Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Introduction to Docker
Transcript of Introduction to Docker
MD. Al-Amin Talukdar
RHCVA*, RHCSA:RH Openstack*
Outline of the Workshop
What is docker?
Containers vs Virtual Machines
How docker works
Docker Platform Overview & Terminology
Docker Engine Docker Hub
Getting started with Images
Managing Images & Containers
Distributing Images on Docker Hub
Basic Container Networking
Docker in continuous integration
Overview of Security Practices
Intro to Docker Swam
Intro to Docker Compose
Building micro service application with Docker
What is Docker ?
Docker is a platform for developing, shipping & running application using container based virtualization technology.
Docker platform consist of multiple product & tools
Background of Docker
One application on one physical server
In the dark age.........
Problems of one application on one server
Slow deployment time
Difficult to Scale
Difficult to migrate
Vendor lock in
Hypervisor Based Virtualization
One physical server can contain multiple applications.
Each application runs in a Virtual Machine(VM).
3 sessions (one hour each, including exercise time.)
Introduction to Docker
No Docker experience required.
Familiar with Linux Command Line.
Liunx Machine (Preferably Ubuntu)
Build, Ship, Run
Introduction to Docker
Overview of the Workshop
First session covers the foundations of the Docker platform, including an overview of the platform components, images, containers and repositories.
Second session provides hands-on instruction for getting started using Docker. This includes how to create Dockerfiles, build, manage and distribute Docker images and configure Containers. An example of Docker in Continuous Integration is also included.
Third covers topics to help you operate a Dockerized application environment. From understanding Docker Orchestration with Machine, Swarm and Compose, to security best practices and troubleshooting Docker containers. Private repository and registry concepts are also explained in this course.
Benefits of using VM
Better resource pooling
-One physical machine divided into multiple machine.
Easier to scale.
VM's in the cloud
-Pay as you go model.
Limitations of VM
-Each VM still requires
An entire guest operating system
-The more VM you run, the more resources you need.
-Guest OS means wasted resources.
-Application portability not guaranteed.
Container Based Virtualization
Container Based Virtualization uses the kernel on the host's operating system to run multiple guest operating system.
Each guest operating system is called container.
Each container has it's own
- Root file system
- Network Ports
Containers vs VM's
Containers are more lightweight.
No need to install guest OS.
Less CPU, RAM, Storage needed.
More containers per machine than VM.
Docker Engine is the program that enables containers to build shipped & run.
Docker Engine uses Linux Kernel namespace & control group.
Namespace gives us the isolated workspace.
How Docker works?
Dockerfile Docker Image Docker Engine Container
A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.
Dockerfile is used for automation of work by specifying all step that we want on docker image.
Images are read only containers used to create containers.
Built by you or other Docker Users.
Stored in docker hub or your local repository
Isolated application platfrom.
Contains everything you need to run your application.
Based on one or more images.
Hello from Docker
Install docker with command
wget -qO- https://get.docker.com/ | sh
Run the hello world container to test your installation
sudo docker run hello world
Add user account to docker group
sudo usermod -aG docker <username>
Verify you can run hello-world application without using sudo
docker run hello world
*Installation instruction are available at
Installing Docker & Running Hello World
Docker Demon & Client
Client / Server architecture of Docker
Client takes the user inputs & send them to demon.
Demon builds runs & distributes containers.
Client or demon on same host or different.
CLI client & GUI (kitematic)
Checking Client & Demon Version
Registry & Repository
Where we store our image is known as registry
You can use your own registry or docker's public registry. Known as Docker Hub
Docker hub is the public registry that contains large amount of images available for your use.
Official Repositories are available at https://hub.docker.com/explore/
*Orchestration is about the automated arrangement, coordination & management of complex management systems, middleware and services.
Three tools for orchestrating distributed applications with docker
-Tool that provides Docker Hosts and install the Docker Engine on them.
-Tool that clusters many Engines and schedules containers.
-Tool to create and manage multi-container application.
Benefits of using Docker
- Separation of Concerns
Developers focus on building there apps
System admin focus on deployment
- Fast deployment cycle
- Application portability
Build in one environment, Ship anywhere.
Easy sign up new containers if needed.
- Run more apps on host machine
Intro to Images
1. Go to https://hub.docker.com/ and sign up for an account.
2. Find your conformation email and active your account.
3. Explore images from docker hub.
4. Understanding official Images, Tags
5. Search images on docker hub.
Display Local Images
To display local images simply run the command
# docker images
When creating a container, Docker will attempt to use local images. If not found docker demon will look into Docker Hub.
Run a simple container
On your terminal
#docker run ubuntu:14.04 echo "hello world"
Observe the output
#docker run ubuntu:14.04 ps ax
Observe the output
Terminal access in Container
Create a container using Ubuntu 14.04
docker run -i -t ubuntu:14.04 /bin/bash
The -i flug talks to docker to connect STDIN on the container
The -t flug specifies to get a pseudo-terminal
Get your PC ready for workshop
Install Ubuntu 15.04 on your favorite Virtual Machine
A container runs as long as the process runs in the container.
Your command's process is always PID 1 inside the container
Containers can be specified by their ID or Name
Long ID and short ID
Short ID name can be obtained using command
Long ID name can be specified by inspecting the container
Run docker in Detached Mode
Uses to run container in backgroun
Use -d flag
docker logs [container ID]
Run a web application inside a container
#docker run -d -P tomcat:7
-P flug maps container's port to host's port
Images are comprised of multiple layers.
