Docker

Install Docker
https://docs.docker.com/install/linux/docker-ce/ubuntu/#set-up-the-repository
https://docs.docker.com/engine/install/ubuntu/

# Add Docker's official GPG key:
sudo apt-get update -q
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
 
# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
 
sudo apt-get install -y docker-ce

Enable Remote API
https://docs.docker.com/config/daemon/systemd/

cat <<EOF> /etc/docker/daemon.json
{
    "hosts": [
        "tcp://127.0.0.1:2375",
        "unix:///var/run/docker.sock"
    ]
}
EOF
 
mkdir /etc/systemd/system/docker.service.d
 
cat <<EOF> /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
EOF
 
systemctl daemon-reload
service docker restart
 
# ubuntu docker.io package
/etc/default/docker
DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"
 
# test API connection
docker --host 127.0.0.1:2375 info

Add user to docker group

sudo usermod -aG docker $USER
su - $USER
 
systemctl enable docker
systemctl status docker

List container / output format
https://docs.docker.com/engine/reference/commandline/ps/ - Formating output

docker ps -a --filter 'exited=0'
docker images --format '{{.Repository}}:{{.Tag}}'
docker images --format '{{.Size}}\t{{.Repository}}\t{{.Tag}}\t{{.ID}}'
docker ps -a --filter status=exited --filter status=restarting --format "{{.ID}} {{.Names}}" | grep -v skydive
 
docker ps --format 'table {{.ID}}\t{{.Names}}\t{{.Command}}\t{{.CreatedAt}}'

Start all exited container

# start all containers
docker start $(docker ps -a -q -f status=exited)
 
# Stop all containers
docker stop $(docker ps -a -q)
 
# Delete all containers
docker rm $(docker ps -a -q) -f
 
# Delete exited containers
docker ps --filter status=exited --quiet | xargs docker rm
 
# Delete all images
docker rmi $(docker images -aq) -f
 
# fix missing btrf storage driver
sudo rm -rf /var/lib/docker/aufs

Debug / Run test container

docker info
docker run hello-world
#docker run -it centos bash
docker run -it ubuntu

Login to container

docker exec -it --user root CONTAINER bash
 
#docker run -i --rm ubuntu bash
 
sudo docker run -i -t --name dc-ubuntu ubuntu bash
sudo docker start -i dc-ubuntu
 
# wordpress
docker run -d --name dc-mysql -e MYSQL_ROOT_PASSWORD=mysqlpwd mysql
docker run -d --name dc-wordpress --link dc-mysql:mysql -p 7894:80 wordpress
 
# search
docker  search icinga
docker search --filter is-official=true ubuntu
docker pull phre/icinga
 
docker run --name dc-nginx -d -p 7890:80 nginx
http://localhost:7890/
docker logs dc-nginx
 
# images
sudo docker images
sudo docker rmi 3eXXXXx
 
 
apt-get install docker
docker run -t -i --rm ubuntu bash
docker run -i -t --name dc-ubuntu ubuntu bash
docker start -i dc-ubuntu
docker run --name dc-nginx -d -p 7890:80 nginx
docker logs dc-nginx
docker stop dc-nginx
docker rm dc-nginx
docker run --name dc-nginx -d -p 7890:80 -v /tmp/srv/:/usr/local/nginx/html:ro nginx
docker run --name dc-nginx-tmp -t -i nginx /bin/bash
docker commit dc-nginx-tmp img-mynginx
docker run --name dc-mynginx -d -p 7891:80 img-mynginx nginx
 
# view all cointainer (also inactive)
docker ps -a
 
# remove all container
docker ps -qa | xargs docker rm
 
/tmp/dbuildtst/Dockerfile
MAINTAINER Mein Name <foo@example.com>
FROM nginx
RUN echo '<html><body><p>Hello again!</p> </body></html>' > /usr/local/nginx/html/index.html
 
docker build -t=img-mynginx2 /tmp/dbuildtst/
 
docker run --name dc-mynginx2 -d -p 7892:80 img-mynginx2

Registry
http://registry.hub.docker.com

# generate auth configuration for private remote docker repository
docker login registry.example.com -u user -p pass
 
AUTH=$(echo -n username:password | base64)
 
