├── DCA_Prep_Course_Schedule.md ├── DemystifyingTheDockerFile.md ├── Docker-Certified-Associate-Exam-Details.md ├── Docker_Install_CentOS7.md ├── Docker_Install_Ubuntu.md ├── README.md ├── SG-Creating-a-Swarm.md ├── SG-Creating-a-Swarm.pdf ├── SG-DockerFile.pdf ├── SG-Image-Management.md ├── SG-ImageLayers.md ├── SG-Images-Study-Guide.pdf ├── SG-Images.md ├── SG-Meeting-9-20-18.md ├── SG-Namespaces_Cgroups.md ├── SG-Sizing.md ├── SG-Storage-Logging.md └── Study-Group-Introduction.md /DCA_Prep_Course_Schedule.md: -------------------------------------------------------------------------------- 1 | # Docker Certified Associate Prep Course 2 | Length of course: 18:30:53 3 | 4 | ## OVERVIEW 5 | This course will prepare the prospective student to successfully pass the Docker Certified Associate exam. In addition, you will find that the the subjects and materials covered within this course will also equip the successful candidate with the knowledge and experience needed to run Docker clusters and workloads in a complex production environment. 6 | 7 | # Introduction 8 | * About the Course Author 00:01:45 9 | 10 | * Introduction to Linux Academy - Getting the Most Out of Your Experience 00:07:06 11 | 12 | * Course Syllabus 00:10:48 13 | 14 | * Introduction to Docker Enterprise Edition and Docker Swarm 00:07:51 15 | 16 | * About the Exam 00:07:41 17 | 18 | * Quiz: Introduction (Section Quiz) 19 | 20 | 21 | # Installation and Configuration (15% of Exam) 22 | * Complete Docker Installation on Multiple Platforms (CentOS/Red Hat) 23 | 00:08:33 24 | 25 | * Complete Docker Installation on Multiple Platforms (Debian/Ubuntu) 26 | 00:07:58 27 | 28 | * Selecting a Storage Driver 29 | 00:10:29 30 | 31 | * Configuring Logging Drivers (Syslog, JSON-File, etc.) 32 | 00:15:21 33 | 34 | * Setting Up Swarm (Configure Managers) 35 | 00:05:50 36 | 37 | * Setting Up Swarm (Add Nodes) 38 | 00:04:34 39 | 40 | * Setting Up a Swarm (Backup and Restore) 41 | 00:12:59 42 | 43 | * Outline the Sizing Requirements Prior to Installation 44 | 00:09:04 45 | 46 | * Set Up and Configure Universal Control Plane (UCP) and Docker Trusted 47 | 48 | * Repository (DTR) for Secure Cluster Management 49 | 00:20:06 50 | 51 | * Complete Backups for UCP and DTR 52 | 00:08:06 53 | 54 | * Create and Manage UCP Users and Teams 55 | 00:04:02 56 | 57 | * Namespaces and CGroups 58 | 00:05:34 59 | 60 | * Exercise: Installing Docker Standard Edition and Configuring the Service to Start Automatically 61 | 62 | 63 | * Hands-on Labs: Installing Docker CE and Pulling Images for Container Utilization 64 | 65 | * Hands-on Labs: Creating a Management Host and Registering a Swarm Node 66 | 67 | * Quiz: Installation and Configuration (Section Quiz) 68 | Available 69 | 70 | # Image Creation, Management, and Registry (20% of Exam) 71 | * Pull an Image from a Registry (Using Docker Pull and Docker Images) 72 | 00:12:15 73 | 74 | * Searching an Image Repository 75 | 00:05:42 76 | 77 | * Tag an Image 78 | 00:07:40 79 | 80 | * Use CLI Commands to Manage Images (List, Delete, Prune, RMI, etc) 81 | 00:11:30 82 | 83 | * Inspect Images and Report Specific Attributes Using Filter and Format 84 | 00:10:34 85 | 86 | * Container Basics - Running, Attaching to, and Executing Commands in Containers 87 | 00:14:38 88 | 89 | * Create an Image with Dockerfile 90 | 00:12:48 91 | 92 | * Dockerfile Options, Structure, and Efficiencies (Part I) 93 | 00:20:43 94 | 95 | * Dockerfile Options, Structure, and Efficiencies (Part II) 96 | 00:14:14 97 | 98 | * Describe and Display How Image Layers Work 99 | 00:04:56 100 | 101 | * Modify an Image to a Single Layer 102 | 00:07:20 103 | 104 | * Selecting a Docker Storage Driver 105 | 00:10:29 106 | 107 | * Prepare for a Docker Secure Registry 108 | 00:10:44 109 | 110 | * Deploy, Configure, Log Into, Push, and Pull an Image in a Registry 111 | 00:16:37 112 | 113 | * Managing Images in Your Private Repository 114 | 00:08:27 115 | 116 | * Container Lifecycles - Setting the Restart Policies 117 | 00:08:12 118 | 119 | * Exercise: Pulling a Docker Image from a Repository and Tagging It Locally 120 | 121 | 122 | * Exercise: Creating a New Image from a Container 123 | 124 | 125 | * Exercise: Managing Containers (Creating, Starting and Stopping) 126 | 127 | * Quiz: Image Creation, Management, and Registry (Section Quiz) 128 | 129 | # Orchestration (25% of Exam) 130 | * State the Difference Between Running a Container and Running a Service 131 | 00:05:27 132 | 133 | * Demonstrate Steps to Lock (and Unlock) a Cluster 134 | 00:10:57 135 | 136 | * Extend the Instructions to Run Individual Containers into Running Services 137 | 138 | * Under Swarm and Manipulate a Running Stack of Services 139 | 00:20:53 140 | 141 | * Increase and Decrease the Number of Replicas in a Service 142 | 00:07:21 143 | 144 | * Running Replicated vs. Global Services 145 | 00:06:59 146 | 147 | * *Demonstrate the Usage of Templates with 'docker service create' 148 | 00:05:58 149 | 150 | * Apply Node Labels for Task Placement 151 | 00:08:56 152 | 153 | * Convert an Application Deployment into a Stack File Using a YAML Compose File with 'docker stack deploy' 154 | 00:24:02 155 | 156 | * Understanding the 'docker inspect' Output 157 | 00:06:45 158 | 159 | * Identify the Steps Needed to Troubleshoot a Service Not Deploying 160 | 00:06:36 161 | 162 | * How Dockerized Apps Communicate with Legacy Systems 163 | 00:06:45 164 | 165 | * Paraphrase the Importance of Quorum in a Swarm Cluster 166 | 00:09:59 167 | 168 | * Exercise: Create a Swarm Cluster 169 | 170 | * Exercise: Start a Service and Scale It Within Your Swarm 171 | 172 | * Exercise: Demonstrate How Failure Affects Service Replicas in a Swarm 173 | 174 | * Exercise: Reassign a Swarm Worker to Manager 175 | 176 | * Hands-on Labs: