# Redes de Computadores
### Computer Networks

# Lab class #0
## Docker containers


## Summary

+ Virtualization
+ Docker
+ Exercises

## Virtualization

In short, [hardware virtualization](https://en.wikipedia.org/wiki/Hardware_virtualization) is a technique for creating virtual instances of a computing platform, using software to "simulate" the virtual hardware platform.


### Virtual machines 

A [virtual machine](https://en.wikipedia.org/wiki/Virtual_machine) is a form of virtualization that is intended to simulate a full hardware platform on a real machine - the host machine, on top of which a *guest* operating system is installed and operated. The *guest* operating system can then be used to execute **multiple applications** on behalf of the user.

The technique has applications in legacy systems, security and **distributed systems**.

### Containers

[Containers](https://en.wikipedia.org/wiki/OS-level_virtualization) is a restricted form of OS-level virtualtization that is mostly intended to virtualize (and isolate) the execution environment of **specific applications**. 

Containers do not execute full dedicated 
virtualized operating systems. Instead, the **host operating system** only provides a virtualized environment 
to the target application and its dependencies, thus, consuming fewer host resources.

Containers are a relatively lightweight and a simple way to package and deploy complex applications/services.

[Docker](https://www.docker.com/) and [Kubernetes](https://kubernetes.io/) are examples of container technologies.

## Docker 

[Docker](https://www.docker.com/) is a container technology that can be
used in personal computers with modest CPU and RAM requirements.

It is available for Windows, Linux and MacOS.

Usually, when we talk about **docker containers**, we mean Linux docker containers,
packaging Linux applications/services.

### Docker under the hood

In Linux, Docker executes containers **natively** using the isolation provided by the kernel, via [*namespaces*](https://en.wikipedia.org/wiki/Linux_namespaces). 

In MacOS, a docker installation consists of a (hidden) guest Linux virtual machine that hosts and executes the docker containers. The MacOS Docker application interfaces with a server executing in the guest virtual machine.

In Windows, docker containers also rely on the services of a Linux kernel. In recent Window versions, that kernel is tightly integrated to the Windows kernel via the [Windows Linux Subsystem](https://docs.microsoft.com/en-us/windows/wsl/). If the Docker [Windows Linux Subsystem](https://docs.docker.com/desktop/windows/wsl/) backend is not supported on the host machine, an alternative way is to use a virtual machine running a guest Linux installation, and install docker there.  

### Docker architecture 

Docker architecture comprises several components.

* **Docker registry**
    A (cloud-based) repository of *images*. An image contains the static environment (files and executables) needed to execute a container;
* **Docker client**
    User application for managing containers, eg., running and stopping containers;
* **Docker daemon**
    A server that executes in the host machine, listening for commands from the docker client.
    Does the actual operations on containers.

<img src="https://docs.docker.com/engine/images/architecture.svg" width="75%">

<p>diagram pulled from docs.docker.com</p>

### Docker installation

Install docker in your personal computer, using one of these guides:

* [Linux](https://docs.docker.com/engine/install/)
* [Windows](https://docs.docker.com/desktop/windows/wsl/)
* [MacOS](https://docs.docker.com/desktop/mac/install/)

Note: In Windows, it may be necessary to enable CPU virtualization at the BIOS
level. Some Windows versions do not support WSL and the only option may be to install
a Linux virtual machine, using [VirtualBox](https://www.virtualbox.org/), for example.

In Linux, make sure you perform the [post installation step](https://docs.docker.com/engine/install/linux-postinstall/) to be able to run docker without *sudo* (root privileges).

### Docker images

Docker images are built from set of commands stored in a text file: [Dockerfile](https://docs.docker.com/engine/reference/builder/). 

A new image starts from a *base image* and is modified mainly
by adding files to it or executing linux commands to install the target application and its dependencies.


#### Dockerfile example

<hr>

```
FROM ubuntu

RUN apt-get update && \
	apt-get install -y iputils-ping iproute2 openjdk-16-jdk-headless
```
<hr>

The Dockerfile above will create a container image *FROM* a base *ubuntu* image,
which is already present in the docker registry.

The *RUN* command is used to install the ubuntu packages `iputils-ping`, `iproute2` and `openjdk-16-jdk-headless`, via the `apt-get` utility.

Check the [Dockerfile referece](https://docs.docker.com/engine/reference/builder/) for  full syntax and semantics of the available Dockerfile commands.

