Docker is a wonderful platform that solves a major problem encountered by developpers: missing or incorrect application dependencies from one OS to another. This project allows us to understand how Docker works and what are the main functionalities it offers to solve this major problem.
-
set up a small infrastructure composed of different services under specific rules. The whole project has to be done in a virtual machine. You have to use docker compose.
-
Each Docker image must have the same name as its corresponding service.
-
Each service has to run in a dedicated container. For performance matters, the containers must be built either from the penultimate stable version of Alpine or Debian. The choice is yours.
-
Write your own Dockerfiles, one per service. The Dockerfiles must be called in your docker-compose.yml by your Makefile. It means you have to build yourself the Docker images of your project. It is then forbidden to pull ready-made Docker images, as well as using services such as DockerHub (Alpine/Debian being excluded from this rule). You then have to set up: • A Docker container that contains NGINX with TLSv1.2 or TLSv1.3 only. • A Docker container that contains WordPress + php-fpm (it must be installed and configured) only without nginx. • A Docker container that contains MariaDB only without nginx. • A volume that contains your WordPress database. • A second volume that contains your WordPress website files. • A docker-network that establishes the connection between your containers. Your containers have to restart in case of a crash.
- Undestanding Docker environement
- Many error msges due to configuration file :
- Understanding difference between Dockerfile and Docker-Compose
- Understanding while writing a Docker-compose, the difference between Expose and Ports
- What is TCP ? TLS ? SSL ?
- How to get our specific name and tag for an image ( while building, nginx:for_inception) 7.What is www-data user in nginx?
- What is front-tier Network ?
- Why launching Nginx in the foreground and not background ? What's the purpose ?
- PID 1 zombie reaping problem.
Errors encountered for mariaDB
- "“Error response from daemon: Container $$$$ is restarting, wait until the container is running.”
Solution : /* docker logs --details CONTAINER_ID */ made me understand, that the pb came from INNODB: unknown/unstarted service. INNODB is a storage engine for Mysql and Mariadb. This made me, obviously, think about "Volumes". Effectively, i checked my file supposed to host my data from mariadb and it was suppressed so i recreated. Everything worked fine then.
-
Feels like the script written to do configs in mariaDB isn't read so passwords, users and dbs are not created.
Solution :
- Launched the mariaDB terminal
- checked if the script was created in the directory i configured and launched it Error encountered : " mysqld: Got error 'Could not get an exclusive lock; file is probably in use by another process' when trying to use aria control file '/var/lib/mysql/aria_log_control' "
1. DEFINITIONS
2. [DOCKER COMMANDS](https://github.com/elkamina/42_Inception/blob/main/README.md#docker commands)
Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production. Docker provides the ability to package and run an application in a loosely isolated environment called a container.
What is docker in general What is docker network Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.
| Command | Purpose |
|---|---|
| docker build | For building images |
| docker run | For running a container from an image |
| docker pull | For pulling a Docker image from the Docker repository |
| docker push | For updating an image in Docker repo |
| docker ps | Listing all active containers (PS : referring to Processes) |
| docker container ls -a | Listing all active and non active containers |
| docker rmi -f IMAGE_ID | Forcing the delete of a certain image |
| docker rm -f CONTAINER_ID | Forcing the delete of a certain container |
| docker images | Listing all images |
| docker compose up | Launching docker-compose.yml |
| docker stop CONTAINER_ID | Stoping a container |
| docker start CONTAINER_ID | Restarting a container |
| docker image -prune | Removing all unused images |
| docker exec -it nginx sh | Launching a shell from a container |
| docker volume ls | lists all the volumes created by the container |
| docker attach [Options] CONTAINER_ID | Give the opportunity to attach a container to a terminal and follow its steps |
| docker network ls | All networks created and existing in Docker |
| docker exec CONTAINER_NAME ps -eaf | print out the processes running |
| docker system prune | Remove all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes. |
| **docker logs ** | print out the processes running |
Some cool new command line learnt :
-
ps -ef | grep -i nginx => to know which user is used by the server nginx
-
apk list : to launch inside the container terminal to list all the packages installed
1a. Load Balancing
2a. Reverse proxy
3a. CGI script : CGI stands for Common Gateway Interface and provides an interface between the HTTP server and programs generating web content. These programs are better known as CGI scripts. They are written in a scripting language.
4a. /!\ docker stop command sends a SIGTERM to the init process and then SIGKILL
Daemon : is a program that runs continuously as a background process and wakes up to handle periodic service requests, which often come from remote processes. The daemon program is alerted to the request by the operating system (OS), and it either responds to the request itself or forwards the request to another program or process as appropriate.
mysqld : is the mysql server.
data directory : contains databases and tables. It is also the default location for other information such as log files and status files.
InnoDB : is a storage engine for MySql and Mariadb. It stores the data on a disk or keeps it in the main memory for quick access.
Bridge networks : a bridge network is a Link Layer device which forwards traffic between network segments. A bridge can be a hardware device or a software device running within a host machine’s kernel. In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network. The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other.Bridge networks apply to containers running on the same Docker daemon host. TO MAKE COMMUNICATIONS BETWEEN CONTAINERS not belongign to the same network, we use OVERLAY network /!\ When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified. You can also create user-defined custom bridge networks. User-defined bridge networks are superior to the default bridge network.
**Reaping a process ** Process of eliminating zombie processes. /!\ Using has caveats : it blocks parent process if the child hasn`t terminated
- What is the difference between Docker run and Docker exec ?
Answer : In short, docker run is the command you use to create a new container from an image, whilst docker exec lets you run commands on an already running container
- What is the use of "--no-cache" in Dockerfiles (someetimes replaced by rm /var/cache/apk/*.) ?
Answer : Briefly, to have the packages available during boot, apk can keep a cache of installed packages on a local disk. Added packages can then be automatically (re-)installed from local media into RAM when booting, without requiring, and even before there is a network connection. The APKINDEX file is a text file containing records for each package in the repository in a text-based format. Each record is separated by a newline. So, the option "--no-cache" allow us to not cache the index locally, which is useful for keeping containers small.
- Why do we need volumes ?
Answer : The data living through a container doesn't have durability. So, we need volumes to store data in a perennial way.
- Difference between ENTRYPOINT and CMD ?
Answer : CMD : Sets default parameters that can be overridden from the Docker Command Line Interface (CLI) when a container is running ENTRYPOINT : Default parameters that cannot be overridden when Docker Containers run with CLI parameters.
- What is PID=1 in containers (look to sysvinit) ?
Answer Usually, PID 1 is the init/systemd process. But what is systemd process and init ? It's a system designed for Linux Kernel and is the first process with PID = 1, which gets executed in user space during the Linux start-up process. Sysvinit : is the first process started by the kernel when you boot up any Linux or Unix computer. This means that all the other processes are their child in one way or the other. Systemd replaced Sysvinit which became a bit obsolete for modern day-computer.
- What is the difference between EXPOSE and PORTS in DOCKERFILE ?
The expose section allows us to expose specific ports from our container only to other services on the same network. We can do this simply by specifying the container ports.
The ports section also exposes specified ports from containers. Unlike the previous section, ports are open not only for other services on the same network, but also to the host. The configuration is a bit more complex, where we can configure the exposed port, local binding address, and restricted protocol.