Configure a Swarm and Scale Services Within Your Cluster 177 | 178 | * Quiz: Orchestration (Section Quiz) 179 | 180 | # Storage and Volumes (10% of Exam) 181 | * State Which Graph Driver Should Be Used on Which OS 182 | 00:05:41 183 | 184 | * Summarize How an Image Is Composed of Multiple Layers on the Filesystem 185 | 00:07:15 186 | 187 | * Describe How Storage and Volumes Can Be Used Across Cluster Nodes for Persistent Storage 188 | 00:11:18 189 | 190 | * Identify the Steps You Would Take to Clean Up Unused Images (and Other Resources) On a File System (CLI) 191 | 00:07:13 192 | 193 | * Exercise: Creating and Working With Volumes 194 | 195 | * Exercise: Using External Volumes Within Your Containers 196 | 197 | * Exercise: Creating a Bind Mount to Link Container Filesystem to Host Filesystem 198 | 199 | * Exercise: Display Details About Your Containers and Control the Display of Output 200 | 201 | * Hands-on Labs: Working with the DeviceMapper Storage Driver 202 | 203 | * Hands-on Labs: Configuring Containers to Use Host Storage Mounts 204 | 205 | * Quiz: Storage and Volumes (Section Quiz) 206 | 207 | # Networking (15% of Exam) 208 | * Create a Docker Bridge Network for a Developer to Use for Their Containers 209 | 00:13:33 210 | 211 | * Configure Docker for External DNS 212 | 00:05:55 213 | 214 | * Publish a Port So That an Application Is Accessible Externally and Identify the Port and IP It Is On 215 | 00:08:39 216 | 217 | * Deploy a Service on a Docker Overlay Network 218 | 00:10:26 219 | 220 | * Describe the Built In Network Drivers and Use Cases for Each and Detail the 221 | 222 | * Difference Between Host and Ingress Network Port Publishing Mode 223 | 00:11:22 224 | 225 | * Troubleshoot Container and Engine Logs to Understand Connectivity Issues Between Containers 226 | 00:08:18 227 | 228 | * Understanding the Container Network Model 229 | 00:06:11 230 | 231 | * Understand and Describe the Traffic Types that Flow Between the Docker Engine, Registry and UCP Components 232 | 00:06:04 233 | 234 | * Exercise: Exposing Ports to Your Host System 235 | 236 | * Exercise: Create a Docker Service on Your Swarm and Expose Service Ports to Each Host 237 | 238 | * Exercise: Utilize External DNS With Your Containers 239 | 240 | * Exercise: Create a New Bridge Network and Assign a Container To It 241 | 242 | * Quiz: Networking (Section Quiz) 243 | 244 | # Security (15% of Exam) 245 | * Describe the Process of Signing an Image and Enable Docker Content Trust 246 | 00:09:39 247 | 248 | * Demonstrate That an Image Passes a Security Scan 249 | 00:06:55 250 | 251 | * Identity Roles 252 | 00:05:37 253 | 254 | * Configure RBAC and Enable LDAP in UCP 255 | 00:07:24 256 | 257 | * Demonstrate Creation and Use of UCP Client Bundles and Protect the Docker 258 | 259 | * Daemon With Certificates 260 | 00:08:08 261 | 262 | * Describe the Process to Use External Certificates with UCP and DTR 263 | 00:04:05 264 | 265 | * Describe Default Docker Swarm and Engine Security 266 | 00:03:26 267 | 268 | * Describe MTLS 269 | 00:04:16 270 | 271 | * Quiz: Security (Section Quiz) 272 | 273 | 274 | # Conclusion 275 | 276 | * Conclusion and Next Steps 277 | 00:03:38 278 | 279 | * Quiz: End of Course Exam 280 | 281 | * What's Next? 282 | 283 | -------------------------------------------------------------------------------- /DemystifyingTheDockerFile.md: -------------------------------------------------------------------------------- 1 | # The Dockerfile 2 | 3 | Any line that contains an instruction will create an intermediate layer during the build process. This intermediate layer/container includes the execution of whatever instruction has been passed from the Dockerfile. 4 | 5 | For this example, we are going to be building a Dockerfile to create a customized webserver. 6 | 7 | ## Creating a Docker file 8 | Using your favorite text editor create a file called ' Dockerfile': 9 | 10 | 11 | * vim Dockerfile 12 | ``` 13 | From centos:6 14 | 15 | Label Maintainer="ell.marquez@linuxacademy.com" 16 | 17 | RUN yum update -y && yum install httpd net-tools -y && \ 18 | mkdir -p /run/httpd && \ 19 | rm -rf /run/httpd/* /tmp/httpd* 20 | 21 | COPY index.html /var/www/html 22 | 23 | CMD echo " Remember to check your container IP address." 24 | 25 | ENV ENVIROMENT="production" 26 | 27 | VOLUME /mymount 28 | 29 | Expose 80 30 | 31 | ENTRYPOINT ls -al / |wc -l" 32 | ``` 33 | 34 | `From centos:6 ` 35 | `Label Maintainer="ell.marquez@linuxacademy.com" ` 36 | 37 | A label is a key-value pair that creates metadata for your image. 38 | 39 | `RUN yum update -y && yum install httpd net-tools -y && mkdir -p /run/httpd && rm -rf /run/httpd/* /tmp/httpd*` 40 | 41 | `RUN` executes a command in a brand new layer during the build process creating the intermediate container. This container is a process which runs on the host and has its own filesystem, its own networking and its own isolated process tree separate from the host. 42 | 43 | `COPY index.html /var/www/html` 44 | 45 | `COPY` and `ADD` can both take files from the local path and put them into the newly created image. The difference being copy only works with files where add command supports URLs and supports local-only tar extraction. 46 | 47 | ` CMD echo " Remember to check your container IP address." ` 48 | 49 | Only one `CMD` can exist in a Dockerfile; if you have multiple CMDS, just the last one will take effect. CMD will provide defaults for executing a container. These defaults can include executables, or they can be used to specify an `entry point` instruction. 50 | 51 | Note: (From the Docker Docs) If `CMD` is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified with the JSON array format. 52 | 53 | `ENV ENVIROMENT="production"` 54 | 55 | Setting container envrioment variables. 