# auto login
# ~/.docker/config.json
{
	"auths": {
		"registry.example.com": {
			"auth": "$AUTH"
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.12.3-ce (linux)"
	}
}
 
docker login registry.example.com

https://wiki.debian.org/Docker

Registry Explorer
https://explore.ggcr.dev/

Run Docker inside LXC container

# http://stackoverflow.com/questions/22085657/can-docker-run-inside-a-linux-container
echo 'DOCKER_OPTS="--exec-driver=lxc"' | tee -a /etc/default/docker
service docker restart
 
# mysql container
sudo docker pull mysql
 
# build a container
https://www.digitalocean.com/community/tutorials/docker-explained-using-dockerfiles-to-automate-building-of-images
 
 
# notes
docker run --lxc-conf="lxc.network.hwaddr=92:20:de:b0:6b:61" my_image ifconfig
edit /etc/default/docker: DOCKER_OPTS="--dns 8.8.8.8 -e lxc"
apt-get install lxc (lxc-docker is not enough)
docker run --lxc-conf="lxc.network.hwaddr=92:20:de:b0:6b:61" -t myimage

# non root?
https://docs.docker.com/installation/debian/

# quick & easy install
wget -qO- https://get.docker.com/ | sh

Docker under LXC
http://ashish1099.github.io/blog/2015/05/23/docker-inside-lxc/
https://www.stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/

cat /var/lib/lxc/docker/config
...
lxc.aa_profile = unconfined
lxc.cgroup.devices.allow = a
lxc.cap.drop =

# 15 Quick Docker Tips
http://www.centurylinklabs.com/15-quick-docker-tips/

Volume

# list volumes
docker inspect -f '{{ .Mounts }}' CONTAINER
 
# get volume information
for VOLUME in $(docker volume ls -q); do
    docker volume inspect ${VOLUME}
done
 
# delete unused volumes
docker volume rm $(docker volume ls -qf dangling=true)
 
# show space used by volume
docker system df -v
 
# show volumes used by container
docker ps -q | xargs -L1 docker inspect -f '{{ .Mounts }}' | grep elasticsearch
 
# service
/usr/lib/systemd/system/docker.service
/etc/systemd/system/multi-user.target.wants/docker.service

Links
https://github.com/panticz/installit/blob/master/install.docker.sh
https://docs.docker.com/engine/reference/commandline/dockerd/

Docker Machine
https://docs.docker.com/machine/install-machine/

Docker Compose
https://docs.docker.com/compose/install/

List content of docker repository

DOCKER_REPOSITORY_IP=10.0.11.7
curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/_catalog | python -m json.tool

Create profile with connection to VLAN

lxc profile copy default mgmt-dev
# lxc profile list
lxc profile device set mgmt-dev eth0 nictype macvlan
lxc profile device set mgmt-dev eth0 parent mgmt-dev-v1234
lxc profile show mgmt-dev

Get registry packages

DOCKER_REPOSITORY_IP=https://registry.example.com
curl -X GET ${DOCKER_REPOSITORY_IP}/v2/_catalog | python -m json.tool
 
DOCKER_CONTAINER=foo/bar
curl -X GET ${DOCKER_REPOSITORY_IP}/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool

Network
Macvlan network driver
https://docs.docker.com/v17.09/engine/userguide/networking/get-started-macvlan/

Disk usage

docker system df
docker system df -v
docker ps --size | grep GB
 
DOCKER_CONTAINER=kolla/ubuntu-source-base
curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool

Credentials

~/.docker/config.json
# manual login
docker login registry.example.com

Scripts

for CONTAINER in $(docker ps -a --filter status=exited --filter status=restarting -q); do
    docker restart ${CONTAINER}
    sleep 10
done 

restart all continer

for CONTAINER in $(docker ps -a -q); do
    docker ps | grep ${CONTAINER}
    docker restart ${CONTAINER}
    sleep 30
done

