1 $ docker version - verfied cli can talk to engine

2 $ docker info - gives most configuration values of engine

3 $ docker command line structure:
4 OLD: docker <command> (options)
5 NEW: docker <command> <sub-command> (options)
6
7 IMAGES vs CONTAINERS
8 - An IMAGE is the Binaries, Libraries and all that make up your application. An
Images is the application we want to run.
9 - A CONTAINER is the an RUNNING INSTANCE of that image.
10 Can have many containers running off the SAME image.
11
12 $ docker container run --publish 80:80 nginx
13 - '-p' also does the same as '--publish'.
14 -- Publish a container's port(s) to the host.
15 -'-P/--publish-all' Publish all exposed ports to random ports.
16
17 - In the background the Docker engine looked for an image called nginx.
18 - Pulled down the latest image for nginx from docker hub and started it as a
process in a new container for us to use.
19 - The publish part of the command exposes local port 80 on local machine and
sends all traffic from it to the executable running inside the container on port
80.
20 -- You will get a "bind" error if the left number (host port) is being used
by anything else, even another container.
21 -- You can use any port you want to use on the left, like 8080:80 or 8888:80
and then use localhost:8888 when testing.
22
23 $ docker container run --publish 80:80 --detach
nginx

24 - '--detach'/'-d' - Run Container in Background and print Container ID.

25
26 $ docker container ls
27 -- list running containers
28 -- OLD WAY: docker ps
29
30 $ docker container stop <Container ID>
31 - stop running containers.
32
33 $ docker container ls -a
34 CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS NAMES
35 2d1e9e10055c nginx "nginx -g 'daemon of…" 4 minutes
ago Exited (0) 53 seconds ago compassionate_ride
36 cedabb85fed9 nginx "nginx -g 'daemon of…" 5 minutes
ago Exited (0) 4 minutes ago gifted_leakey
37 1d46167af715 nginx "nginx -g 'daemon of…" 6 minutes
ago Exited (0) 5 minutes ago hungry_banach
38 57b74207118a nginx "nginx -g 'daemon of…" 6 minutes
ago Exited (0) 6 minutes ago elastic_pasteur
39 8de71b741cdf nginx "nginx -g 'daemon of…" 10 hours
ago Exited (0) 10 hours ago suspicious_wilson
40 1093e4e6e0d5 nginx "nginx -g 'daemon of…" 15 hours
ago Exited (0) 15 hours ago pedantic_mirzakhani
41
42 NAMES - are randomly generated from an open source list of adjectives and
surnames of notable hackers or scientists.
43
44 $ docker container run --publish 80:80 --detach --name webhost nginx
45 - specify name of the container using --name <any name>
46 - '-d' can also be used for --detach
47
48 $ docker container run --publish 3306:3306 --detach --env
MYSQL_RANDOM_ROOT_PASSWORD=yes --name sql mysql
49 - '--env' - set environment variables.
50 - '-e' can also be used for specifying environment variable.
51 --> MYSQL_RANDOM_ROOT_PASSWORD=yes will generate a random password and can
be seen in logs as
52 "GENERATED ROOT PASSORD:" via $ docker container logs <name of container>
53
54 $ docker container start
55 - Start one or more stopped containers.
 56 - '-a'/'--attach' : Attach STDOUT/STDERR and forward signals.
57 - '-i'/'--interactive' : Attach container's STDIN.
58
59 $ docker container logs webhost
60 - It shows the lastest logs for webhost container.
61 - OLD WAY: docker logs - shows logs for a specific container. User --help to see
all log options.
62
63 $ docker stop <name of container>
64 - Stop one or more running containers.
65
66 $ docker container rm
67 - Remove one or more containers
68 - You cannot remove a running container
69 - To forcefully remove a running container use '-f' as option with rm as: $
docker container rm -f
70
71 ==========================================
72 WHAT HAPPENS in 'docker container run'
73 ==========================================
74 1. Looks for that image locally in image cache, doesn't find anything.
75 2. Then looks in the remote image repository (defauls to Docker Hub).
76 3. Download the latest version (nginx:latest by default).
77 - if we didn't specify a version it'll just choose the latest version.
78 4. Creates a new container based on that image and prepares to start
79 - once it's got that image and ready to go, it's going to start up a new
container based on that image.
80 - It's not going to make a copy of the image.
81 5. Gives it a vitrual IP address on a private network inside docker virtual network.
82 6. Opens up port 80 on host and forwards to port 80 in container.
83 - It is actually going to open up port that we specified.
84 - If we dind't specify the Publish command (--publish) it is not going to open
up any port at all.
85 - Example: "--publish 80:80"
86 -- it is telling to take port 80 on the host and forward all traffic to port
80 in the container.