56 | 57 | `VOLUME /mymount` 58 | 59 | The `VOLUME` option creates a mount point with the specified name and marks it as holding externally mounted volumes. 60 | 61 | `Expose 80` 62 | 63 | This does not map the port however it serves as documentation to users to know what ports the service is intended to be run on. 64 | 65 | `ENTRYPOINT ls -al / |wc -l ` 66 | 67 | Configures this container to run as an executable providing a count of the number of files in the root directory. 68 | 69 | ## Dockerfile build 70 | 1) Create an index.html file for the image to copy. 71 | 72 | ``` 73 | [user@ellmarquez1 ~]$ echo "Hello World" > index.html 74 | ``` 75 | 2) Build our new image from our Dockerfile. 76 | 77 | ``` 78 | [user@ellmarquez1 ~]$ docker build -t mybuild:v1 . 79 | Sending build context to Docker daemon 349.4MB 80 | Step 1/9 : From centos:6 81 | ---> b5e5ffb5cdea 82 | Step 2/9 : Label Maintainer="ell.marquez@linuxacademy.com" 83 | ---> Using cache 84 | ---> 85ef096ca62b 85 | Step 3/9 : RUN yum update -y && yum install httpd net-tools -y && mkdir -p /run/httpd && rm -rf /run/httpd/* /tmp/httpd* 86 | ---> Using cache 87 | ---> bad4dfa47765 88 | Step 4/9 : COPY index.html /var/www/html 89 | ---> 0b4c9f794a51 90 | Step 5/9 : CMD echo " Remember to check your container IP address." 91 | ---> Running in 6fd258e216be 92 | Removing intermediate container 6fd258e216be 93 | ---> b6d5006bc645 94 | Step 6/9 : ENV ENVIROMENT="production" 95 | ---> Running in 0c035c8c5793 96 | Removing intermediate container 0c035c8c5793 97 | ---> fcb97d01d558 98 | Step 7/9 : VOLUME /mymount 99 | ---> Running in 503970dcdde1 100 | Removing intermediate container 503970dcdde1 101 | ---> c479f0664d8d 102 | Step 8/9 : Expose 80 103 | ---> Running in e99fa8f43d16 104 | Removing intermediate container e99fa8f43d16 105 | ---> e6fe31ca0770 106 | Step 9/9 : ENTRYPOINT ls -al / |wc -l 107 | ---> Running in cf5496cdf1bf 108 | Removing intermediate container cf5496cdf1bf 109 | ---> c85c327605d6 110 | Successfully built c85c327605d6 111 | Successfully tagged mybuild:v1 112 | ``` 113 | 3) Confirm our new image exists. 114 | 115 | ``` 116 | [user@ellmarquez1 ~]$ docker images 117 | REPOSITORY TAG IMAGE ID CREATED SIZE 118 | mybuild v1 c85c327605d6 59 seconds ago 292MB 119 | ``` 120 | 121 | 4) Create a container from our new image. 122 | 123 | ``` 124 | [user@ellmarquez1 ~]$ docker run -t mybuild:v1 -name mycontainer 125 | 26 126 | ``` 127 | 128 | -------------------------------------------------------------------------------- /Docker-Certified-Associate-Exam-Details.md: -------------------------------------------------------------------------------- 1 | # Docker Certified Associate Exam Details 2 | 3 | ## Basic Information: 4 | 5 | - 80 minutes to complete 6 | - Online Proctor 7 | - 55 Multiple choice questions, both single and multiple answer 8 | - $195 fee with no free retakes 9 | - 30 days between attempts: 10 | - You can only take it three times within one year 11 | - Immediate results 12 | - Passing grade is variable and has not been officially published 13 | 14 | ## Required Items: 15 | 16 | - Photo Identification: Must have your signature, full legal name, and a photo; e.g., Driver's License, State ID, Passport 17 | - Webcam 18 | - Room free of distraction: 19 | - Exam is taken remotely 20 | - You will be asked to turn your webcam around and show your surroundings to the proctor 21 | - Test must be taken on an OSX and Windows system using a Chrome browser: 22 | - There are rumors that it can be made to work on Linux with Chrome; however, it is not supported by the test and could cause you to be unable to take the exam 23 | 24 | ## What to expect: 25 | 26 | - Questions on commands: Be prepared to read over an issued command and determine what the result may be, including any error if there is an issue with the command. 27 | - Comparative questions: Two commands are given, and you are asked to identify the difference(s), contrast the output, or indicate if they will produce the same output. 28 | - Scenario-based questions: A scenario will be proposed, and you will be asked to indicate which command in the list would give the desired result. 29 | - Definition asked questions: Questions that ask you for the most appropriate definition of a term. 30 | - Configuration questions: Memorization of key commands, option, and the configuration file location. -------------------------------------------------------------------------------- /Docker_Install_CentOS7.md: -------------------------------------------------------------------------------- 1 | # Docker Install 2 | 3 | This demo was created using CentOS v7 cloud server. 4 | 5 | If you are not running on a CentOS v7 box, ensure that your kernel is running version 3.10 or better by running the `uname -r` command: 6 | 7 | ``` 8 | [user@user ~]$ uname -r 9 | 3.10.0-862.9.1.el7.x86_64 10 | ``` 11 | 12 | ## Install required packages. 13 | ``` 14 | $ sudo yum install -y yum-utils \ 15 | device-mapper-persistent-data \ 16 | lvm2 17 | ``` 18 | 19 | ## Setting up the Repository 20 | 21 | Add the docker repository to your server to ensure that you have the latest version using the `sudo yum-config-manager \ --add-repo \` command. When you do so, the GPG key will be verified. As of publishing this guide, the fingerprint is *060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35*: 22 | 23 | ``` 24 | [user@ellmarquez1 ~]$ sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo 25 | 26 | Retrieving key from https://download.docker.com/linux/centos/gpg 27 | Importing GPG key 0x621E9F35: 28 | Userid : "Docker Release (CE rpm) " 29 | Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 30 | From : https://download.docker.com/linux/centos/gpg 31 | ``` 32 | If the two do not match, then you are not pulling from the correct place. Check that the information was entered correctly. 