A layer is also known as another image.
Every image contains a base layer.
Docker uses a copy on write system.
layers are read only.
Docker creates a top image for writable layer.
Parent images are read only.
All changes are made at the writable layer.
Docker commit saves changes in container, as a new image.
#docker commit [options] [container ID] [repository:tag]
Repository name should be based on username/application
Can reference the container with container name instead of ID
Intro to Dockerfile
A dockerfile is a configuration file that contains instructions for building an Image.
Provides more effective way to build images compared using docker commit.
Easily fits into continuous integration and deployment process.
Instruction specifies what to do when building image.
FROM instruction specifies what the base image is.
RUN instruction specifies a command to execute.
Each RUN instruction will execute the command on the top writable layer and perform a commit of the image.
To avoid that, you can aggregate multiple RUN instructions by using "&&"
#docker build [option] [path]
Common option to tag build
#docker build -t [repository:tag] [path]
CMD defines a default command to execute when a container is created.
CMD performs no action during the image build.
SHELL format & EXEC format
Can only be specified once in a dockerfile
Can be overwrite at run time
Defines the command that will run when a container is executed.
Run time arguments and CMD instruction passed as parameters to the ENTRYPOINT instruction
SHELL & EXEC from
EXEC form preferred as SHELL form can not accept arguments at runtime.
Container essentially runs a executable.
Managing Images & Containers
Start & Stop Containers
First find the container with command
and note the ID
docker start & docker stop
You can only delete container if the container is is not running.
Use the command
Specify container ID/Name
Docker Hub Repository
User can create their own repositories on docker hub.
Public & Private
Push local images to repository.
Pushing images to Docker Hub
Login with the command
Syntax: docker push [repo:tag]
Tagging is used to rename the repository before pushing to docker hub
docker tag [image ID] [repo:tag]
docker tag [LocalRepo:tag] [DockerHubRepo:tag]
A volume is a designated directory in container, which is designed to persist data, Independent of container's life cycle.
Volume changes are excluded when updating an image.
Presist when a container is deleted.
Can be mapped to host folder.
Can be shared between containers.
Mount a Volume
Volumes are mounted when creating or executing a container
Can be mapped to host directory.
Volume path must be specified absolutely.
Mount a Volume
Volumes are mounted when creating or executing a container.
Can be mounted to a host directory.
Volume paths specified must be absolute.
Volumes in the Dockerfile
VOLUME instruction creates a mount point.
Can specify arguments JSON array or string.
Cannot map volumes to host directory.
Volumes are initialized when the container is executed.
Uses of Volumes
De-couple the data that is stored from the container which is created the data.
Good for searching data between containers
-Can setup a containers which has volume you mount in other containers.
Mounting folders from the host is good for testing purposes but generally not recommended for production use
Containers have their own Network & IP address.
Map exposed container ports to ports on the host machine.
Ports can be manually mapped or auto mapped.
" and "
" parameters in docker run.
Linking is a communication method between containers which allows them to securely transfer data from one to another.
Source & Recipient containers
Recipient containers have access to data on source containers
Links are established based on container named.
Creating a Link
Create the source container first.
Create the recipient container and use --link option
Give meaningful named to your containers*
Uses of Linking
Containers can talk to each other without having to expose ports to host.
Essential for micro service application architecture.
-Container with Tomcat running
-Container with MySQL running
-Application on tomcat needs to connect to MySQL
Docker in Continuous Integration
Traditional Continuous Integration
Developer Repository CI Server App Server
Docker in Continuous Integration
Repository CI Server Docker Hub Host
Developer GitLab Jenkins Docker Registry Production
Container PID 1 Process output can be viewed with
Will show whatever PID 1 writes to stdout.
Container Application Logs
Typically apps have a well defined log location.
Map a host's folder to application's application log in the container
In this way you can view container application log from your host folder
Inspecting a Container
command displays all the details about container.
Output details in JSON array.
You can use grep to specific information.
Starting & Stopping Docker Demon
If you start docker as a service, use service command to start, stop & restart Docker demon.
-sudo service docker start
-sudo service docker stop
-sudo service docker restart
If not running as a service, run docker executable in demon mode to start the demon.
-sudo docker -d &
If not running as a service, send a SIGTERM to docker process to stop it.
to find the docker process.
-sudo kill $(pidof docker)
Docker Demon upstart configuration file
Located in /etc/default/docker
Use DOCKER_OPTS to control the startup option for the demon when running as a service.
Restart the service for changes to take effect
#sudo service docker restart
Docker Demon Logging
Start Docker Demon with --log-level parameter and specify the logging level.
Linux Container & Security
Docker helps make applications safer as it provides reduced set of default privileges & capabilities.
Namespace provides an isolated view of the system. Each container has it's own
- IP, Network Stack, Root File System
Processes running in one container can not see and effect processes in another container.
Control Group isolated resource usage per container.
- Ensures that a compromised container wouldn't bring down the entire host by exhausting resources.
Quick Security Consideration
Docker demon needs to run as root.
Ensure that, only trusted can control Docker Demon.
If binding the demon to a TCP socket, secure it with TLS
Use linux hardening solutions
Allows you to run your own registry insted of using Docker Hub
- Run registry server using container
- Docker Hub Enterprise
-Registry Version 1.0 for docker 1.5 and bellow
-Registry Version 2.0 for docker 1.6
Setting up a private registry
Run the registry server inside a container.
Push & Pull in Private registry
First tag the image with host IP or domain of registry server.
Then run #docker push