87 7. Start container by using CMD in the image Dockerfile.
88
89 ===========================================
90 CONTAINERS aren't Mini-VMs
91 ===========================================
92 1. They are just PROCESSES, running on host operating system.
93 2. Limited to what resources they can access.
94 3. Exits when process stops.
95
96 ========================================================
97 WHAT'S GOING ON IN CONTAINERS_CLI PROCESS MONITORING
98 ========================================================
99 $ docker container top <name of container>
100 - Display the list of running processes inside a container.
101
102 $ docker container inspect <name of container>
103 - Display detailed information on one or more containers. Details of one
container config.
104 - OLD WAY: $ docker inspect - shows metadata about the container (startup,
config, volumes, networking etc.)
105
106 $ docker container stats
107 - Display a live stream of container(s) resource usage statistics. Performance
stats for all containers.
108 - <name of container> - is not compulsory. It will show statistics for all
images inside the container.
109 - OLD WAY: $ docker stats - shows live Performance data for all containers.
110
111 ====================================
112 GETTING SHELL INSIDE CONTAINERS
113 ====================================
114 NO SSH needed.
115 Docker CLI is a great substitute for adding ssh to contianers.
116
117 $ docker container run -it
118 - Start new container INTERACTIVELY
119 - '-i' : Interactive. Keep STDIN open even if not attached. Keep session
 open to receive terminal input.
120 - '-t' : Allocate a pseudo-TTY. Simulates a real terminal.
121 - Ubuntu Image: Its Default CMD is bash, so we don't need to explicitly specify
it.
122
123 e.g. docker container run -it --name proxy nginx bash
124 - bash shell: if run with -it, it will give a terminal inside the running
container.
125
126 $ docker container exec -it
127 - Run additional command in a RUNNING container.
128 - '-i' : Interactive. Keep STDIN open even if not attached. Keep session
open to receive terminal input.
129 - '-t' : Allocate a pseudo-TTY. Simulates a real terminal.
130
131 $ docker container run -rm -it
132 - '-rm': Automatically remove the container when it exists.
133 ====================================
134 DOCKER NETWORK - CONCEPTS
135 ====================================
136 $ docker container run -p
137 - '--publish list' : Publishes a container's port(s) to the host.
138 - Publishing ports is always in HOST:CONTAINER format.
139 - Example:
140 $ docker container run --p 80:80 --detach --name webhost nginx
141
142 $ docker container port
143 - List port mappings or a specific mapping for the container
144 - Example:
145 $ docker container port webhost
146 80/tcp --> 0.0.0.0:80
147
148 - Each container connected to a private virtual network "bridge".
149 - Each one of the network routes through "NAT firewall" on host IP.
150 - All containers on a virtual network can talk to each other without '-p'
151 - "Batteries Included, But Removable"
152 - Defaults works well in many cases, but it is easy to swap out parts to
customize it.
153 - Make New Virtual Machine - make 1 per app based on requirements
154 - Attach containers to more than one virtual network or no network.
155 - Skip any of the virtual network configuration and use host IP (--net=host)
156
157 $ docker container run --net <network_ID/network_Name>
158 - Connect a container to a specific network identified by network ID or network
Name
159
160 $ docker container run --net-alias <list>
161 - Add network scoped alias for the container.
162
163 $ docker container inspect
164 - 'inspect' : display detailed information on one or more contianers
165 - '--format string'/'-f' : Format the output using the given Go Template
166 - Example:
167 - To find IP address of specific container
168 $ docker container inspect -f '{{ .NetworkSettings.IPAddress }}' <names
of the container>
169
170 ====================================
171 DOCKER NETWORK - CLI Management
172 ====================================
173 # docker network : Manage networks. You can use subcommands to create, inspect,
list, remove, prune, connect, and disconnect networks.
174
175 # docker network ls
176 - List Networks
177 - BRIDGE: Default Docker virtual network which is NAT'ed behind Host IP.
178 - HOST: special network that skips the virtual networking of Docker and
attaches the container directly to the host interface.
179 It gains Performance (high throughput) by skipping the virtual
network but sacrifices security of container model.
180 - NONE: removes etho0 and only leaves you with localhost interface in
container.
181 equivalent of having an interface on your computer that's not
 attached to anything, but we can create our own.
182
183 # docker network inspect
184 - Display Detailed information on one or more networks.
185
186 $ docker network create --driver / docker network create -d
187 - Create a network
188 - Creates a new network. The DRIVER accepts bridge or overlay which are the
built-in network drivers.
189 If you have installed a third party or your own custom network driver you can
specify that DRIVER here also.
190 If you DON'T SPECIFY the --driver option, the command AUTOMATICALLY creates a
BRIDGE network for you.