33 | 34 | ## Install Docker community edition. 35 | 36 | Install docker with the `yum install` command: 37 | 38 | ```[user@ellmarquez1 ~]$ sudo yum install docker-ce``` 39 | 40 | Enable Docker with the`systemctl enable` command: 41 | 42 | ```[user@ellmarquez1 ~]$ sudo systemctl enable docker``` 43 | 44 | Start Docker with the `systemctl start` command: 45 | 46 | ```[user@ellmarquez1 ~]$ sudo systemctl start docker``` 47 | 48 | Confirm that Docker installed correctly with the `docker run` command: 49 | 50 | ```[user@ello ~]$ sudo docker run hello-world``` 51 | 52 | ### Optional 53 | 54 | For best practices, do not use *root*. Instead, add your user to the Docker group. For this example, our user is named *user*: 55 | ``` 56 | [user@ellmarquez1 ~]$ sudo usermod -a -G docker user 57 | [sudo] password for user: 58 | [user@ellmarquez1 ~]$ 59 | ``` 60 | 61 | Confirm the change with the `grep` command: 62 | ``` 63 | [user@eellmarquez1 ~]$ grep docker /etc/group 64 | docker:x:987:user 65 | ``` 66 | 67 | Once finished, log out and then log back in for changes to take effect. 68 | 69 | -------------------------------------------------------------------------------- /Docker_Install_Ubuntu.md: -------------------------------------------------------------------------------- 1 | # Docker Install: Ubuntu 2 | 3 | This demo was created using an Ubuntu cloud server. 4 | 5 | If you are not running this install on Linux Academy, ensure that your kernel is running version 3.10 or higher by running the `uname -r` command: 6 | ``` 7 | [user@ellmarquez1 ~]$ uname -r 8 | 4.4.0-1063-aws 9 | ``` 10 | ## Setting up the Repository 11 | 12 | 1. Ensure your *apt package index* is up to date. 13 | 14 | ```[user@ellmarquez1 ~]$ sudo apt-get update``` 15 | 16 | 1. Install the following apt packages to allow apt to use a repository over HTTPS: 17 | 18 | ```[user@ellmarquez1 ~]$ sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ software-properties-common``` 19 | 20 | 3. Add Docker’s official GPG key: 21 | 22 | ```[user@ellmarquez1 ~]$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -``` 23 | 24 | 4. Verify that the GPG key fingerprint matches. As of publishing this guide, the fingerprint is *9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88*: 25 | ``` 26 | [user@ellmarquez1 ~]$ sudo apt-key fingerprint 0EBFCD88 27 | pub 4096R/0EBFCD88 2017-02-22 28 | Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 29 | uid Docker Release (CE deb) 30 | sub 4096R/F273FCD8 2017-02-22 31 | ``` 32 | 5. Add the repository using the `add-apt-repository` command: 33 | 34 | ```[user@ellmarquez1 ~]$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ``` 35 | 36 | ## Install Docker Community Edition 37 | 38 | 1. Update the *apt package index* using the `apt-get update` command: 39 | 40 | ```[user@ellmarquez1 ~]$ sudo apt-get update``` 41 | 42 | 2. Install Docker Community Edition using the `apt-get install docker-ce` command: 43 | 44 | ```[user@ellmarquez1 ~]$ sudo apt-get install docker-ce``` 45 | 46 | 47 | 3. Confirm Docker installed correctly using the `docker run` command: 48 | 49 | ```[user@ellmarquez1 ~]$ sudo docker run hello-world``` 50 | 51 | ### Optional 52 | 53 | For best practices, do not use *root*. Instead, add your user to the Docker group. For this example, our user's is named *user*: 54 | ``` 55 | [user@ellmarquez1 ~]$ sudo usermod -a -G docker user 56 | [sudo] password for user: 57 | [user@ellmarquez1 ~]$ 58 | ``` 59 | 60 | Confirm the change using the `grep` command: 61 | ``` 62 | [user@ellmarquez1 ~]$ grep docker /etc/group 63 | docker:x:999:user 64 | ``` 65 | 66 | Once finished, log out and then log back in for changes to take effect. 67 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Table of Content 2 | 3 | ## General 4 | DCA_Prep_Course_Schedule.md - Course Outline 5 | Docker-Certified-Associate-Exam-Details.md Docker Exam Details 6 | Study-Group-Introduction.md 7 | 8 | ## Install 9 | Docker_Install_CentOS7.md 10 | Docker_Install_Ubuntu.md 11 | SG-Creating-a-Swarm.md & SG-Creating-a-Swarm.pdf 12 | 13 | ## Basics 14 | ### Image Creation, Management, and Registry 15 | SG-DockerFile.pdf 16 | SG-Image-Management.md 17 | SG-ImageLayers.md 18 | SG-Images-Study-Guide.pdf 19 | SG-Namespaces_Cgroups.md 20 | SG-Sizing.md 21 | SG-Storage-Logging.md 22 | -------------------------------------------------------------------------------- /SG-Creating-a-Swarm.md: -------------------------------------------------------------------------------- 1 | # Creating a Swarm 2 | The notes below accompany the Linux Academy Docker Certified Associate Prep Course videos: 3 | * [Setting up Swarm (Configure Managers)](https://linuxacademy.com/cp/courses/lesson/course/1376/lesson/5/module/2972) 4 | * [Setting up Swarm (Add Nodes)](https://linuxacademy.com/cp/courses/lesson/course/1376/lesson/6/module/150) 5 | * [Setting up Swarm (Backup and Restore)](https://linuxacademy.com/cp/courses/lesson/course/1376/lesson/7/module/150) 6 | 7 | 8 | ## Configure Managers 9 | - Use the IP address of your server while configuring your manager: 10 | 11 | ``` 12 | docker swarm init --advertise-addr 172.31.21.64 13 | ``` 14 | 15 | - We can copy the output to another file or safe location so we may have easy access to the token we'll need to join additional nodes to the swarm. 16 | - To avoid any confusion, for this example, we have changed the name of the manager server to `manager1`: 17 | 18 | ``` 19 | [user@manager1 ~]$ docker swarm init --advertise-addr 172.31.21.64 20 | Swarm initialized: current node (6h59lkua4alffyoneglx6l427) is now a manager. 