├── .gitignore
├── LICENSE
├── README.md
├── dockersocat
    ├── Dockerfile
    ├── README.md
    └── run.sh
├── dockompleter
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    └── dockompleter.sh
├── memory-hog
    ├── Dockerfile
    ├── hogit
    └── hogit.go
├── tinygo
    ├── .gitignore
    ├── Dockerfile
    ├── Makefile
    └── tinygo.go
└── unprivsockfwd
    ├── Dockerfile
    ├── forwarder.conf
    └── run.sh


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects)
 2 | *.o
 3 | *.a
 4 | *.so
 5 | 
 6 | # Folders
 7 | _obj
 8 | _test
 9 | 
10 | # Architecture specific extensions/prefixes
11 | *.[568vq]
12 | [568vq].out
13 | 
14 | *.cgo1.go
15 | *.cgo2.c
16 | _cgo_defun.c
17 | _cgo_gotypes.go
18 | _cgo_export.*
19 | 
20 | _testmain.go
21 | 
22 | *.exe
23 | *.test
24 | *.prof
25 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 Phil Estes
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Dockerfiles
2 | ===========
3 | 
4 | hold useful dockerfiles for testing various Docker changes
5 | 


--------------------------------------------------------------------------------
/dockersocat/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM debian:jessie
2 | MAINTAINER Phil Estes <estesp@gmail.com>
3 | 
4 | RUN apt-get update && apt-get -y install socat
5 | 
6 | CMD socat TCP-LISTEN:2375,reuseaddr,fork UNIX-CLIENT:/var/run/docker.sock
7 | 


--------------------------------------------------------------------------------
/dockersocat/README.md:
--------------------------------------------------------------------------------
 1 | ## Dockersocat
 2 | 
 3 | When user namespaces are enabled in a Docker daemon, mounting
 4 | the Docker API UNIX socket into the container is not directly
 5 | useful. Without munging the ownership of the UNIX socket, the
 6 | container will have no access to the socket for either read or
 7 | write.
 8 | 
 9 | This `Dockerfile` builds a simple container that can use the
10 | new `--privileged` capability in Docker 1.11 (a privileged container
11 | even while the daemon has user namespaces enabled) to pass
12 | traffic from a TCP endpoint to the UNIX socket using socat.
13 | 
14 | ### Build & Run
15 | 
16 | Building can be performed with a simple `docker build`:
17 | 
18 | ```
19 | docker build -t dockersocat .
20 | ```
21 | 
22 | > **NOTE**: This **requires** Docker 1.11 for the `--privileged`
23 | > support for user namespaced-enabled daemon.
24 | 
25 | Use the `run.sh` script or run the container as follows:
26 | 
27 | ```
28 | docker run -d --name dockersock \
29 |     -v /var/run/docker.sock:/var/run/docker.sock \
30 | 	--privileged --userns=host dockersocat
31 | ```
32 | 
33 | Note that I am not portmapping the TCP listener to the host as the
34 | expectation is that inter-container communication is on and other
35 | user namespaced containers are the consumers of this service and
36 | will connect to the container IP at port :2375 for `DOCKER_HOST`.
37 | Of course you could portmap this to the host, but this exposes your
38 | Docker engine endpoint to a broad audience with all the usual concerns
39 | and risks for doing so.
40 | 
41 | ### Use from other (unprivileged) containers
42 | 
43 | To use the socket TCP->UNIX forwarding container from a user
44 | namespaced container, I will show an example using "links". If you
45 | are using modern libnetwork/overlay networking, using the embedded
46 | DNS will be the future-proof path, given "links" are a deprecated
47 | feature. For a basic example, however, it's easy to show using a
48 | simple container that has a Docker client installed:
49 | 
50 | ```
51 | docker run -ti --rm --link dockersock:dockersock dockerclient
52 | / # export DOCKER_HOST=tcp://dockersock:2375
53 | / # docker version
54 | Client:
55 |  Version:      1.10.0-dev
56 |  API version:  1.22
57 |  Go version:   go1.5.2
58 |  Git commit:   8ed14c2
59 |  Built:        Wed Dec  9 01:04:08 2015
60 |  OS/Arch:      linux/amd64
61 |  Experimental: true
62 | 
63 | Server:
64 |  Version:      1.11.0-rc3
65 |  API version:  1.23
66 |  Go version:   go1.5.3
67 |  Git commit:   eabf97a
68 |  Built:        Fri Apr  1 22:26:46 2016
69 |  OS/Arch:      linux/amd64
70 | / #
71 | ```
72 | 


--------------------------------------------------------------------------------
/dockersocat/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | docker run -d --name dockersock \
4 |      -v /var/run/docker.sock:/var/run/docker.sock \
5 |      --privileged --userns=host dockersocat
6 | 