191 You CANNOT remove the DEFAULT BRIDGE network.
192 - When you install Docker Engine it creates a BRIDGE network AUTOMATICALLY.
193 This network corresponds to the 'docker0' bridge that Engine has traditionally
relied on.
194
195
196 $ docker network connect
197 USAGE: docker network connect [OPTIONS] NETWORK CONTAINER
198 - Connect a container to network
199 - Dynamically creates a NIC in a container on an existing virtual network
200
201 $ docker network disconnect
202 USAGE: docker network disconnect [OPTIONS] NETWORK CONTAINER
203 - Disconnect a container from network
204 - Dynamically rmeoves a NIC from a container on a specific virutal network
205
206 DEFAULT SECURITY:
207 1. Create your apps so frontend/backend sit on same Docker Network.
208 2. Their inter-communication never leaves the host.
209 3. All external exposed ports closed by default.
210 4. You must manually expose via, '-p', which is better than default security.
211 5. Better with Swarm and Overlay networks.
212
213 =====================================================
214 DOCKER NETWORK - DNS : How Containes Find Each Other
215 =====================================================
216 - DNS is the key to easy inter-container communications
217 - Can't rely on IP addresses inside containers as things are so dynamic.
218 - Crucial to all of these containers and virtual networks and them talking to each
other --> NAMING.
219 - Docker daemon has a built-in DNS server that container use by default.
220 Docker uses the container names as the equivalent of a host name for containers
talking to each other.
221 - Docker DEFAULTS the hostname to the container's name, but ALIASes can also be used.
222
223 $ docker container exec -it <container_name_1> ping <container_name_2>
224 - PRE-requirements: ping must be installed on the containers.
225 - containers can't ping to other containers in different Network IDs
226
227 ============================
228 CONTAINER IMAGES
229 ============================
230 What is IMAGE:
231 - It's the Application Binaries and Dependencies for your app
232 AND
233 - The metadata about the image data and how to run the image.
234
235 - OFFICIAL DEFINITION:
236 - An Image is an ordered collection of root filesystem changes & the
corresponding execution parameters for use within the container runtime.
237
238 - Not a complete OS. No kernel, kernel modules etc.
239 Inside this image, there's not actually a complete OS. There's no kernel.
240 There's no kernel modules like drivers. It's really just the binaries that
your application needs because the host provides the kernel.
241 That's one of the distinct characteristics around containers that makes it
different from a virtual machine; it's not booting up a full operating system.
242
243 -Image can be really small.
244 - It can be a single file.
245 - Or you could have a very big image that's actually using some distribution
like Ubuntu with its own package manager built in,
246 and where you've installed Apache, and PHP, and your source
247
248 ===============================================
249 MIGHTY HUB - using Docker HUB REGISTRY IMAGES
250 ===============================================
251 - hub.docker.com
252 - Docker Hub is a cloud-based registry service which allows you to link to code
repositories, build your images and test them, stores manually pushed images,
and links to Docker Cloud so you can deploy images to your hosts.
253 It provides a centralized resource for container image discovery, distribution
and change management, user and team collaboration, and workflow automation
throughout the development pipeline.
254
255 - What's the Right Image
256 - Typically, always start with the official.
257 The official is going to be the only one with the word 'official' actually
below it
258
259 - It will also be the only one where its name doesn't have a forward slash in it.
260
261 OFFICIAL IMAGES:
262 - Official images are ones that Docker, Inc. actually has a team of people that
help take care of them, ensure that they have quality documentation, that
they're well tested and that they're put together properly with Dockerfiles that
are obeying best practice rules.
263 - They usually work with the official team of that software who actually makes
it to ensure that it's doing all the things that it should be doing.
264
265 - A BEST PRACTICE is when you're going to production and you're actually testing
software that you're going to be using for others, you always want to specify the
exact version.
266 But when you're DEVELOPING or just TESTING something locally, it's super easy with
official images to just type in the name and just assume you're going to get the
latest.
267
268 - Image ID is based upon the cryptographic SHA of each image in Docker Hub.
269
270 =============================================
271 IMAGES & THEIR LAYERS : Discover Image Cache
272 =============================================
273 - Image are made up of file system changes and metadata.
274 A series of changes.
275 - Each layer has its own qnique identity as SHA.
276 - They're only stored once on each system, so on each Docker daemon, each layer is
only represented once in the file system.
277 - When a container is started, it's just a SINGLE layer of changes on top of an
existing image.
