Configuring Docker services generation one

Introduction

I’m learning Docker as I write this, so if you see any mistakes in it (particularly in my interpretation of errors, situations, etc), then please let me know (alexishuxley @ gmail dot com). Thanks!

Terminology

Some of this is copied from the official documentation.

An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. An image typically contains a union of layered filesystems stacked on top of each other. An image does not have state and it never changes.

A container is a runtime instance of a docker image. A Docker container consists of

• A Docker image
• An execution environment
• A standard set of instructions

An exited container still has a filesystem, even though there are no longer any processes associated with it.

Installing Docker

This section is based on the official documentation, which does not offer using Debian’s native Docker packages as an installation option.

1. Install packages required to complete this procedure:

   apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

2. Add the Docker repository key:

   curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -

3. Configure access to the Docker repository and update the list of packages the system knows about:

   echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
   apt-get update

4. Install Docker:

   apt-get install docker-ce docker-ce-cli containerd.io

5. Test that Docker is now successfully installed:

   docker run hello-world

6. Remove all exited containers (whose storage persists) with:

   docker container prune

Creating and running containers based on images

1. Here we create a container based on an image but do not start it; start it after which it displays a message and exits on its own; remove the container. We do it in smaller steps so that we can see what ‘docker run’ actually does:

   sugo# docker create hello-world:latest 
   37596d9779ecf3cd53e25e6b3bfe9232411fb6bd8d9fca977206bd415bb8d4f3
   sugo# docker ps -a
   CONTAINER ID IMAGE             COMMAND   CREATED       STATUS PORTS NAMES
   37596d9779ec hello-world:latest "/hello" 2 seconds ago Created      some_junk
   sugo# docker -ai start 37596d9779ec
   To generate this message ...
   sugo# docker rm 37596d9779ec
   37596d9779ec
   sugo#

2. Here we create a container based on an image and start it; after which we get it to display a message; it then exits on its own and we remove the container (the debian:buster image is not removed):

   sugo# docker run -it --rm debian:buster echo 1
   1
   sugo#

3. I wanted to run a longer command in the background so that I could examine the container status while it was running. I tried this:

   sugo# docker run -it --rm debian:buster sleep 60 &
   [1] 22011
   sugo#

   This did not behave as expected:

   • the docker and dockerd processes together consumed 100% of CPU (in 3:1 ratio respectively) and never exited
   • pressing RETURN did not make the shell suspend the process due to competition for stdin
   • the container itself did exit (as shown with ‘docker ps -a’)
   • foregrounding the process made it immediately exit
4. Running it in the foreground or removing the ‘-it’ made it work (both of which point to some stdin/tty competition issue).
5. Here we run a container instance, examine its data abd rerun the same container:

   sugo# docker run -it debian:buster bash 
   root@bdaec793467f:/# ls > some_file
   root@bdaec793467f:/# exit
   sugo# docker ps -a
   CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
   bdaec793467f        debian:buster       "bash"              10 seconds ago      Exited (0) 2 seconds ago                       jovial_mclean
   sugo# docker cp bdaec793467f:some_file .
   sugo# rm some_file 
   sugo# docker start bdaec793467f
   bdaec793467f
   sugo# docker ps -a
   CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
   bdaec793467f        debian:buster       "bash"              About a minute ago   Up 5 seconds                            jovial_mclean
   sugo# docker attach bdaec793467f
   root@bdaec793467f:/# rm some_file 
   root@bdaec793467f:/# apt-get install procps
   root@bdaec793467f:/# uptime
    13:37:18 up 11:04,  0 users,  load average: 0.41, 0.51, 0.86
   root@bdaec793467f:/# exit
   sugo# uptime
    14:37:32 up 11:04,  1 user,  load average: 0.32, 0.48, 0.85
   sugo# docker rm bdaec793467f
   sugo#

   I learned from this is:

   • containers can be rerun (but just not with the run command)
   • by default the container is not sooooo isolated

Making a container behave like a kernel-less VM

I understand that Docker is mostly used for microservices but I am wondering if it can be used like OpenVZ: as a kernel-less VM. I’ll log my progress here.