21 | ``` 22 | 23 | - After successfully initializing the swarm and adding the first node as a manager, Docker will give you the command to add workers: 24 | 25 | ``` 26 | docker swarm join --token SWMTKN-1-40xcrb7c92mjnapxvoulp15zkky0zopk7u8cc6yd9vglya12v6-epqvj5m5859m05fry5x1p02dg 172.31.21.64:2377 27 | ``` 28 | 29 | - The first string after SWMTKN-1 is a unique identifier for the swarm, the second is the key for whether the node joins the swarm as a manager or worker. 30 | - We can request the token be provided again: 31 | 32 | ``` 33 | [user@manager1 ~]$ docker swarm join-token worker 34 | ``` 35 | - To add a worker to this swarm, run the following command: 36 | 37 | ``` 38 | docker swarm join --token SWMTKN-1-40xcrb7c92mjnapxvoulp15zkky0zopk7u8cc6yd9vglya12v6-epqvj5m58b5m05fry5x1p02dg 172.31.21.64:2377 39 | ``` 40 | 41 | - To add additional managers: 42 | 43 | ``` 44 | docker swarm join-token manager 45 | ``` 46 | 47 | - Then run the command Docker provides on the node you want to add as a manager. 48 | - To see what nodes are currently configured: 49 | 50 | ``` 51 | docker node ls 52 | ``` 53 | 54 | ## Adding Nodes 55 | 56 | We will need a second server, which we’ll refer to as `worker1`, with Docker installed. 57 | 58 | - Using the token provided by the steps above, join `worker1` to the swarm. Do not copy and paste the command below as the token will differ: 59 | 60 | ``` 61 | [user@worker1 ~]$ docker swarm join --token SWMTKN-1-40xcrb7c92mjnapxvoulp15zkky0zopk7u8cc6yd9vglya12v6-epqvj5m5859m05fry5x1p02dg 172.31.21.64:2377 62 | This node joined a swarm as a worker. 63 | ``` 64 | 65 | - Repeat the previous step on all of the workers that need configuration. 66 | 67 | ## Backup and Restore On the Manager 68 | 69 | - Create a service of webserver instances: 70 | 71 | ``` 72 | docker service create --name backupweb --publish 80:80 httpd --replicas 2 73 | ``` 74 | 75 | - Confirm service creation: 76 | 77 | ``` 78 | docker service ls 79 | ``` 80 | 81 | - You can see what node the containers are running in with `docker service ps`: 82 | 83 | ``` 84 | [user@manager1 ~]$ docker service ps backupweb 85 | ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS 86 | r5h3eovajscx backupweb.1 httpd:latest worker1 Running Running 27 seconds ago 87 | pk05dezy13v2 backupweb.2 httpd:latest manager1 Running Running 27 seconds ago 88 | ``` 89 | 90 | - You can see here that one container is running on `worker1` and the other on `manager1`. 91 | 92 | ## Test Our Backup Service Using the *root* User 93 | 94 | Inside of the `/var/lib/docker/swarm` are files that contain information related to our docker swarm. All of these items need to be backed up. 95 | 96 | To test the service: 97 | 1. Stop the Docker service: 98 | `systemctl stop docker` 99 | 2. Make a directory to copy these files in to: 100 | ` mkdir /root/swarm` 101 | 3. Copy swarm files over to our new directory: 102 | `cp -rf /var/lib/docker/swarm /root/swarm` 103 | 4. Start the docker service again: 104 | `systemctl start docker` 105 | 5. Confirm we have 2 replicas running: 106 | `docker service ls` 107 | 6. Let's create a backup: 108 | `tar cvf swarm.tar swarm` 109 | 7. Spin up another server with Docker installed. Do not add it to the swarm! 110 | 8. Copy our files over to the new server: 111 | `scp swarm.tar user@` 112 | 9. Now stop docker on all of our nodes. (This is to mimic a swarm crash.) 113 | 114 | ## Recovery Using the *root* User 115 | 116 | 1. On the new server, remove the swarm files currently located at `/var/lib/docker` as we will be using this server as a recovery platform: 117 | `rm -rf /var/lib/docker/swarm/` 118 | 2. Make a temporary directory and untar our file: 119 | `mkdir tmp && cd tmp` 120 | 3. Untar the `swar.tar` file: 121 | `tar xvf ../swarm.tar ` 122 | 4. Move the files over: 123 | `mv /home/user/tmp/swarm /var/lib/docker` 124 | 5. Start the Docker service: 125 | `systemctl start docker` 126 | 6. As soon as Docker starts, initialize a new cluster: 127 | `docker swarm init --force-new-cluster` 128 | 129 | -------------------------------------------------------------------------------- /SG-Creating-a-Swarm.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxacademy/content-container-essentials-101presentation/64a823613e4218346f94c1e06a136cb40f3643ba/SG-Creating-a-Swarm.pdf -------------------------------------------------------------------------------- /SG-DockerFile.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxacademy/content-container-essentials-101presentation/64a823613e4218346f94c1e06a136cb40f3643ba/SG-DockerFile.pdf -------------------------------------------------------------------------------- /SG-Image-Management.md: -------------------------------------------------------------------------------- 1 | Image Management 2 | ================ 3 | 4 | Pulling Images 5 | -------------- 6 | 7 | - By default, Docker pulls/pushes images from/to Docker Hub 8 | - Private repos are available, and you can set up your own (i.e. DTR) 9 | - Command syntax for pulling an image 10 | - `docker pull /:` 11 | - Repository is the public or private repository the image is stored in -- optional 12 | - Image name is the overall name of the image -- e.g. centos, ubuntu, nginx... 