Docker
Placeholder for anything to do with Docker (https://docker.com)
You can discuss all things related to this page on the forums here
About
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.
Why Docker on SME Server?
Docker containers hold one or more applications (and all it's dependecies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.
Examples:
- ownCloud running in a container with a higher version of PHP then SME Server provides
- A postgres application running in a container without having to install Postgres on SME Server
- Service on demand, you can start/start (even scripted) a container when you need the service within the container
- Move containers from one SME Server to another (Back-up or production) without installing the application itself
- Time based service e.g. cron jobs. Only have an application running when you need it.
- Keep SME Server's stock stability, security and flexibility, yet run exotic applications
Considerations
- Storage of image library (local/NAS)
- Storage of Docker application data (local/NAS)
- Networking e.g. bridged with host, new bridge with host or port mapping
- Stand alone all-in-on docker or linked containers
- Security
- Only use TRUSTED repo's with images. Who build the image, what's in it?
- Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:
owncloud-7.0.1-smeserver-9.0-john wordpress-3.9.1-smeserver-8.1-mary ehour-1.4.1-smeserver-9.0-richard sharedfolders-2.1.1-smeserver-9.0-fws frontaccounting-3.2.1-smeserver-8.1-contribsorg
Why the SME Server version in the naming convention if it's all inside the container? Well, it could well be that the application inside the container will use some of SME Server specifics such as the db, templates or perl interaction. In that case we need to make sure that we know for which SME Server the image was build.
- Verification (checksum) of available images
- Setting up trusted docker repo's
- disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum
Challenges
- How to interact with localhost PAM or LDAP from within a container?
- Many more...
Installation
Docker requires some RPM's that are not available in the default upstream repo's. So we need to enable the epel repo first. See epel
Then we can install Docker and it's dependencies:
yum install docker-io --enablerepo=epel
Make the Docker service start at boot time:
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S95docker chkconfig docker on config set docker service config setprop docker status enabled
and eventually we can start the Docker service:
service docker start
and then
docker
to see the available command line options. But first and foremost read the excellent Docker documentation
Configuration
Docker comes with a configuration file located at:
/etc/sysconfig/docker
In this file you can set default parameters which are applicable to all containers run by Docker. By default it holds no arguments. All arguments can also be set manually when starting a container, in which case each individual container can have it's specific parameters. To see a list all available arguments that can be used in the Docker configuration file enter:
Docker -h
SME Server specifics
By default Docker will store all images, containers and other data in:
/var/lib/docker
For SME Server this is not ideal for we would like to incorporate all Docker data into the pre-defined backup procedure(s) that come with SME Server. The preferred location for Docker data would be:
/home/e-smith/files/docker
We want this to be the default location for all Docker data on SME Server, so we add the '-g' argument and the desired path to the storage location to the docker configuration file like this:
# /etc/sysconfig/docker # # Other arguments to pass to the docker daemon process # These will be parsed by the sysv initscript and appended # to the arguments list passed to docker -d other_args="-g /home/e-smith/files/docker"
Since the Docker service will always check this configuration file upon (re)start, it will automatically pick up the arguments you have provided and act accordingly. That also implies that you can have multiple (but not simultaneously) storage locations if you ommit the configuration file and add arguments manually on the command line.
It is important that you make this change 'before' you start using docker otherwise it will create it's default storage location in /var/lib/docker.
Once the above change has been made, the Docker service needs to be restarted and Docker will create it's new storage layout in /home/e-smith/files/docker.
service docker restart
You can still change the storage location in a later stage by copying all data to the new location you've defined with the -g argument.
Since we already started the Docker service once (see above installation), Docker will have created it's default storage location in /var/lib/docker. However, Docker will re-create a new storage wherever you point the -g argument to, so after we have added /home/e-smith/files/docker to the Docker configuration file and restarted the Docker service, we can safely remove /var/lib/docker. This also explains why it might take a while for the Docker service to (re)start while it creates a new storage location.
Using a Docker image
By default, there are pre-build images available from the official Docker Hub. In our examples we will use the pre-build centos6 image.
To get a list of all available Centos images you can use:
docker search centos
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.
Downloading a docker image
To download the centos6 image to your local server, issue the following command as root:
docker pull centos:centos6
where the syntax is 'centos' as the main repository and 'centos6' the specific version. Would you issue only 'docker pull centos', then all centos versions will be downloaded. So be specific.
Once the image has been downloaded, you can check your local images by issuing:
docker images
The listing included the Image ID and Name. These are important to run additional commands when the container is running.
Running a docker container
Now that we have downloaded the centos6 image it's time to give it a spin. To start the cento6 container we can issue the follwoing command:
docker run -t -i --net="host" centos:centos6 bash
This will tell docker to run the centos6 container interactiveley from the local centos repo, use the host network interface and start bash. After a few seconds you will be presented with the bash prompt inside the centos6 container:
bash-4.1#
and to check if we are really inside the centos6 container we can display the release version:
cat /etc/redhat-release
which will result in:
CentOS release 6.5 (Final)
From here you can use the normal commands like yum etc.
To exit the container you give the normal 'exit' command, which will stop the centos6 container and bring you back to the prompt of your local server.
To run a container in the background, you need to issue to docker run command with the -d flag instead of the -i flag
Docker networking
some thoughts to share on docker networking
- Network port mapping
http://docs.docker.com/userguide/dockerlinks/
- Network Configuration
Building your own images
- Notes
Manual, or.. https://github.com/docker/fig
'Proposal test image:'
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM untill 19:00PM. All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.
- Building the image based on centos6
- Configure networking, bridges and ports
- Start/restart and stop syntax of the application
- Configure cron
Setting up a (Private) Docker repository
TBA
Docker notes
Loose notes:
docker=service access=public status=enabled
Shipyard web GUI
There is a separate page on how to install Shipyard, the Docker web GUI here
Related articles of interest
Things to do
- Get the shipyard GUI going
- A LOT more ;-)