1. I created a container with a shell using small steps:

   sugo# docker create -it debian:buster /bin/bash
   d769866854db280550da0246740429779376e08ed08047c3fb13ac3073f11c62
   sugo# docker start d769866854db
   d769866854db
   sugo# docker ps -a
   CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
   d769866854db debian:buster "/bin/bash" 25 seconds ago Up 2 seconds flamboyant_ganguly
   sugo# docker attach d769866854db
   root@d769866854db:/# 
   root@d769866854db:/# exit
   sugo# docker ps -a
   CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
   d769866854db debian:buster "/bin/bash" 51 seconds ago Exited (0) 2 seconds ago flamboyant_ganguly
   sugo# docker start d769866854db
   d769866854db
   sugo# docker attach d769866854db
   root@d769866854db:/# 
   root@d769866854db:/# <CTRL-P><CTRL-Q>read escape sequence
   sugo# docker attach d769866854db
   root@d769866854db:/# 
   root@d769866854db:/#

2. Then I install sshd in it (this is taken from Stackexchange):

   sugo# docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d769866854db
   172.17.0.2
   sugo# nmap 172.17.0.2
   All 1000 scanned ports on 172.17.0.2 are closed
   sugo# docker attach d769866854db
   root@d769866854db:/# apt-get update
   root@d769866854db:/# apt-get install openssh-server      
   root@d769866854db:/# systemctl 
   System has not been booted with systemd as init system (PID 1). Can't operate.
   Failed to connect to bus: Host is down
   root@d769866854db:/# mkdir /var/run/sshd
   root@d769866854db:/# chmod 0755 /var/run/sshd
   root@d769866854db:/# /usr/sbin/sshd
   root@d769866854db:/# useradd --create-home --shell /bin/bash alexis
   root@d769866854db:/# id alexis
   uid=1000(alexis) gid=1000(alexis) groups=1000(alexis)
   root@d769866854db:/# passwd alexis
   New password: 
   Retype new password: 
   passwd: password updated successfully
   root@d769866854db:/# <CTRL-P><CTRL-Q>read escape sequence
   sugo# nmap 172.17.0.2
   Not shown: 999 closed ports
   22/tcp open  ssh
   sugo# ssh alexis@172.17.0.2
   alexis@172.17.0.2's password: 
   Linux d769866854db 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
   
   The programs included with the Debian GNU/Linux system are free software;
   the exact distribution terms for each program are described in the
   individual files in /usr/share/doc/*/copyright.
   
   Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
   permitted by applicable law.
   alexis@d769866854db:~$ exit
   sugo#

3. The startup of sshd is a bit ugly and I looked at what other people had done:

   sugo# docker run -td --stop-signal=SIGRTMIN+3   --tmpfs /run:size=100M --tmpfs /run/lock:size=100M  \
          -v /sys/fs/cgroup:/sys/fs/cgroup:ro   --name=name jgoerzen/debian-base-standard 
   c43dd5f8004a...
   sugo# docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'  c43dd5f8004a
   172.17.0.3
   sugo# docker ps -a
   CONTAINER ID        IMAGE                           COMMAND                  CREATED             STATUS              PORTS               NAMES
   c43dd5f8004a        jgoerzen/debian-base-standard   "/usr/local/bin/boot…"   14 seconds ago      Up 12 seconds                           name
   d769866854db        debian:buster                   "/bin/bash"              30 minutes ago      Up 29 minutes                           flamboyant_ganguly
   sugo# docker exec -it c43dd5f8004a bash
   root@c43dd5f8004a:/# apt-get install openssh-server
   openssh-server is already the newest version (1:7.9p1-10+deb10u2).
   root@c43dd5f8004a:/#

4. Next time: try setting up ssh, see https://github.com/jgoerzen/docker-debian-base-standard

See also

• Getting started
• manual for docker command
• https://wiki.debian.org/Docker
• https://github.com/jgoerzen/docker-debian-base
• http://containertutorials.com/images.html
• http://containertutorials.com/alpine/alpine-apache-server-static-site.html
• https://stackoverflow.com/questions/23580281/how-to-access-to-a-file-in-docker-container-already-exit#:~:text=The%20right%20way%20is%20to,%3E%3A%2Froot%2Fhello.
• https://changelog.complete.org/archives/9794-fixing-the-problems-with-docker-images
• Computing