Enable autostart
https://docs.docker.com/config/containers/start-containers-automatically/
https://codeburst.io/how-to-start-docker-containers-automatically-ec0545c392e4

# start a container
docker update --restart unless-stopped nginx
 
#docker login registry.example.com
 
# Disable autostart for all containers
docker update --restart=no $(docker ps -qa)
docker update --restart=on-failure:3 abebf7571666 foo_container_1
 
# Enable autostart for all currently running containers
docker update --restart=always $(docker ps -q)
 
# Show RestartPolicy
docker inspect --format '{{json .HostConfig.RestartPolicy.Name}}' ${CONTAINER_ID}
docker inspect ${CONTAINER_ID} | grep RestartPolicy -A3
 
# get container ID
docker ps -aq | xargs docker inspect {} | jq -r '.[] | (.Name + " " + .Id)' | grep 9e732c9816f05994d2863c68522b74b118556d7fea614c27a9e4a98418d656af
 
# set to unless-stopped on all containers
docker update --restart=unless-stopped $(docker ps -aq)
 
# show restart policy
docker ps -aq | xargs docker inspect {} | jq -r '.[] | (.Name + " " + .HostConfig.RestartPolicy.Name)'
 
# Start/run with a different entry point
docker run -ti --entrypoint=sh user/test_image

Docker and LXD on same host

# cat /etc/docker/daemon.json
{
    "iptables": false
}

Statistics

docker stats

Cleanup
https://docs.docker.com/engine/reference/commandline/image_prune/

docker image prune --all -f
 
# system
docker system df
docker system prune -f
 
# find large files in overlay2
for OVERLAY_ID in $(du --human-readable --max-depth=1 --threshold=2G /var/lib/docker/overlay2 | cut -d"/" -f6); do
    docker inspect -f $'{{.Name}}\t{{.GraphDriver.Data.MergedDir}}' $(docker ps -aq) | grep ${OVERLAY_ID}
    find /var/lib/docker/overlay2/${OVERLAY_ID} -type f -size +1G -exec du -sh {} \;
done

Comparing Ingress controllers for Kubernetes
https://medium.com/flant-com/comparing-ingress-controllers-for-kubernetes-9b397483b46b

Logrotation

# /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
    "max-size": "10m",    
    "max-file": "3"    
    }
} 

Configure HTTP(S) proxy

# /etc/docker/daemon.json
{
  "proxies": {
    "http-proxy": "${http_proxy}",
    "https-proxy": "${https_proxy}",
    "no-proxy": "192.168.49.0/24,127.0.0.0/8"
  }
}
EOF

Configure HTTPS proxy
https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

# configure https proxy
cat <<EOF> /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
#Environment="HTTP_PROXY=https://<firstname.lastname>:<password>@<proxy_server>:<proxy_port>"
Environment="HTTPS_PROXY=https://<firstname.lastname>:<password>@<proxy_server>:<proxy_port>"
EOF
 
systemctl daemon-reload
systemctl restart docker
 
# find restarting nodes
docker ps -a --filter status=exited --filter status=restarting

Snippets

# get docker version
docker version --format '{{.Client.APIVersion}}'
 
# get container name and image
docker ps -a --format "{{.Names}} {{.Image}}" | sort
 
# list container OS version
docker ps -a --format "{{.Names}}" | xargs -t -i docker exec -t {} cat /etc/os-release | grep VERSION_ID

How do I authenticate with the V2 API
https://success.mirantis.com/article/how-do-i-authenticate-with-the-v2-api

Edit container configuration

docker stop inspect my-container
docker container inspect my-container | grep "Id"
vi /var/lib/docker/containers/${CONTAINER_ID}/config.v2.json
sudo systemctl restart docker

Cleanup / prune

docker image prune --all --force
docker volume prune --all --force
docker system prune --force

Links
https://hub.docker.com/