Comments

Latest Posts

Docker Usage Introduction (Tips and Tricks)

This post summarizes some common docker commands, operations, and tasks.
  • Docker Installation
  • Common docker commands
  • Backup image and load the backup
  • Export  Container / Import to Image 
  • Create Own Image Using Your Container
  • Publish Your Own Docker Image to Docker Hub
  • Run Scheduled Task in Docker
  • Clean Docker Volumes and Images
  • Write Inputs into a File
  • Docker Networking
  • Troubleshooting
Some related posts:

Docker Installation

[email protected]:/# curl -sSL https://get.docker.com/ | sh 
systemctl start docker 
systemctl enable docker


#Ubuntu 20.04
sudo apt install docker.io

Install Docker
#CentOS 6
rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 
yum update -y 
yum -y install docker-io 
service docker start chkconfig docker on 

#CentOS 7, Debian, Ubuntu 
curl -sSL https://get.docker.com/ | sh 
systemctl start docker 
systemctl enable docker
 
Or , references of my posts:


Install Docker Compose
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

note: Check the latest version of docker-compose from https://docs.docker.com/compose/release-notes/




#Ubuntu 20.04
sudo apt install docker-compose

Or you can play docker at  Play with Docker online.

Common Docker Commands

  • docker –version
  • docker pull <image name>
  • docker run -it -d <image name>
  • docker ps
  • docker ps -a   //show all the running and exited containers
  • docker exec -it <container name> /bin/bash
  • docker stop
  • docker kill    //kills the container by stopping its execution immediately
  • docker commit    //creates a new image of an edited container on the local system
  • docker login     //login to the docker hub repository
  • docker push <username/image name>    //push an image to the docker hub repository
  • docker images    //lists all the locally stored docker images
  • docker rm <container id>
  • docker rmi <image-id>
  • docker build <path to docker file>     //build an image from a specified docker file
  • docker log <container-id>     // show logs about your container, for troubleshooting
[[email protected] compose]# docker logs --tail 50 --follow --timestamps compose_db_1
2020-03-17T15:24:42.758002000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied
2020-03-17T15:24:43.410251000Z chown: changing ownership of ‘/var/lib/postgresql/data’: Permission denied

Backup image and load the backup


[email protected]:~# docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
wordpress             latest              0d205d4886fe        2 weeks ago         540MB
nginx                 latest              ed21b7a8aee9        2 weeks ago         127MB
mysql                 5.7                 413be204e9c3        2 weeks ago         456MB
mariadb               latest              37f5f0a258bf        4 weeks ago         356MB
portainer/portainer   latest              2869fc110bf7        4 weeks ago         78.6MB
[email protected]:~# docker save -o /root/nginx.tar nginx
[email protected]:~# ls
nginx.tar  snap
[email protected]:~#


You can load this tar file into other machine's image list:
[email protected]:~# docker load -i /root/nginx.tar

Export  Container / Import to Image 

docker export / docker import and docker save / docker load serve different purposes.
docker export (and import) are commands to export/import a container's root filesystem; from the command's "help" output;
Export a container's filesystem as a tar archive
When running these commands, you'll only get an archive of the container's filesystem, but not the image's configuration (such as the CMDENTRYPOINT and ENV).
The docker save / docker load commands on the other hand, allow you to save/load an image, including their configuration. From the command description;Using those commands, you can transfer an image between docker hosts (without using a registry), and preserve the layers and image configuration.

[email protected]:~# docker container list
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                         NAMES
7f2118c12a0f        nginx:latest                 "nginx -g 'daemon of…"   7 days ago          Up 7 days           0.0.0.0:80->80/tcp, 443/tcp   Nginx1
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days           0.0.0.0:10000->80/tcp         51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days           3306/tcp, 33060/tcp           51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days           0.0.0.0:9000->9000/tcp        portainer
[email protected]:~# docker stop Nginx1
Nginx1
[email protected]:~# docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS                      PORTS                    NAMES
7f2118c12a0f        nginx:latest                 "nginx -g 'daemon of…"   7 days ago          Exited (0) 14 seconds ago                            Nginx1
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days                   0.0.0.0:10000->80/tcp    51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days                   3306/tcp, 33060/tcp      51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days                   0.0.0.0:9000->9000/tcp   portainer
[email protected]:~# docker export Nginx1 > /root/Container-Nginx1.tar
[email protected]:~# docker rm Nginx1
Nginx1
[email protected]:~# docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                    NAMES
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days           0.0.0.0:10000->80/tcp    51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days           3306/tcp, 33060/tcp      51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days           0.0.0.0:9000->9000/tcp   portainer
[email protected]:~# docker import /root/Container-Nginx1.tar Nginx1
invalid reference format: repository name must be lowercase
[email protected]:~# docker import /root/Container-Nginx1.tar nginx1
sha256:df44fea67db399580e7cbdd5d09bd882c91bfe96d43c4b0c0f639aa7f74c9e20
[email protected]:~# docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                    NAMES
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days           0.0.0.0:10000->80/tcp    51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days           3306/tcp, 33060/tcp      51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days           0.0.0.0:9000->9000/tcp   portainer