13 | - Tag is the specific version of the image you want to pull -- e.g. centos:7, ubuntu:16.04 14 | - If no tag is provided, command defaults to latest version of image 15 | - Can also pull all images with the same name simultaneously -- `docker pull -a ` 16 | - `docker images` shows currently installed images 17 | - --all shows all images, by default intermediary images are hidden 18 | - --digests shows digest information 19 | - --filter allows for filtering by labels or dates 20 | - --filter "before=centos:6" 21 | - `docker images -q` outputs a list of truncated image IDs -- useful for feeding to another command 22 | 23 | Finding Images 24 | -------------- 25 | 26 | - Basic search: `docker search ` 27 | - Search looks through name and description of images on Docker Hub and returns results ordered by number of stars left by users 28 | - Can filter using --filter as well 29 | - "stars=<#>" finds images with that number of stars or more 30 | - "is-official=" finds official images 31 | - "is-automated=" finds images that are updated automatically 32 | - --limit <#> limits to top # results 33 | 34 | Tagging Images 35 | -------------- 36 | 37 | - Lets you add to a currently existing image and keep it separate without making a Dockerfile 38 | - `docker tag : : 39 | - Preserves original file system, just creates a link to it 40 | - Can also include a repository name in the standard format 41 | 42 | Managing Images from CLI 43 | ---------------- 44 | 45 | - For a full list of image commands, just run `docker image` 46 | - `docker image history` 47 | - Displays the history and build process of an image 48 | - Build process is a series of layered containers, so will show you every step visible to Docker 49 | - However, will only display changes made locally, prebuilt images usually don't come with a history 50 | - `docker image save` 51 | - Packs image and necessary layers/data needed to load or build that image into a .tar 52 | - Will output to stdout unless redirected 53 | - This changes the image ID, Docker will see it as a different image upon reloading 54 | - Restoring backups from .tars 55 | - `docker import - : < ` 56 | - Not required to give image a name and tag, but none will be automaticlally imported if you don't 57 | - `docker load < ` 58 | - Needs to restore from a filestream or an --input argument 59 | - Will restore name and tag automatically 60 | - Pruning unused images 61 | - `docker images prune` removes dangling images not associated with containers 62 | - `docker images prune -a` removes all images not currently associated with a container 63 | 64 | Inspecting Images 65 | ----------------- 66 | 67 | - `docker image inspect` 68 | - Provides information a given Docker object (image, container, node...) 69 | - Output is in JSON 70 | - Inspection formats are similar between images and containers 71 | - Can reformat output to just get the information you want with --format 72 | - "{{.
.}} provides value for the given attribute key 73 | - "{{json .
}}" will provide key-value pairs in the given section 74 | - "{{.section}} will pull all values in a given section 75 | 76 | 77 | -------------------------------------------------------------------------------- /SG-ImageLayers.md: -------------------------------------------------------------------------------- 1 | # Image Layers 2 | These notes cover lectures: 3 | Describe and Display How Image Layers Work 4 | Modify an Image to a Single Layer 5 | 6 | ## Vocabulary 7 | Union file system allows file and directories of separate file systems or branches to be overlayed so that they form a single filesystem. 8 | 9 | ## How Image layers work 10 | 1) Understanding `docker image history ` 11 | 12 | ``` 13 | [user@ellmarquez1 ~]$ docker image history optimized:v1 14 | IMAGE CREATED CREATED BY SIZE COMMENT 15 | 635c9eac84b9 7 hours ago /bin/sh -c yum update -y 130MB 16 | d342a6546b84 7 hours ago /bin/sh -c #(nop) LABEL maintainer=ell.marq… 0B 17 | 5182e96772bf 4 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 18 | 4 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 19 | 4 weeks ago /bin/sh -c #(nop) ADD file:6340c690b08865d7e… 200MB 20 | 21 | ``` 22 | 23 | 2) The image is not "missing" the history of this image ID is not part of the history of the build, as it was not carried forward when this image was installed from a remote repository. 24 | 25 | 3) Further information can be found by using the --no-trunc command 26 | 27 | ``` 28 | [user@ellmarquez1 ~]$ docker image history optimized:v1 --no-trunc 29 | IMAGE CREATED CREATED BY SIZE COMMENT 30 | sha256:635c9eac84b9fee1b68700c329a260358992881a59eeb3f34f7ffff84a74c855 7 hours ago /bin/sh -c yum update -y 130MB 31 | sha256:d342a6546b8482c8a93239b658164c0e6a35e9aba57159c4bfda1eb1153cf898 7 hours ago /bin/sh -c #(nop) LABEL maintainer=ell.marquez@linuxacademy.com 0B 32 | sha256:5182e96772bf11f4b912658e265dfe0db8bd314475443b6434ea708784192892 4 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 33 | 4 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20180804 0B 34 | 4 weeks ago /bin/sh -c #(nop) ADD file:6340c690b08865d7eb84a36050a0ab0e8effc2b010a4ccb20b810153a97a9228 in / 200MB 35 | [user@ellmarquez1 ~]$ 36 | ``` 37 | 38 | * We can see that the base image used for this image was CentOS, then /bin/bash was set as default, the label maintainer=ell.marquez@linuxacademy.com was added, and the OS was updated. 39 | 40 | 41 | ## Modify an image to a single layer. 42 | 1) To begin with, let's list out the images on our system, making sure to note the size of the image. 43 | ``` 44 | [user@ellmarquez1 ~]$ docker images 45 | REPOSITORY TAG IMAGE ID CREATED SIZE 46 | optimized v1 635c9eac84b9 7 hours ago 329MB 47 | ``` 48 | 2) Next, we will run a container using this image: 49 | ``` 50 | [user@ellmarquez1 ~]$ docker run optimized:v1 51 | [user@ellmarquez1 ~]$ docker ps -a 52 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 53 | 40dc970fcd61 optimized:v1 "/bin/bash" 5 seconds ago Exited (0) 4 seconds ago eloquent_bhabha 54 | ``` 55 | 56 | 3) Now we will export this container's filesystem as a tar archive. 57 | 58 | ``` 59 | [user@ellmarquez1 ~]$ docker export eloquent_bhabha > smallbuild.tar 60 | ``` 61 | 62 | 4) Import the image as smallbuild:importv2: 63 | 64 | ``` 65 | [user@ellmarquez1 ~]$ docker import smallbuild.tar smallbuild:importv2 66 | sha256:f1378a7521822dade824ffa1db6fc35621c19fa0e92d2996f42e02e25d418326 67 | ``` 68 | 69 | 6) List out the image history and note that this image does not inherit optimized:v1's history and the size of the image has decreased. 