Dockerfiles

by Eugene Duboviy

Dockerfiles I use at home. These are all automated builds (with Docker hub usage).

Why I use Docker

"With Docker, developers can build any app in any language using any toolchain. “Dockerized” apps are completely portable and can run anywhere - colleagues’ OS X and Windows laptops, QA servers running Ubuntu in the cloud, and production data center VMs running Red Hat.

Developers can get going quickly by starting with one of the 13,000+ apps available on Docker Hub. Docker manages and tracks changes and dependencies, making it easier for sysadmins to understand how the apps that developers build work. And with Docker Hub, developers can automate their build pipeline and share artifacts with collaborators through public or private repositories.

Docker helps developers build and ship higher-quality applications, faster." -- What is Docker

Prerequisites

Linux

The 3.10.x kernel is the minimum requirement for Docker.

MacOS

10.8 “Mountain Lion” or newer is required.

Installation

Linux

Quick and easy install script provided by Docker:

curl -sSL https://get.docker.com/ | sh

If you're not willing to run a random shell script, please see the installation instructions for your distribution.

If you are a complete Docker newbie, you should follow the series of tutorials now.

Mac OS X

Download and install Docker Toolbox. Docker For Mac is nice, but it's not quite as finished as the VirtualBox install. See the comparison. Once you've installed Docker Toolbox, install a VM with Docker Machine using the VirtualBox provider:

docker-machine create --driver=virtualbox default
docker-machine ls
eval "$(docker-machine env default)"

Then start up a container:

docker run hello-world

That's it, you have a running Docker container. If you are a complete Docker newbie, you should probably follow the series of tutorials now.

Build image :

To build an image with docker using the Dockerfile:

docker build -t <yourname/imagename> .

Note: Run in directory with Dockerfile. The output after executing this command will be the ID of the new docker image. The -t [name] flag here is used to tag the image. To learn more about what else you can do during build, run docker build --help.

Run container from image :

Using the image we have build, we can now proceed to the final step: creating a container running out app instance inside, using a name of our choice (if desired with --name [name]).

docker run -i -t  --name <yourname/containername>  <yourname/imagename>

Note: If a name is not set, we will need to deal with complex, alphanumeric IDs which can be obtained by listing all the containers using docker ps -l To detach yourself from the container, use the escape sequence CTRL+P followed by CTRL+Q. To expose container ports use arguments: -p 8080:8080 To run container in the background:

docker run -d -t <yourname/imagename>

To remove all images and containers:

You use Docker, but working with it created lots of images and containers. You want to remove all of them to save disk space.

Warning: This will destroy all your images and containers. It will not be possible to restore them!

Execute those commands in a shell:

Delete all containers:

docker rm $(docker ps -a -q)

Delete all images:

docker rmi $(docker images -q)

More extended explanation/documentation & usage exaples

Containers

Your basic isolated Docker process. Containers are to Virtual Machines as threads are to processes. Or you can think of them as chroots on steroids.

Lifecycle

• docker create creates a container but does not start it.
• docker rename allows the container to be renamed.
• docker run creates and starts a container in one operation.
• docker rm deletes a container.
• docker update updates a container's resource limits.

If you want a transient container, docker run --rm will remove the container after it stops.

If you want to map a directory on the host to a docker container, docker run -v $HOSTDIR:$DOCKERDIR. Also see Volumes.

If you want to remove also the volumes associated with the container, the deletion of the container must include the -v switch like in docker rm -v.

There's also a logging driver available for individual containers in docker 1.10. To run docker with a custom log driver (i.e., to syslog), use docker run --log-driver=syslog.

Starting and Stopping

• docker start starts a container so it is running.
• docker stop stops a running container.
• docker restart stops and starts a container.
• docker pause pauses a running container, "freezing" it in place.
• docker unpause will unpause a running container.
• docker wait blocks until running container stops.
• docker kill sends a SIGKILL to a running container.
• docker attach will connect to a running container.

If you want to integrate a container with a host process manager, start the daemon with -r=false then use docker start -a.

If you want to expose container ports through the host, see the exposing ports section.

Restart policies on crashed docker instances are [covered here](http://container42.com/2014/09/30/docker-restart-pol

Info

• docker ps shows running containers.
• docker logs gets logs from container. (You can use a custom log driver, but logs is only available for json-file and journald in 1.10).
• docker inspect looks at all the info on a container (including IP address).
• docker events gets events from container.
• docker port shows public facing port of container.
• docker top shows running processes in container.
• docker stats shows containers' resource usage statistics.
• docker diff shows changed files in the container's FS.

docker ps -a shows running and stopped containers.

docker stats --all shows a running list of containers.

Import / Export

• docker cp copies files or folders between a container and the local filesystem.
• docker export turns container filesystem into tarball archive stream to STDOUT.

Executing Commands

• docker exec to execute a command in container.

To enter a running container, attach a new shell process to a running container called foo, use: docker exec -it foo /bin/bash.

Images

Images are just templates for docker containers.