--------------------------------------------------------------------------------
/dockompleter/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Dockerfile to build the Docker binary, but more 
 2 | # importantly save off the package .a files for use with 
 3 | # nsf/gocode (https://github.com/nsf/gocode) autocomplete
 4 | # plugin use in vim (or other editors)
 5 | FROM golang:1.5.3
 6 | MAINTAINER estesp@gmail.com
 7 | 
 8 | # Install docker daemon build dependencies
 9 | RUN apt-get update && apt-get install -y \
10 | 	libdevmapper-dev \
11 | 	btrfs-tools \
12 | 	libsqlite3-dev
13 | 
14 | WORKDIR /go
15 | RUN mkdir -p src/github.com/docker
16 | 
17 | # clone current master and put in /go/github.com/docker/docker
18 | RUN cd /go/src/github.com/docker && git clone https://github.com/docker/docker
19 | 
20 | # set up proper $GOPATH for Docker build
21 | ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
22 | 
23 | COPY dockompleter.sh /
24 | 
25 | # see dockompleter.sh for information on how to use
26 | # a bind mount to get the output .a files in the right
27 | # $GOPATH/pkg dir on your host system
28 | CMD [ "/dockompleter.sh" ]
29 | 


--------------------------------------------------------------------------------
/dockompleter/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c)2015 Phil Estes <estesp@gmail.com>
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining
 4 | a copy of this software and associated documentation files (the
 5 | "Software"), to deal in the Software without restriction, including
 6 | without limitation the rights to use, copy, modify, merge, publish,
 7 | distribute, sublicense, and/or sell copies of the Software, and to
 8 | permit persons to whom the Software is furnished to do so, subject to
 9 | the following conditions:
10 | 
11 | The above copyright notice and this permission notice shall be
12 | included in all copies or substantial portions of the Software.
13 | 
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
18 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
19 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
20 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 | 


--------------------------------------------------------------------------------
/dockompleter/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: all
 2 | 
 3 | GOPATH_MOUNT := -v ~/go/pkg:/go/pkg
 4 | IMAGENAME := dockompleter
 5 | TIMESTAMP := $(shell date +%Y%m%d-%H%M%S)
 6 | 
 7 | default: generate
 8 | 
 9 | all: generate
10 | 
11 | generate: build
12 | 	docker run --rm $(GOPATH_MOUNT) $(IMAGENAME)
13 | 
14 | build:
15 | 	docker build -t "$(IMAGENAME):$(TIMESTAMP)" .
16 | 	docker tag -f $(IMAGENAME):$(TIMESTAMP) $(IMAGENAME):latest
17 | 
18 | 


--------------------------------------------------------------------------------
/dockompleter/dockompleter.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright (c)2015 Phil Estes <estesp@gmail.com>
 4 | # See LICENSE for MIT License terms
 5 | 
 6 | # See Dockerfile for context in which dockompleter.sh is used
 7 | #
 8 | # * Getting the .a files on your host $GOPATH:
 9 | # Example: given a host $GOPATH containing ~/go, you can 
10 | # populate the auto-complete files in ~/go/pkg/linux_amd64
11 | # by bind-mounting your go/pkg dir when running the 
12 | # container in which this script runs:
13 | #  docker run -v ~user/pkg:/go/pkg
14 | DOCKER_ROOT=/go/src/github.com/docker/docker
15 | DOTA_DEST=/go/pkg/linux_amd64
16 | 
17 | mkdir -p ${DOTA_DEST}
18 | 
19 | cd ${DOCKER_ROOT}
20 | 
21 | rm -rf autogen
22 | mkdir -p autogen/dockerversion
23 | cat > autogen/dockerversion/dockerversion.go <<EOF
24 | // AUTOGENERATED FILE; see $BASH_SOURCE
25 | package dockerversion
26 | 
27 | var (
28 |     GITCOMMIT string = "donotuse"
29 |     VERSION   string = "donotuse"
30 | 
31 |     IAMSTATIC string = "true"
32 |     INITSHA1  string = "donotuse"
33 |     INITPATH  string = "donotuse"
34 | )
35 | EOF
36 | 
37 | go build \
38 |     -o /docker-binary \
39 |     -work -a -tags "netgo daemon static_build btrfs_noversion" -installsuffix netgo \
40 |     ./docker
41 | 
42 | cd /tmp/go-build*
43 | cp -a github.com ${DOTA_DEST}
44 | 


--------------------------------------------------------------------------------
/memory-hog/Dockerfile:
--------------------------------------------------------------------------------
1 | #Dockerfile to waste memory for testing "OOMKilled" -> event "oom" in Docker
2 | FROM scratch
3 | MAINTAINER estesp@gmail.com
4 | 
5 | COPY hogit /
6 | 
7 | CMD [ "/hogit" ]
8 | 
9 | 


--------------------------------------------------------------------------------
/memory-hog/hogit:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/estesp/Dockerfiles/4f464b88a2504e0ad0bae00ac31e5249fe4d3fa8/memory-hog/hogit