70 | 71 | ``` 72 | [user@ellmarquez1 ~]$ docker image history smallbuild:importv2 73 | IMAGE CREATED CREATED BY SIZE COMMENT 74 | f1378a752182 About a minute ago 283MB Imported from - 75 | 76 | [user@ellmarquez1 ~]$ docker images 77 | REPOSITORY TAG IMAGE ID CREATED SIZE 78 | smallbuild importv2 f1378a752182 5 seconds ago 283MB 79 | optimized v1 635c9eac84b9 7 hours ago 329MB 80 | ``` 81 | 82 | 83 | * Docker images 84 | 85 | Study group questions: 86 | docker image history 87 | 88 | What does cmd /bin/bash do. 89 | What is the first step in this image? 90 | CMD vs Entry Point -------------------------------------------------------------------------------- /SG-Images-Study-Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxacademy/content-container-essentials-101presentation/64a823613e4218346f94c1e06a136cb40f3643ba/SG-Images-Study-Guide.pdf -------------------------------------------------------------------------------- /SG-Images.md: -------------------------------------------------------------------------------- 1 | # Images 2 | 3 | This guide accompanies the *Docker Certified Associate Prep Course* and reviews how to: 4 | 5 | - Pull an image from a registry. 6 | - Search for an image in a repository. 7 | - Tag an image. 8 | - Use CLI Commands to manage images (`list`, `delete`, `prune`, `RMI`, etc.). 9 | - Inspect images and report specific attributes using the flags `--filter` and `--format`. 10 | 11 | ## Reviewing Images 12 | 13 | In these sections, we will go over how to pull, view, and search for images in DockerCE. 14 | 15 | ### Pull an Image 16 | 17 | Similar to Git, DockerCE uses Docker hub for its registry. There are a few ways to pull an image into DockerCE: 18 | 19 | - Pull a repository image using `docker pull`. We are using the file `hello-world` as our example: 20 | 21 | `docker pull hello-world` 22 | 23 | By default, `docker pull` pulls a single image, though repositories can have multiple versions of an image. 24 | 25 | - Pull multiple versions of an image using the `-a` or the `--all-tags` option with `docker pull`: 26 | 27 | `docker pull -a hello-world` 28 | 29 | - Pull down an image without verifying that it has been signed by the repository using the `--disable-content-trust` command. Note that this command can be extremely dangerous as we are trusting an unverified image: 30 | 31 | `docker pull --disable-content-trust hello-world` 32 | 33 | - Pull an image using a specific version using the `docker pull` command. For this example, we are pulling `centos:6`: 34 | 35 | `docker pull centos:6` 36 | 37 | This will pull only the `centos` file with the image tag of `6`. 38 | 39 | ``` 40 | [user@ellmarquez1 ~]$ docker images 41 | REPOSITORY TAG IMAGE ID CREATED SIZE 42 | centos 6 b5e5ffb5cdea 2 weeks ago 194MB 43 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 44 | hello-world linux 2cb0d9787c4d 6 weeks ago 1.85kB 45 | ``` 46 | *Note:* These are the images currently on the system used for this guide; you may see something different. 47 | 48 | ### View Images on the Our Server 49 | 50 | The following are ways to view different images on our server: 51 | 52 | - Use the `docker images` command to view all current images on the Docker system: 53 | 54 | ``` 55 | [user@ellmarquez1 ~]$ docker images 56 | REPOSITORY TAG IMAGE ID CREATED SIZE 57 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 58 | hello-world linux 2cb0d9787c4d 6 weeks ago 1.85kB 59 | ``` 60 | 61 | - Above, we see the `REPOSITORY`, `TAG`, short number `IMAGE ID`, when the image was created, and the size of the image. If the full `IMAGE ID` is needed, use the command `docker images --digest`: 62 | 63 | ``` 64 | [user@ellmarquez1 ~]$ docker images --digests 65 | REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE 66 | hello-world latest sha256:4b8ff392a12ed9ea17784bd3c9a8b1fa3299cac44aca35a85c90c5e3c7afacdc 2cb0d9787c4d 6 weeks ago 1.85kB 67 | ``` 68 | 69 | - We can also use filters to find what images existed on the system before a certain point using `docker images --filter "before="`. For our example, we are using `centos:6`: 70 | 71 | ``` 72 | [user@ellmarquez1 ~]$ docker images --filter "before=centos:6" 73 | REPOSITORY TAG IMAGE ID CREATED SIZE 74 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 75 | hello-world linux 2cb0d9787c4d 6 weeks ago 1.85kB 76 | ``` 77 | 78 | *Quick Hack:* Use `docker images -q` to get a list of all of the `IMAGE ID` numbers on your system. This can be helpful if we need an image ID to pass to another command. 79 | 80 | ### Searching for Images 81 | 82 | The following are ways to search for and review images: 83 | 84 | - To perform a base search for an image, use the `docker search ` command. For example, let's search for the `apache` image. 85 | 86 | `docker search apache` 87 | 88 | We get back multipe`apache` images. 89 | 90 | - To narrow down the results, we can use the `--filter` flag to search for specific forms of the image. For this example, we'll search for only official images of `apache` using `--filter is-official=true`: 91 | 92 | `docker search --filter is-official=true apache` 93 | 94 | Despite filtering down, we may still have quite a few options. 