278 - Union File System -
279
280 $ docker image history <image_name>
281 E.g $ docker image history nginx:latest
282 IMAGE CREATED CREATED
BY SIZE COMMENT
283 ae513a47849c 3 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g"
"daemon… 0B
284 <missing> 3 weeks ago /bin/sh -c #(nop) STOPSIGNAL
[SIGTERM] 0B
285 <missing> 3 weeks ago /bin/sh -c #(nop) EXPOSE
80/tcp 0B
286 <missing> 3 weeks ago /bin/sh -c ln -sf /dev/stdout
/var/log/nginx… 22B
287 <missing> 3 weeks ago /bin/sh -c set -x && apt-get update
&& apt… 53.7MB
288 <missing> 3 weeks ago /bin/sh -c #(nop) ENV
NJS_VERSION=1.13.12.0… 0B
289 <missing> 3 weeks ago /bin/sh -c #(nop) ENV
NGINX_VERSION=1.13.12… 0B
290 <missing> 3 weeks ago /bin/sh -c #(nop) LABEL
maintainer=NGINX Do… 0B
291 <missing> 3 weeks ago /bin/sh -c #(nop) CMD
["bash"] 0B
292 <missing> 3 weeks ago /bin/sh -c #(nop) ADD
file:ec5be7eec56a74975… 55.3MB
293
294 - Show layer of changes made in image.
295 - History of Image Layers.
296 - Every image starts from the very beginning with a blank layer known as
'SCRATCH'.
297 You might have one layer, you might have dozens of layers and some layers
maybe no change in terms of the file size.
298 - OLD WAY: $ docker history nginx:latest
299
300 $ docker image inspect <image_name>
301 - Display detailed information on one or more images.
302 - Inspect give us all the details about the image.
303 It basically gives the "METADATA".
304
305 $ docker image pull
306 - Pull an image or repository from a registry
307 - OLD WAY: $ docker pull
308 ================================================
309 IMAGES TAGGING & PUSH : Sending to Docker Hub
310 ================================================
311 - IMAGE TAGS
312 - Needs to actually be in a specific format in order to work with a registry,
specifically with Docker Hub
313 - images don't technically have a NAME.
314
315 $ docker image tag
316 - Create a tag TARGET_IMAGE that refres to SOURCE_IMAGE
317 - Assign one or more tags to am image.
318 - OLD WAY: $ docker tag
319
320 ================================================
321 BUILDING IMAGES - The Docker File basic
322 ================================================
323 - It's not a batch file, it's not a shell script.
324 It's a totally different language of file that's unique to Docker and the default
name is Dockerfile with a 'capital D'.
325 - But, from the command line, whenever you need to deal with a Dockerfile using the
docker command, you can actually use the '-f'.
326 Which is actually common amongst a lot of the tools with Docker, you can use dash
f to specify a different file than a default.
327 E.g.
328 $ docker build -f <some-dockerfile>
329
330 ++++++++++++++++++++++
331 Decoding Docker File:
332 ++++++++++++++++++++++
333 - Each stranza is A LAYER in docker Image. So the order actually matters, because it
does work top down.
334
335 1. So 1st up is the 'FROM' command.
336 e.g. FROM debian:jessie
337
338 All images must have a FROM.
339 It is normally a minimal Linux distribution like Debian etc.
340 One of the main benefits for using distributions in containers is to use
their package distribution systems to install whatever software you need in
your package.
341
342 Package Manager - PM's like apt and yum are one of the reasons to build
container from Debian, Ubuntu, Fedora or CentOS.
343
344 2. Next, is the ENV stanza. ENV is for 'Environment Variables'
345 It's a way to set environment variables, which are actually very important in
containers because they're the main way we set keys and values for container
building and for running containers.
346 One reason they are chosen as preferred way to inject key/value is they work
everywhere, on OS and config.
347
348 3. Next up is RUN command.
349 What it is doing is really just executing "Shell commands" inside the
container as it's building it.
350 You'll usually see run commands when you need to install software with a
package repository, or you need to do some unzipping, or some file edits
inside the container itself.
351 Run commands can also run shell scripts that you've copied in earlier in the
file or any commands that you can access from inside the container at that
point in time in the file.
352
353 Thing to note:
354 The reason that we're adding all these commands with the double
ampersand here, so that they're chained one after the other, is because,
if you remember, each stanza is its own layer.
355 What this does is ensures that all of these commands are fit into one
single layer.
356 It saves us a little time.
357 It saves us space. And it's so common that you'll probably see it in
every Dockerfile on Docker Hub.
358
359 4. Another RUN command - This one is all about pointing our log files to the
stdout & to the stderr.
360 Note:
361 1. The proper way to do logging inside a container is not to a log file.
362 There is no syslogd or any other syslog services inside a container.
363 2. Docker actually handles all of our logging for us. All we need to do
is to make sure everything we want is captured in the log is spit to
STDOUT & STDERR, and docker will handle th rest. There's actually
logging drivers that we can use in the Docker Engine itself to control
all the logs for all the containers on our host.