#### Managing Docker images

The relevant CLI commands are:

+ `docker build . -t <img>` 
    - creates an image with name tag `<img>` using the Dockerfile contained in the current directory;
+ `docker push <img>`
    - uploads the image with name tag `<img>` to the docker registry (the user must have an account);

<hr>

+ `docker images`
    - lists the images stored in the local host repository
+ `docker rmi -f <img>`
    - tries to remove forcebly an image from the local host repository
   

### Exercise 1

Create a docker image using the Dockerfile above.
The image should be named `rc2122-aula0`

1. Create a new directory/folder named `aula0`;
2. Place a text file named `Dockerfile` in `aula0` with the contents from the example above;
3. Build the image with the command `docker build ...`;
4. List the images found in the local repository with `docker images` to confirm the image name is as expected;
5. Remove the image you just built with `docker rmi -f`;
6. Rebuild the image as in step 1.

Optionally, push the image to the Docker repository. You will need to create
a free account, and name your images, accordingly, like so:

`<login>/<image>`


### Managing containers

There are several CLI commands to manage the execution of
containers. Moreover, the behavior of each command is
controlled by a number of flags.

#### Launch

* `docker run -d <img>` 
    - Launches a new container from image `<img>`. 
    
    The flag `-d` means the new container will run in *detached* mode.
    
* `docker run -t -i <img>` 
    - The new container runs attached to an output terminal `-t` and in interactive
    mode `-i`. 

* `docker run -h C1 -t -i <img>` 
    - The new container is launched and given `C1` as its hostname.
<br>

#### Listing

* `docker ps`
    - Lists the containers that are running.
    
    <br>
    
* `docker ps -a`
    - List all containers, including those that are stopped or terminated.
<br>

#### Stop and start

* `docker stop <id>`
    - stops the given container, keeping its saved state.
    
    <br>
    
* `docker start <id>`
    - (re)starts the given container from its saved state.
<br>

#### Removal

* `docker rm -f <id>`
    - removes the given container, forcing stop if necessary.


### Docker container networking

By default, when containers are launched, each receives a **separate**, dedicated, networking
environment, including a private IP networking address. 

Communication with the outside world, goes
through the host system, which acts as **router**. 

Docker containers can talk with each other, but it is possible to isolate them completely, for example for security reasons. This isolation can be achieved by attaching containers to different *docker networks*.

The obtain the networking information about a given container
use the following command in the host computer:

`docker inspect <id>`

The inspect command dumps all kinds of information about a container, given its id, including its networking details.

`grep` is a command line utility that can be used to filter and isolate only the output lines
that match a given word or pattern:

`docker inspect <id> | grep IPAddress`



### Exercise 2

1. Launch a new container using the image `rc2122-aula0` that you created earlier.

    `docker run -ti rc2122-aula0 /bin/bash`


2. In the container shell, type:

    `ip addr show | grep inet`
    
    This will show the IP address of the container.
    
    
3. In the host, inspect the container:

    `docker inspect <id> | grep IPAddress`

    Use `docker ps` if necessary to find out the container id.
    
    Do you see a match?

### Docker based services

Docker allows services, such as a web server, to be executed in
a container, isolated from the rest of the processes already running in
the host.

For instance, the following command will launch a container running 
a web server, from the oficial Apache image already found in the Docker registry.
 
`docker run -ti httpd`

Using `docker ps`, we can verify that the container is running and
**TCP** port **80** is in use, as expected.

However, as is, the command is not very useful, because the web server
is running in the container **isolated** and not **exposed** to the host.

To expose the webserver to the host, when the container is first launched,
we need to *map* the container TCP port *80* to any **free** port of the host,
adding `-p <external_port>:<internal_port>` to the `run` command, like so:

`docker run -ti -p 8880:80 httpd`

Now the link below, should work!

[http://localhost:8880](http://localhost:8880)

The browser will connect to the *host* and port 8880, but the connection will
be routed to the container and to the internal port 80, where the server is listening on.

Note: If necessary, multiple ports can be exposed.

#### Docker storage

By default, the filesystem of a container is not directly accessible to the host system (or other containers), and vice versa.

However, it is possible to expose parts of the host filesystem to a container. 

Namely, using `-v <host_dir>:<container_dir>` in the `docker run` command, we
can **map** a directory in the host filesystem to a directory in the container filesystem, like so:

`docker run -ti -p 8880:80 -v "/tmp:/usr/local/apache2/htdocs" httpd`

The link below should now list the contents of directory `/tmp` in the host.

[http://localhost:8880](http://localhost:8880)

You may need to create `/tmp` (or `c:/tmp`) in the host and/or refresh
the browser. Or you can replace `/tmp` with a different folder.

### Some remarks

Redes de Computadores labs course will use docker extensively to
provide and test samples. In particular, the two work assignments
will be tested and validated using software packaged in docker images.

As such, it is important to have a fair understanding of what Docker
is and what is happening under the hood. 

Make sure you install and try docker in your personal computer, 
and follow this classes' examples and exercises.