[email protected]:~# docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
nginx1                latest              df44fea67db3        7 minutes ago       143MB
wordpress             latest              0d205d4886fe        2 weeks ago         540MB
nginx                 latest              ed21b7a8aee9        2 weeks ago         127MB
mysql                 5.7                 413be204e9c3        2 weeks ago         456MB
mariadb               latest              37f5f0a258bf        4 weeks ago         356MB
portainer/portainer   latest              2869fc110bf7        4 weeks ago         78.6MB

[email protected]:~# docker run -d --name Nginx1 --restart=always -p 80:80 nginx1
docker: Error response from daemon: No command specified.
See 'docker run --help'.

Create Own Image Using Your Container


[email protected]:~# docker container ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                    NAMES
0457b6159da9        nginx:latest                 "nginx -g 'daemon of…"   16 minutes ago      Up 5 minutes        0.0.0.0:80->80/tcp       nginx1
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days           0.0.0.0:10000->80/tcp    51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days           3306/tcp, 33060/tcp      51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days           0.0.0.0:9000->9000/tcp   portainer
[email protected]:~# docker commit nginx1 nginx1netsec
sha256:0cf3a7c347f9bca870bd97b9e40bfc11e959e8220e4529d49e4f452cd5de8e68
[email protected]:~# docker image list
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
nginx1netsec          latest              0cf3a7c347f9        6 seconds ago       145MB
nginx                 latest              e791337790a6        3 days ago          127MB
wordpress             latest              0d205d4886fe        2 weeks ago         540MB
nginx                 <none>              ed21b7a8aee9        2 weeks ago         127MB
mysql                 5.7                 413be204e9c3        2 weeks ago         456MB
mariadb               latest              37f5f0a258bf        4 weeks ago         356MB
portainer/portainer   latest              2869fc110bf7        4 weeks ago         78.6MB
[email protected]:~# docker stop nginx1
nginx1

[email protected]:~# docker run --name nginx2 --restart=always -p 80:80 -d nginx1netsec
5fbe841d1f407db372ef8a69fe5295900b3b5b8eeea7d6d7be45f7eed247a19c
[email protected]:~#
[email protected]:~# docker container ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                    NAMES
5fbe841d1f40        nginx1netsec                 "nginx -g 'daemon of…"   2 minutes ago       Up 2 minutes        0.0.0.0:80->80/tcp       nginx2
58984786a347        wordpress:latest             "docker-entrypoint.s…"   7 days ago          Up 7 days           0.0.0.0:10000->80/tcp    51sec_wordpress_1
986469bf37d1        mysql:5.7                    "docker-entrypoint.s…"   7 days ago          Up 7 days           3306/tcp, 33060/tcp      51sec_db_1
e1965b3d6e1f        portainer/portainer:latest   "/portainer"             7 days ago          Up 7 days           0.0.0.0:9000->9000/tcp   portainer
[email protected]:~#



In this way, even portainer will be still able to manage this new container.


Publish Your Own Docker Image to Docker Hub



[email protected]:~# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: johnyan2
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[email protected]:~# docker tag nginx1netsec johnyan2/nginx1netsec:latest
[email protected]:~# docker push johnyan2/nginx1netsec:latest
The push refers to repository [docker.io/johnyan2/nginx1netsec]
a0ad3b8aa236: Pushed
be91fceb796e: Pushed
919b6770519b: Pushed
b60e5c3bcef2: Pushed
latest: digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28 size: 1160





Pull and run your own Docker:

$ docker pull johnyan2/nginx1netsec
Using default tag: latest
latest: Pulling from johnyan2/nginx1netsec
123275d6e508: Already exists 
6cd6a943ce27: Already exists 
a50b5ac4a7fb: Already exists 
75facb91406e: Pull complete 
Digest: sha256:2ccc1aeb4d69052c9afb6f36a5881bc6b4faf43bc86e33d6922f33382b5bbc28
Status: Downloaded newer image for johnyan2/nginx1netsec:latest
docker.io/johnyan2/nginx1netsec:latest
[node1] (local) [email protected] ~
$ docker image list
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
johnyan2/nginx1netsec   latest              0cf3a7c347f9        11 hours ago        145MB
nginx                   latest              e791337790a6        4 days ago          127MB
[node1] (local) [email protected] ~
$ docker run  -p 80:80 --name Nginx1 -d johnyan2/nginx1netsec
a4e00ef3a26aede705f6519d34baeab2045b31153a4ad2b1a75bb1ec928d27f5
[node1] (local) [email protected] ~
$ netstat -lantp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:35667        0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      36/sshd
tcp        0      0 :::22                   :::*                    LISTEN      36/sshd
tcp        0      0 :::2375                 :::*                    LISTEN      20/dockerd
tcp        0      0 :::80                   :::*                    LISTEN      2283/docker-proxy
tcp        0      0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39999 ESTABLISHED 20/dockerd
tcp        0      0 ::ffff:172.18.0.24:2375 ::ffff:172.18.0.1:39823 ESTABLISHED 20/dockerd
[node1] (local) [email protected] ~