364 It adds more complexity to your app if your app is actually doing the
logging itself.
365 And then, if you have to deal with files in every container, now you've
got a problem of how do you get those files out, and searchable, and
accessible.
366 Here, we're taking the default Nginx logs and we're actually linking
them to the stdout.
367
368 5. Next section EXPOSE
369 By Default NO TCP or UDP ports are open inside a container.
370 It doesn't EXPOSE anything from the container to a virtual network unless
LISTED here.
371 This EXPOSE command DOESN'T mean these ports are going to be opened
automatically on the host.
372 That's what the '-p/--publish/-P' command is whenever we use docker run.
373
374 6. Lastly CMD
375 The CMD is a required parameter that is the final command that will be run
every time you launch a new container from the image, or every time you
restart a stopped container.
376
377 ++++++++++++++++++++++
378 SOME OTHER STANZAS
379 ++++++++++++++++++++++
380 WORKDIR:
381 - Basically running a "cd directory" change.
382 - So you might be tempted to use the run command and just type run cd to
this directory and then do some things.
383 But really the BEST PRACTICE for Dockerfiles is to always use a separate
'WORKDIR' stanza for whenever you're changing directories.
384 Lot easier to describe using WORKDIR in the Dockerfile what we are doing.
385
386 COPY:
387 - This is the stanza where you will always be using to COPY your source code
from your local machine, or build servers, into your container images.
388
389 ================================================
390 BUILDING IMAGES - Running Docker Builds
391 ================================================
392 $ docker image
393 - build : build an image from docker file.
394 -- '-t' : Name & optionally a tag in the 'name:tag' format
395
396 E.g.
397 $ docker image build -t customnginx .
398 . specifies current directory where docker file is present.
399
400 - Each STEP is a LINE in the dockerfile that it's executing inside this image as
it's building it.
401 And there is a little HASH at the end which is actually the hash it keeps in
the build cache so that next time we build this thing, if that line hasn't
changed in the dockerfile, it's not going to rerun it.
402
403 - This is one of the magic pieces of why Docker makes deployment and software
building so fast is it actually is intelligent enough to cache the steps in the
build.
404 So quite often, after youve built an image the first time, and you're really
just there changing your custom source code and not necessarily changing the
application in itself, all this installation stuff has already happened.
405 So you will have very short built times.
406
407 - Any changes to docker file in any line will make it re-execut it again and not
use "USING CACHE" from previous build run.
408 So it actually executes that into the container the line that was changed.
409 Also it has to re-run all the next lines, as every line after that (CHANGED
LINE) now has to be rebuilt as well.
410
411 - This brings up the point about the ordering of your lines in your Dockerfile.
Because, if you get things out of order, for instance, if you copied the code
in...let's say you're building a website. If you're copying the software
code that you're creating at the very beginning of the file, then every time you
change a source file and you rebuild, it's going to have to build the entire
Dockerfile again.
412
413 - It's CRITICALLY important for SANITY and TIME
414 1. that you usually keep the things at the TOP of your Dockerfile that
change the LEAST and
415 2. then the things that change the MOST at the BOTTOM of your Dockerfile.
416
417 ================================================
418 BUILDING IMAGES - Extending Official Images
419 ================================================
420 Upload to DOCKER HUB:
421 $ docker image ls -- get list of images
422 $ docker image tag <REPOSITORY:TAG> name/<REPOSITORY:TAG>
423 E.g.
424 $ docker image tag nginx-with-html:latest pinaki/nginx-with-html:latest
425
426 ================================================
427 CONTAINER LIFETIME - Persistent Data
428 ================================================
429 - Containers are USUALLY IMMUTABLE & EPHEMERAL
430 -- IMMUTABLE INFRASTRUCTURE: only re-deploy containers, never change.
431 The idea of immutable infrastructure where we DON'T Change things once
they're running.
432 If a config change needs to happen, or maybe the container version upgrade
needs to happen, then we RE-DEPLOY a whole new container.
433
434 - SEPERATION OF CONCERNS : Ideally, the containers shouldn't contain your unique
data mixed in with the application binaries.
435 We can update our application by recreating a new container, with an updated
version of our app, and ideally, our unique data is still where it needs to be
and was preserved for us while our container was recycled.
436
437 - PERSISTENT DATA :
438 Containers, by default, are persistent
439 Any changes in them actually were kept across restarts and reboots until we
removed the container.
440 Just because we stopped the container or restarted the host, doesn't mean the
container's file changes go away.
441 It's only when we remove the container that it's UFS layer goes away, but we want
to be able to do that at will.
442
443
444 This problem of unique data is known in the industry as "PERSISTENT DATA"
445
446 - In the world of containers and application auto scaling, persistent data create a
Unique Problem.
