )

Installation of compose binary on docker host :

If we are getting continuous requirement to build container then we use docker compose.

Search for “docker compose install” & Look for “Linux” Installation
root@dockerhost:~# docker-compose --version
docker-compose version 1.29.2, build 5becea4c
root@dockerhost:~# pwd
/root
root@dockerhost:~# mkdir test1
root@dockerhost:~# cd test1
root@dockerhost:~/test1# vi docker-compose.yml ( new folder new compose file)

Docker-compose can setup container but cant provide high availability

Each compose file has some keyword & Subkeyword

Service : Which container to be launched

root@dockerhost:~/test1# cat docker-compose.yml
services:
Web:
image: nginx
ports:
- 8080:80
cache:
image: redis
db:
image: mysql
environment:
- MYSQL_ROOT_PASSWORD=redhat
root@dockerhost:~/test1# docker-compose up –d
root@dockerhost:~/test1# docker-compose ps
root@dockerhost:~/test1# docker ps
root@dockerhost:~/test1# docker-compose stop cache
Stopping test1_cache_1 ... done
root@dockerhost:~/test1# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------
test1_Web_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8080->80/tcp,:::8080->80/tcp
test1_cache_1 docker-entrypoint.sh redis ... Exit 0
test1_db_1 docker-entrypoint.sh mysqld Up 3306/tcp, 33060/tcp
root@dockerhost:~/test1# docker-compose start cache
Starting cache ... done
root@dockerhost:~/test1# docker-compose stop cache
Stopping test1_cache_1 ... done
root@dockerhost:~/test1# docker-compose rm cache
Going to remove test1_cache_1
Are you sure? [yN] y
Removing test1_cache_1 ... done
root@dockerhost:~/test1# docker-compose up -d
test1_db_1 is up-to-date
test1_Web_1 is up-to-date
Creating test1_cache_1 ... Done

root@dockerhost:~/test1# docker-compose stop

Stopping test1_cache_1 ... done
Stopping test1_Web_1 ... done
Stopping test1_db_1 ... done
root@dockerhost:~/test1# docker-compose rm ( shut command : stp && rm )
Going to remove test1_cache_1, test1_Web_1, test1_db_1
Are you sure? [yN] y
Removing test1_cache_1 ... done
Removing test1_Web_1 ... done
Removing test1_db_1 ... Done
root@dockerhost:~/test1# cat docker-compose.yml
services:
Web:
image: nginx
ports:
- 8080:80
restart: always
cache:
image: redis
restart: always
db:
image: mysql
environment:
- MYSQL_ROOT_PASSWORD=redhat
restart: always
root@dockerhost:~/test1# systemctl restart docker

root@dockerhost:~/test1#
root@dockerhost:~/test1# docker-compose ps
Docker registry :
( Docker images are stored at one place; where we can maintain our images )
( container is a process, images are migrated/clone)

1) Community based dockerhub/registry.access.redhat.com/gcr.com

These community also allow to store custom build images. One can take space from these community.

2) Custom registry server

root@dockerhost:~/test1# docker save nginx >web.tar ( Backup )

root@dockerhost:~/test1# ls
docker-compose.yml web.tar
root@dockerhost:~/test1# docker load -i web.tar ( loading of image)
Loaded image: nginx:latest

How to push images inside the docker registry

2) Dockrehub ( u can create account & store images)

Create account in docker hub however u will have to store image as public else there will be charge for private.
Sign into hub.docker.com
One image - One repository ( one reposiry can contain many version)
root@dockerhost:~/test1# docker tag nginx docker.io/haha166/mani
root@dockerhost:~/test1# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql latest 9da615fced53 5 days ago 514MB
redis latest 7faaec683238 5 days ago 113MB
haha166/mani latest 87a94228f133 5 days ago 133MB
haha166 latest 87a94228f133 5 days ago 133MB
nginx latest 87a94228f133 5 days ago 133MB
root@dockerhost:~/test1# docker push docker.io/haha166/mani
Using default tag: latest
The push refers to repository [docker.io/haha166/mani]
9959a332cf6e: Preparing
f7e00b807643: Preparing
f8e880dfc4ef: Preparing
788e89a4d186: Preparing
43f4e41372e4: Preparing
e81bff2725db: Waiting
denied: requested access to the resource is denied
root@dockerhost:~/test1# docker login ( ip address if custom built registry server)
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: haha166
Password:
Create offline private registry server :

Opensource package download & install registry server

Registry server installation can also be container based or os based
Docker host

HTTP

HTTPS
Docker registry
server

Create one file to /etc/docker/daemon.json & update same, restart docker

Certificate : HTTPS {
"insecure-registries" : [“ipaddress of docker registry server:5000"]
}
Method 1 :

1) Create one EC instance

2) root@dockerhost:~# yum install docker-distribution –y ( for centos)
Systemctl start docker-distribution
Systemctl enable docker-distribution
Systemctl status docker-distribution (check config file for port number)

root@dockerhost:~# ls -ld /var/lib/registry

root@dockerhost:~# netstat -tnlp | grep -w 5000 ( docker registry server port)

docker tag nginx <registry server ip>:5000/nginx:latest

( no password auth setup now)

Systemctl stop docker-distribytion

Systemctl disable docker-distribution
Yum remove docker-distribution
2) Container based registry server
root@dockerhost:~# docker pull registry:2
2: Pulling from library/registry
6a428f9f83b0: Pull complete
90cad49de35d: Pull complete
b215d0b40846: Pull complete
429305b6c15c: Pull complete
6f7e10a4e907: Pull complete
Digest: sha256:265d4a5ed8bf0df27d1107edb00b70e658ee9aa5acb3f37336c5a17db634481e
Status: Downloaded newer image for registry:2
docker.io/library/registry:2

root@dockerhost:~# docker run -d -v /images:/var/lib/registry -p 5000:5000 --name=registry registry:2

b0bc9feee1ae5312b3af57f42388dbd87b0d9f8f542ef04a18242ba589d8c444