Run Scheduled Task in Docker


For example , use Certbo command to renew HTTPS/SSL certificate in Docker:
Run it from host( certbotdocker is container 's name):
Put it into crontab -e :



Clean Docker Images and Volumes

1  Delete All Images and Vulumes (even it is running)
Save follow code to docker-cleanup.sh:
#!/bin/bash
docker kill $(docker ps -aq)
docker rm $(docker ps -aq)
docker rmi $(docker images -q)
docker volume rm $(docker volume ls -q)
Run .sh file:
bash docker-cleanup.sh


2  Only Delete non-running volumes and images
#!/bin/bash
docker rm $(docker ps -aq)
docker rmi $(docker images -q)
docker volume rm $(docker volume ls -q)
You will get an error message for those running dockers, but will not be deleted.


Write Inputs into a File

Using cat command to directly write keyboard inputs into a file. 
[email protected]:/etc/nginx/conf.d# cat > portainer.conf <<EOF
> server {
>     listen       80;
>     server_name  awsportainer.51sec.org;
> 
> location / {
>     proxy_pass       http://aws.51sec.org:9000;
>     proxy_redirect             off;
>     proxy_http_version         1.1;
>     proxy_set_header Upgrade   $http_upgrade;
>     proxy_set_header Connection "upgrade";
>     proxy_set_header Host      $host;
>     proxy_set_header X-Real-IP $remote_addr;
>     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>     }
> }
> EOF

In this way, you will not need to install nano or vi into your docker. 

Note: $ will be omitted from the file. If you will need to enter $, you might still need install nano or vi. 



Docker Networking




1)Create a new network

  1.  docker network create <network-name>

2)Connect container into network

  1. docker run --net=<network-name> ...

or join existing docker into network

  1. docker network connect <network-name> <container-name>

 

3)ping docker with its name

  1. docker exec -ti <container-name-A> ping <container-name-B>

Ps:需要注意的是,如果容器没有指定名称(--name),那么就只能用id。
 
64 bytes from c1 (172.18.0.4): icmp_seq=1 ttl=64 time=0.137 ms
64 bytes from c1 (172.18.0.4): icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from c1 (172.18.0.4): icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from c1 (172.18.0.4): icmp_seq=4 ttl=64 time=0.074 ms
请参阅文档的此部分;

此功能当前不支持别名

4)Disconnect from default bridge network

由于容器仍然连接着默认bridge docker0,而现在我们已经不需要它,所以应该将容器与docker0的连接断开,执行以下操作:

  1. # 断开容器与docker0的连接
  2. docker network disconnect bridge name1
  3. docker network disconnect bridge name2

docker network Doc:https://docs.docker.com/network/


[[email protected] ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d2daf16b85d2        bridge              bridge              local
ced0ba273013        host                host                local
5bbc16718b13        none                null                local
[[email protected] ~]# docker network create mynetwork
118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93
[[email protected] ~]# docker network connect mynetwork nginx
[[email protected] ~]# docker network connect mynetwork portainer
[[email protected] ~]# docker network inspect mynetwork
[
    {
        "Name": "mynetwork",
        "Id": "118b26e6cb77e441be35f823379d8a56b59f28a4d3b5fe680088fae324a10f93",
        "Created": "2021-04-20T16:04:26.972255453Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "2533d99553373027929bdddd7db0de20b8d1bce8fdfc3dca07be28996960b1b8": {
                "Name": "nginx",
                "EndpointID": "13caa8d46093ecd672827998c9a0637f95136b900f846327db50edffb312d20b",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "312eec9453fbf1856dfafe3320fcc7518d15fd2a678e4f60711c1ec2dd9bdb4c": {
                "Name": "portainer",
                "EndpointID": "e115dcf5fc70366ff1e10951fd36879be76979ed78c51f15fb9d25765218eaac",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]


You might need to install ping utility first using comand
apt update & apt install iputils-ping

[[email protected] ~]# docker exec -it nginx ping portainer
PING portainer (172.18.0.3) 56(84) bytes of data.
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from portainer.mynetwork (172.18.0.3): icmp_seq=3 ttl=64 time=0.050 ms
^C
--- portainer ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.050/0.071/0.083/0.018 ms
[[email protected] ~]# docker network disconnect bridge nginx
[[email protected] ~]# docker network disconnect bridge portainer
[[email protected] ~]#



Troubleshooting


[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
docker: Error response from daemon: path /var/data is mounted on / but it is not a shared mount.

[node1] (local) [email protected] ~
$ mount --make-shared /
[node1] (local) [email protected] ~
$ ./minkebox.sh 172.18.0.22 /var/data
minke
[node1] (local) [email protected] ~

https://labs.play-with-docker.com/

$ apk add virt-what


References





No comments