447 Docker has 2 solutions
448 1. DATA VOLUMES
449 2. BIND MOUNTS
450
451 -- DATA VOLUMES:
452 1. Docker volumes are a configuration option for a container that creates a
special location outside of that container's union file system to store
unique data.
453 2. This preserves it across container removals and allows us to attach it to
whatever container we want.
454 And the container just sees it like a local file path.
455
456 -- BIND MOUNTS
457 1. Which are simply SHARING or MOUNTING a host directory, or file, into a
container.
458 It will just look like a local file path, or a directory path, to the
container
459 It won't actually know that it's coming from the host
460
461 ================================================
462 PERSISTENT DATA: VOLUMES
463 ================================================
464 - The 1st way you can tell a container that it "needs to worry" about a volume is in
a Dockerfile.
465 - Volumes are identified in DockerFile with 'VOLUME' stanza.
466 -- The VOLUME stanza tells the container to create a new 'VOLUME LOCATION' and
assign it the 'directory' in the container.
467 Which means any files that we put in there, in the container, will OUTLIVE
the container until we MANUALLY DELETE the volume.
468 -- VOLUMES need MANUAL deletion.
469 They're an extra step. That's just for insurance really, because the whole
point of a volume command is to say that this data is particularly important,
at least much more important than the container itself.
470 -- $ docker volume ls : to list/manage volumes.
471 -- $ docker volume prune : remove all unsed local volumes.
472 -- $ docker volume inspect : display detailed information on one or more volumes.
473
474 - Volumes of a CONTINER can checked seen via
475
476 $ docker container inspect <container_name>
477
478 as the following entries:
479
480 1. MOUNTS:
481 E.g.
482 "Mounts": [
483 {
484 "Type": "volume",
485 "Name":
"a153e07fcd4622a1c0a9b7e4bde271ab7ae223fd976deddcc03ab50a865834a2"
,
486 "Source":
"/var/lib/docker/volumes/a153e07fcd4622a1c0a9b7e4bde271ab7ae223fd9
76deddcc03ab50a865834a2/_data",
487 "Destination": "/var/lib/mysql",
488 "Driver": "local",
489 "Mode": "",
490 "RW": true,
491 "Propagation": ""
492 }
493 ],
494
495 "Source": This is actually the running container getting its own
unique LOCATION on the HOST, to store that data, ,and then it's in
the background, mapped or mounted, to that location in the container
("Destination").
496
497 "Destination": The location in the container actually just thinks
it's writing to the directory specified here.
498
499 2. CONFIG:
500 E.g.
501
502 "Config": {
503 "Hostname": "bc05aa4c3506",
504 "Domainname": "",
505 "User": "",
506 "AttachStdin": false,
507 "AttachStdout": false,
508 "AttachStderr": false,
509 "ExposedPorts": {
510 "3306/tcp": {}
511 },
512 "Tty": false,
513 "OpenStdin": false,
514 "StdinOnce": false,
515 "Env": [
516 "MYSQL_ALLOW_EMPTY_PASSWORD=True",
517
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
",
518 "GOSU_VERSION=1.7",
519 "MYSQL_MAJOR=8.0",
520 "MYSQL_VERSION=8.0.11-1debian9"
521 ],
522 "Cmd": [
523 "mysqld"
524 ],
525 "ArgsEscaped": true,
526 "Image": "mysql",
527 "Volumes": {
528 "/var/lib/mysql": {}
529 },
530 "WorkingDir": "",
531 "Entrypoint": [
532 "docker-entrypoint.sh"
533 ],
534 "OnBuild": null,
535 "Labels": {}
536 },
537
538 - NAMED VOLUMES:
539 - friendly way to assign Volumes to Containers.
540 $ docker container run -v
541 - Bind mount a volume.
542 - A '-v' allow us to specify either a NEW VOLUME that we want to create for
this container or two other options.
543 1. One of them here is to create a NAMED volume
544 2.
545
546 $ docker container run -d --name mysql_new -e MYSQL_ALLOW_EMPTY_PASSWORD=True
-v /var/lib/mysql mysql
547 -- will do the same thing that VOLUME stanza do in Dockerfile.
548
549 $ docker container run -d --name mysql_new -e MYSQL_ALLOW_EMPTY_PASSWORD=True
-v mysql-db:/var/lib/mysql mysql
550 -- Create a "NAMED VOLUME". This is known as NAMED VOLUMES.
551 This creates a container with a new volume using the name specified using
'-v'. Here mysql-db
552
553 $ docker volume create
554 - Create a Volume
555 - Required to do this before "docker container run or docker run" to use custom
drivers and lables.
556
557 =========================================
558 PERSISTENT DATA: BIND MOUNTING
559 =========================================
560 - BIND Mounts: Maps a HOST file or directory to a CONTAINER file or directory.
