Docker

From SME Server
Revision as of 14:28, 9 September 2014 by RequestedDeletion (talk | contribs) (Split off Shipyard to it's own page)
Jump to navigationJump to search
Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


Placeholder for anything to do with Docker (https://docker.com)

Important.png Note:
All info is based on SME Server 9 only.

Your host server must have internet access.

All testing below has been done on a virtual SME9 under Virtualbox. Yes, Docker also run on VM's :-)

By NO means this is an official thing or even applicable at all. Tinkering phase only here!


About

Docker logo.png

Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.


Why Docker on SME Server?

Docker containers hold one or more applications (and all it's dependecies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.

Examples:

  • ownCloud running in a container with a higher version of PHP then SME Server provides
  • A postgres application running in a container without having to install Postgres on SME Server
  • Service on demand, you can start/start (even scripted) a container when you need the service within the container
  • Move containers from one SME Server to another (Back-up or production) without installing the application itself
  • Time based service e.g. cron jobs. Only have an application running when you need it.
  • Keep SME Server's stock stability, security and flexibility, yet run exotic applications

Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.


Considerations

  • Storage of image library (local/NAS)
  • Storage of Docker application data (local/NAS)
  • Networking e.g. bridged with host, new bridge with host or port mapping
  • Stand alone all-in-on docker or linked containers
  • Security
  • Only use TRUSTED repo's with images. Who build the image, what's in it?
  • Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:
owncloud-7.0.1-smeserver-9.0-john
wordpress-3.9.1-smeserver-8.1-mary
ehour-1.4.1-smeserver-9.0-richard
sharedfolders-2.1.1-smeserver-9.0-fws
frontaccounting-3.2.1-smeserver-8.1-contribsorg
  • Verification (checksum) of available images
  • Setting up trusted docker repo's
  • disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum


Challenges

  • How to interact with localhost PAM or LDAP from within a container?
  • Many more...


Installation

Docker requires some RPM's that are not available in the default upstream repo's. So we need to enable the epel repo first. See epel

Then we can install Docker and it's dependencies:

yum install docker-io --enablerepo=epel
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S95docker
chkconfig docker on
service docker start

and then

docker

to see the available command line options. But first and foremost read the excellent Docker documentation


  • Note: Although we've linked the docker as service in runlevel 7, it will not pick up the config files /etc/sysconfig/docker. So Shipyard will not be able to connect to docker. Why?


Using a Docker image

By default, there are pre-build images available from the official Docker Hub. In our examples we will use the pre-build centos6 image.

To get a list of all available centos images you can use:

docker search centos

You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.

By default, downloaded images from the Docker hub to your local server will be places in /var/lib/docker. If you want to store these images elsewhere, then you can create a symbolic link from that storage location pointing to /var/lib/docker.

  • Note: See if we can change this default location in another way, config file?

Downloading a docker image

To download the centos6 image to your local server, issue the following command as root:

docker pull centos:centos6

where the syntax is 'centos' as the main repository and 'centos6' the specific version. Would you issue only 'docker pull centos', then all centos version will be downloaded. So be specific.

Once the image has been downloaded, you can check your local images by issuing:

docker images


Running a docker container

Now that we have downloaded the centos6 image it's time to give it a spin. To start the cento6 container we can issue the follwoing command:

docker run -t -i centos:centos6 bash

This will tell docker to run the centos6 container interactiveley from the local centos repo and start bash. After a few seconds you will be presented with the bash prompt inside the centos6 container:

bash-4.1#

and to check if we are really inside the centos6 container we can display the release version:

cat /etc/redhat-release

which will result in:

CentOS release 6.5 (Final)

From here you can use the normal commands like yum etc.

To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.

To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag


Building your own images

  • Notes

Manual, or.. https://github.com/docker/fig

'Proposal test image:'

An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM untill 19:00PM. All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.

  • Building the image based on centos6
  • Configure networking, bridges and ports
  • Start/restart and stop syntax of the application
  • Configure cron


Setting up a (Private) Docker repository

TBA


Docker notes

Loose notes:

docker=service
access=public
status=enabled


Related articles of interest


Things to do