--------------------------------------------------------------------------------
/memory-hog/hogit.go:
--------------------------------------------------------------------------------
 1 | // A sloppily and hastily constructed memory "hogger"
 2 | // Need more insight into Go GC to make this cleaner, but it does the job for now
 3 | package main
 4 | 
 5 | import (
 6 | 	"bytes"
 7 | 	"encoding/binary"
 8 | 	"fmt"
 9 | 	"time"
10 | )
11 | 
12 | var (
13 | 	arraySize       = 500000
14 | 	loops           = 10
15 | 	iLikeBigBuffers = bytes.NewBuffer(make([]byte, 0, 500000))
16 | )
17 | 
18 | func main() {
19 | 
20 | 	hogger := make([][]uint64, loops)
21 | 
22 | 	for i := range hogger {
23 | 		hogger[i] = make([]uint64, arraySize)
24 | 		fmt.Printf("Populating row %d of %d sized array of uint64 values\n", i, arraySize)
25 | 		for j, _ := range hogger[i] {
26 | 			hogger[i][j] = uint64((i + 1) * j)
27 | 			writeToBuf(hogger[i][j])
28 | 		}
29 | 		fmt.Println("Waiting 3 seconds before next row creation")
30 | 		time.Sleep(3 * time.Second)
31 | 	}
32 | }
33 | 
34 | func writeToBuf(val uint64) int {
35 | 	bytes := make([]byte, binary.MaxVarintLen64)
36 | 	numBytes := binary.PutUvarint(bytes, val)
37 | 	if _, err := iLikeBigBuffers.Write(bytes); err != nil {
38 | 		fmt.Printf("ERROR: writing bytes: %v\n", err)
39 | 	}
40 | 	return numBytes
41 | }
42 | 


--------------------------------------------------------------------------------
/tinygo/.gitignore:
--------------------------------------------------------------------------------
1 | tinygo
2 | 


--------------------------------------------------------------------------------
/tinygo/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM scratch
2 | MAINTAINER estesp@gmail.com
3 | 
4 | ENTRYPOINT [ "/tinygo" ]
5 | EXPOSE 80
6 | COPY tinygo /
7 | 


--------------------------------------------------------------------------------
/tinygo/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: all binary
 2 | 
 3 | default: binary
 4 | 
 5 | all: clean binary
 6 | 	docker build -t tinygo .
 7 | 
 8 | binary:
 9 | 	go build -a -tags "netgo static_build" -installsuffix netgo tinygo.go
10 | 
11 | clean:
12 | 	-rm tinygo
13 | 	-docker rmi tinygo
14 | 


--------------------------------------------------------------------------------
/tinygo/tinygo.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"net"
 6 | 	"net/http"
 7 | 	"os"
 8 | )
 9 | 
10 | var (
11 | 	defaultString = "Hello there\n"
12 | )
13 | 
14 | func main() {
15 | 
16 | 	s := &http.Server{
17 | 		Addr:    "tcp://0.0.0.0:80",
18 | 		Handler: mux(http.DefaultServeMux),
19 | 	}
20 | 
21 | 	if len(os.Args) > 1 {
22 | 		defaultString = os.Args[1] + "\n"
23 | 	}
24 | 
25 | 	http.HandleFunc("/", defaultResponse)
26 | 	l, err := net.Listen("tcp", "0.0.0.0:80")
27 | 	if err != nil {
28 | 		fatal(err)
29 | 	}
30 | 	if err := s.Serve(l); err != nil {
31 | 		fatal(err)
32 | 	}
33 | }
34 | 
35 | func mux(handler http.Handler) http.Handler {
36 | 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
37 | 		handler.ServeHTTP(w, r)
38 | 	})
39 | }
40 | 
41 | func defaultResponse(w http.ResponseWriter, r *http.Request) {
42 | 	fmt.Fprintf(w, defaultString)
43 | }
44 | 
45 | func fatal(err error) {
46 | 	fmt.Fprintln(os.Stderr, err)
47 | 	os.Exit(1)
48 | }
49 | 


--------------------------------------------------------------------------------
/unprivsockfwd/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM nginx:alpine
2 | MAINTAINER Phil Estes <estesp@gmail.com>
3 | 
4 | RUN addgroup -g 999 docker
5 | RUN addgroup nginx docker
6 | COPY forwarder.conf /etc/nginx/conf.d/default.conf
7 | 
8 | 


--------------------------------------------------------------------------------
/unprivsockfwd/forwarder.conf:
--------------------------------------------------------------------------------
 1 | #server config
 2 | server {
 3 |     listen 2375;
 4 | 
 5 |     location / {
 6 |         proxy_pass http://unix:/var/run/docker.sock:;
 7 |         proxy_set_header X-Docker-Unprivileged true;
 8 |     }
 9 | }
10 | 
11 | 


--------------------------------------------------------------------------------
/unprivsockfwd/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | docker run -d --name unprivsockfwd \
4 |      -v /var/run/docker.sock:/var/run/docker.sock \
5 |      --privileged --userns=host unprivsockfwd
6 | 


--------------------------------------------------------------------------------