561 It's basically just having the TWO locations point to the SAME PHYSICAL
locations on disk.
562 You can either specify a DIRECTORY or just a SINGLE file
563 It SKIPS UFS - it's not going to wipe out your host location when you
delete the container
564 Host file overwrite any in container:
565 1. If there are any files in the container that you map the host
files to, the host files win.
566 2. It doesn't actually delete the files in the container that it
overwrote because it's not really overwriting anything in the
container.
567 It's just there while the bind mount exists.
568 3. The minute you don't need the bind mount any more and you re-run
the container without it, you would actually see the underlying data
that was there before.
569
570 - Because bind mounts are usually HOST specific, they need specific data to be on
the hard drive of the host in order to work.
571 You can't specify them in a Dockerfile. You have to use them at runtime when you
use the docker container run command
572 FORMAT:
573 $ docker container run -v <FULL_PATH>:<PATH_CONTAINER> : Bind mount a
volume.
574
575 E.g.
576 docker container run ... -v //c/Users/bret/stuff:/path/container (Windows)
577 docker container run ... -v /Users/bret/stuff:/path/container (Linux/Mac)
578
579 $ docker container run -d --name nginx -p 80:80 -v $(pwd):/usr/share/nginx/html nginx
580 - This command starts a new nginx container with output of $(pwd) mounted on the
container.
581 - Any changes done on either side is reflected on both sides.
582
583 - The way the Docker actually can tell the difference between the named volume, like
we did a while ago, and the bind mount,
584 -- is the bind mount starts with a FORWARD SLASH.
585 -- On Windows, you'll notice that it's a TWO forward slashes and the DRIVE letter
586
587 EDIT CODE RUNNING IN CONTAINERS WITH BIND MOUNTS:
588 $ docker container run -p 80:4000 -v $(pwd):/site bretfisher/jekyll-serve
589
590
591 ===============================================
592 DOCKER COMPOSE & docker_compose_yml FILE
593 ===============================================
594 - WHY:
595 1. configure relationship between containers.
596 2. save our docker container run settings in easy-to-read file
597 3. create 'one-liner' developer environment startups
598
599 Docker Compose comprised on 2 SEPERATED but RELATED components:
600 1. YAML FILE: formatted file that describes our solution options for:
601 a. containers
602 b. networks
603 c. volumes
604
605 This is the file where you would specify all the containers you need to run,
the networks you need, any volumes you might need, environment variables,
images, and all sorts of other configuration options.
606
607 2. CLI Tool: 'docker-compose' used for local/dev automation with the YAML files.
608 It is normally used for just local dev & test, using that YAML file we
created to simplify our Docker commands.
609
610 ++++++++++++++++++++++++++++
611 DOCKER COMPOSE - YAML FILE
612 ++++++++++++++++++++++++++++
613 - YAML format has its own versions - 1, 2, 2.1, 3, 3.1
614
615 - The version statement, is the first line in the file.
616 IF NO VERSION IS SPECIFIED THEN v1 IS ASSUMED. RECOMMENDED v2 MINIMUM.
617
618 - This file can actually be used with a Docker Compose CLI, mainly for local
development management and just making it easier to get around in your environments
on your local machine.
619
620 - Starting with the beginning of 2017, with version 1.13 and anything beyond that,
YAML files can now be used directly with the docker command line in production with
swarm.
621
622 - docker-compse.yml - DEFAULT NAME, but any name can be used with 'docker-compose
 -y' as long as it's proper YAML
623
624 - 4 MAIN SECTIONS: This is hierarchical
625 1. VERSION - If no version is specified, then v1 is assumed. Recommended v2 at
the minimum.
626 2. SERVICES - Containers. Same as 'docker container run OR docker run'.
627 SERVICES can have the following:
628 a. servicename: A friendly name. This is also DNS inside network.
629 b. image: (OPTIONAL) if you use a build.
630 c. command: (OPTIONAL). replace the defaul CMD specified by the image.
631 d. environment: (OPTIONAL). Set Environment variables. Same as '-e' in
the 'docker run' command.
632 e. volumes: (OPTIONAL). Bind mount a volume. Same as '-v' in the 'docker
run' command.
633 3. VOLUMES - (OPTIONAL). Same as 'docker volume create'
634 4. NETWORKS - (OPTIONAL). Same as 'docker network create'
635
636 - At a minimum, SERVICES, are required in the YAML file, which is really just
containers (same as 'docker container run/docker run' command).
637 - The reason they actually call them SERVICES is because each container that you
create in here, you could actually have multiple ones of those containers for
redundancy.
638 So they needed to come up with a different word.
639
640 +++++++++++++++++++++++++
641 DOCKER COMPOSE - CLI
642 +++++++++++++++++++++++++
643 - Docker Compose command line tool is actually different from Docker Tool.