Lifecycle

• docker images shows all images.
• docker import creates an image from a tarball.
• docker build creates image from Dockerfile.
• docker commit creates image from a container, pausing it temporarily if it is running.
• docker rmi removes an image.
• docker load loads an image from a tar archive as STDIN, including images and tags (as of 0.7).
• docker save saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7).

Info

• docker history shows history of image.
• docker tag tags an image to a name (local or registry).

Cleaning up

While you can use the docker rmi command to remove specific images, there's a tool called docker-gc that will clean up images that are no longer used by any containers in a safe manner.

Load/Save image

Load an image from file:

docker load < my_image.tar.gz

Save an existing image:

docker save my_image:my_tag > my_image.tar.gz

Import/Export container

Import a container as an image from file:

cat my_container.tar.gz | docker import - my_image:my_tag

Export an existing container:

docker export my_container > my_container.tar.gz

Difference between loading a saved image and importing an exported container as an image ?

Loading an image using the load command creates a new image including its history.
Importing a container as an image using the import command creates a new image excluding the history which results in a smaller image size compared to loading an image.

Registry & Repository

A repository is a hosted collection of tagged images that together create the file system for a container.

A registry is a host -- a server that stores repositories and provides an HTTP API for managing the uploading and downloading of repositories.

Docker.com hosts its own index to a central registry which contains a large number of repositories. Having said that, the central docker registry does not do a good job of verifying images and should be avoided if you're worried about security.

• docker login to login to a registry.
• docker logout to logout from a registry.
• docker search searches registry for image.
• docker pull pulls an image from registry to local machine.
• docker push pushes an image to the registry from local machine.

Run local registry

You can run a local registry by using the docker distribution project and looking at the local deploy instructions.

Also see the mailing list.

Dockerfile

The configuration file. Sets up a Docker container when you run docker build on it. Vastly preferable to docker commit.

Here are some common text editors and their syntax highlighting modules you could use to create Dockerfiles:

• If you use jEdit, I've put up a syntax highlighting module for Dockerfile you can use.
• Sublime Text 2
• Atom
• Vim
• Emacs
• TextMate
• For a most comprehensive list of editors and IDEs, check [Docker meets the IDE] (https://domeide.github.io/)

Instructions

• .dockerignore
• FROM Sets the Base Image for subsequent instructions.
• MAINTAINER Set the Author field of the generated images..
• RUN execute any commands in a new layer on top of the current image and commit the results.
• CMD provide defaults for an executing container.
• EXPOSE informs Docker that the container listens on the specified network ports at runtime. NOTE: does not actually make ports accessible.
• ENV sets environment variable.
• ADD copies new files, directories or remote file to container. Invalidates caches. Avoid ADD and use COPY instead.
• COPY copies new files or directories to container.
• ENTRYPOINT configures a container that will run as an executable.
• VOLUME creates a mount point for externally mounted volumes or other containers.
• USER sets the user name for following RUN / CMD / ENTRYPOINT commands.
• WORKDIR sets the working directory.
• ARG defines a build-time variable.
• ONBUILD adds a trigger instruction when the image is used as the base for another build.
• STOPSIGNAL sets the system call signal that will be sent to the container to exit.
• LABEL apply key/value metadata to your images, containers, or daemons.

Best Practices

This is where general Docker best practices and war stories go:

• The Rabbit Hole of Using Docker in Automated Tests
• Bridget Kromhout has a useful blog post on running Docker in production at Dramafever.
• There's also a best practices blog post from Lyst.
• A Docker Dev Environment in 24 Hours!
• Building a Development Environment With Docker
• Discourse in a Docker Container

Tips

Sources:

• 15 Docker Tips in 5 minutes

Get IP address

docker inspect $(dl) | grep IPAddress | cut -d '"' -f 4

or install jq:

docker inspect $(dl) | jq -r '.[0].NetworkSettings.IPAddress'

or using a go template:

docker inspect -f '{{ .NetworkSettings.IPAddress }}' <container_name>

Get port mapping

docker inspect -f '{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' <containername>

Find containers by regular expression

for i in $(docker ps -a | grep "REGEXP_PATTERN" | cut -f1 -d" "); do echo $i; done

Get Environment Settings

docker run --rm ubuntu env

Kill running containers

docker kill $(docker ps -q)

Delete old containers

docker ps -a | grep 'weeks ago' | awk '{print $1}' | xargs docker rm

Delete stopped containers

docker rm -v $(docker ps -a -q -f status=exited)

Delete dangling images

docker rmi $(docker images -q -f dangling=true)

Delete all images

docker rmi $(docker images -q)

Show image dependencies

docker images -viz | dot -Tpng -o docker.png

Monitor system resource utilization for running containers

To check the CPU, memory, and network I/O usage of a single container, you can use:

docker stats <container>

For all containers listed by id:

docker stats $(docker ps -q)

For all containers listed by name:

docker stats $(docker ps --format '{{.Names}}')

For all containers listed by image:

docker ps -a -f ancestor=ubuntu

License

MIT licensed library. See LICENSE.txt for details.

Contributing

If you have suggestions for improving the Dockerfiles, please open an issue or pull request on GitHub.

Badges