644 - It is is seperate Binary.
645 If on Docker for Windows or Docker for Mac, it actually comes bundled in.
646 If using Toolbox on Windows 7, it bundles with that.
647 If on Linux, you have to download it seperately from GitHub.com/docker/compose.
648 -- go to https://docs.docker.com/compose/install/#install-compose
649 -- Follow instructions to install on Linux.
650 E.g.
651
652 # sudo curl -L
https://github.com/docker/compose/releases/download/1.21.2/docker-compose-
$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
653 % Total % Received % Xferd Average Speed Time Time Time
Current
654 Dload Upload Total Spent Left
Speed
655 100 617 0 617 0 0 427 0 --:--:-- 0:00:01
--:--:-- 427
656 100 10.3M 100 10.3M 0 0 261k 0 0:00:40 0:00:40
--:--:-- 623k
657 # sudo chmod +x /usr/local/bin/docker-compose
658
659 VERIFY:
660 # docker-compose --version
661 docker-compose version 1.21.2, build a133471
662 #
663
664 - Not desgined for production-grade, ideal/good for local development and testing
things really quickly that might otherwise be complex to type in a bunch of commands
from the command line.
665
666 $ docker-compose up - set up volumes/network and start all containers
667 Builds, (re)creates, starts, and attaches to containers for a service.
668 Unless they are already running, this command also starts any linked services.
669
670 The `docker-compose up` command aggregates the output of each container. When
the command exits, all containers are stopped. Running `docker-compose up -d`
starts the containers in the background and leaves them running.
671
672 If there are existing containers for a service, and the service's configuration
or image was changed after the container's creation, `docker-compose up` picks
up the changes by stopping and recreating the containers (preserving mounted
volumes). To prevent Compose from picking up changes, use the `--no-recreate`
flag.
673
674 $ docker-compose up -d : Run in background
675
676 $ docker-compose down - stop all continers and remove Containers/volumes/networks
677 Stops containers and removes containers, networks, volumes, and images created
by `up`.
678
679 By default, the only things removed are:
680 - Containers for services defined in the Compose file.
681 - Networks defined in the `networks` section of the Compose file.
682 - The default network, if one is used.
683
684 Networks and volumes defined as `external` are never removed.
685
686 $ docker-compose ps : List containers
687
688 E.g.
689 $ docker-compose ps
690 Name Command State Ports
691 ----------------------------------------------------------------------------
692 compose-sample-2_proxy_1 nginx -g daemon off; Up 0.0.0.0:80->80/tcp
693 compose-sample-2_web_1 httpd-foreground Up 80/tcp
694
695 $ docker-compose-top - Display running processes
696
697 E.g.
698 $ docker-compose top
699 compose-sample-2_proxy_1
700 UID PID PPID C STIME TTY TIME
CMD
701
------------------------------------------------------------------------------
------------------
702 root 7801 7777 0 13:47 ? 00:00:00 nginx: master process
nginx -g daemon off;
703 systemd+ 7987 7801 0 13:47 ? 00:00:00 nginx: worker
process
704
705 compose-sample-2_web_1
706 UID PID PPID C STIME TTY TIME CMD
707 ----------------------------------------------------------------------
708 root 7765 7742 0 13:47 ? 00:00:00 httpd -DFOREGROUND
709 daemon 7897 7765 0 13:47 ? 00:00:00 httpd -DFOREGROUND
710 daemon 7898 7765 0 13:47 ? 00:00:00 httpd -DFOREGROUND
711 daemon 7899 7765 0 13:47 ? 00:00:00 httpd -DFOREGROUND
712
713 ===============================================
714 DOCKER COMPOSE - Build a Compose File
715 ===============================================
716
717
718 ===============================================
719 DOCKER COMPOSE - Adding Image Building
720 ===============================================
721 Using Compose to Build:
722 - Compose can also BUILD your custom images RUNTIME.
723 - Will build them with 'docker-compose up' if not found in cache
724 - Also rebuild with 'docker-compose build'
725 - Great for complex builds that have a lot of vars or build args.
726
727 $ docker-compose down --rmi <type> : Remove images. Type must be one of:
728 a. 'all': Remova all images used by any
service.
729 b. 'local': Remove only images that don't
have a custom tag set by the 'image field'.
730
731 E.g.
732 $ docker-compose down --rmi local
733 Stopping compose-sample-3_web_1 ... done
734 Stopping compose-sample-3_proxy_1 ... done
735 Removing compose-sample-3_web_1 ... done
736 Removing compose-sample-3_proxy_1 ... done
737 Removing network compose-sample-3_default
738 Removing image compose-sample-3_proxy
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758