95 | 96 | - Let's narrow down the search one more time. For this search, let's only look for official images that have a rating of over 50 stars using `stars=50`. Remember, each `--filter` flag can only pass one option, so we will need two filters to search for both: 97 | 98 | `docker search --filter stars=50 --filter is-official=true apache` 99 | 100 | ## Image Tags 101 | 102 | Image tags are used to help find files that we may not know the name of, but we know their tags. Lets take another look at our images and see which ones have tags: 103 | 104 | ``` 105 | [user@ellmarquez1 ~]$ docker images 106 | REPOSITORY TAG IMAGE ID CREATED SIZE 107 | centos 6 b5e5ffb5cdea 2 weeks ago 194MB 108 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 109 | hello-world linux 2cb0d9787c4d 6 weeks ago 1.85kB 110 | ``` 111 | We can see above a section labeled `TAG`. In order to tag an image, we use the `docker tag` command. Let's try creating a tag for the `centos` image and give the image the name `my centos`: 112 | 113 | `docker tag centos:6 mycentos:1 ` 114 | 115 | Let's check to make sure our tags worked correctly using the `docker images` command: 116 | 117 | ``` 118 | [user@ellmarquez1 ~]$ docker images 119 | REPOSITORY TAG IMAGE ID CREATED SIZE 120 | centos 6 b5e5ffb5cdea 2 weeks ago 194MB 121 | mycentos 1 b5e5ffb5cdea 2 weeks ago 194MB 122 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 123 | hello-world linux 2cb0d9787c4d 6 weeks ago 1.85kB 124 | ``` 125 | 126 | Notice that `mycentos` and `centos` have the same image ID. This is because all we did was create a copy of the `centos` image that we could later use to make our own custom image without affecting the original `centos` image. 127 | 128 | *Note*: If we plan on storing this image locally, using the source `centos` and tag `6` would suffice. However, if we were planning on sharing this image on a registry, we would need to use the command `/:`. For example, `docker tag centos:6 myreg/mycentos:2`. 129 | 130 | ## Docker Image Commands 131 | 132 | The following are other commands you can use with Docker images: 133 | 134 | - To view the docker history, we use the `docker history` command. Docker history lets us see the layers that compose the image. For this example, we'll look at the history for `mycentos:1`: 135 | 136 | ``` 137 | [user@ellmarquez1 ~]$ docker history mycentos:1 138 | IMAGE CREATED CREATED BY SIZE COMMENT 139 | b5e5ffb5cdea 2 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 140 | 2 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B 141 | 2 weeks ago /bin/sh -c #(nop) ADD file:769078df784180af4… 194MB 142 | ``` 143 | 144 | * Let's remove the `hello-world` image with the `linux` tag. We can do this in one of two ways. The first is we use the `rm` command: 145 | 146 | `docker image rm hello-world:linux ` 147 | 148 | Or we use the `rmi` command: 149 | 150 | `docker rmi hello-world:linux` 151 | 152 | Since we have two versions of `hello-world`, one with the `linux` tag and one with the `latest` tag, the `hello-world` image designated is not removed, only untagged: 153 | 154 | ``` 155 | [user@ellmarquez1 ~]$ docker rmi hello-world:linux 156 | Untagged: hello-world:linux 157 | ``` 158 | - To make sure the image was removed, use `docker images`. Note that `hello-world:latest` is still in the file system, the only thing removed was the `linux` tag. 159 | 160 | ``` 161 | [user@ellmarquez1 ~]$ docker images 162 | REPOSITORY TAG IMAGE ID CREATED SIZE 163 | centos 6 b5e5ffb5cdea 2 weeks ago 194MB 164 | mycentos 1 b5e5ffb5cdea 2 weeks ago 194MB 165 | hello-world latest 2cb0d9787c4d 6 weeks ago 1.85kB 166 | ``` 167 | 168 | * Save your docker image using the `docker image save` command along with the name of the image, the image's tag, and what you want to save it as. For our example, we are saving the `mycentos:1` image as `mycentos.tar`: 169 | 170 | `docker image save mycentos:1 > mycentos.tar ` 171 | 172 | The image and the underlying filesystem layer, along with the meta data, will be saved. This image can now be transferred to a new system. We can also check to make sure it saved correctly by listing out all files of that type. As we did for our example above, we want to list out `.tar` files: 173 | 174 | ``` 175 | [user@ellmarquez1 ~]$ ls *.tar 176 | mycentos.tar 177 | ``` 178 | 179 | * Import a docker image with `docker import`, followed by the file type, repository, and the tags` `. For our example, we're importing the `mycentos.tar` file from the `localimpoart` repository with the `centos6` tag: 180 | 181 | ``` 182 | [user@ellmarquez2 ~]$ docker import mycentos.tar localimport:centos6 183 | sha256:65c5dff95dd1c7e69081078c21911ed794afc5bbafb9b0af400960a30d39342d 184 | [user@ellmarquez1 ~]$ docker images 185 | REPOSITORY TAG IMAGE ID CREATED SIZE 186 | localimport centos6 65c5dff95dd1 4 seconds ago 202MB 187 | ``` 188 | 189 | *Note:* `docker load` will load the image without taking an argument for a name using the defaults. 190 | 191 | `docker load --input mycentos.tar ` 192 | 193 | * Docker Prune command 194 | 195 | `docker image prune` will remove all "dangling" images. These are images that are not currently associated with a complete image or a container. By adding the `-a` flag, we remove all images not associated with a container: 196 | 197 | ``` 198 | [user@ellmarquez1 ~]$ docker image prune -a 199 | WARNING! This will remove all images without at least one container associated to them. 200 | Are you sure you want to continue? [y/N] 201 | ``` 202 | 203 | ## Inspecting Images 204 | 205 | To inspect an image, use the command `docker image inspect`. However, you may find that it becomes easier to look through this information if you redirect the info to a file. For our example, we will send it to `centos.output`: 206 | 207 | `docker image inspect > centos.output` 208 | 209 | If you are looking for specific information, the `--format` flag can help. For example, if we wanted the hostname associated with our `centos` image, we use the `--format` tag. For our example, we are using `ContaienerConfig`, which would be the top level section, and `Hostname`, which is where we pulling our information from: 210 | 211 | ``` 212 | [user@ellmarquez1 ~]$ docker image inspect centos:6 --format '{{.ContainerConfig.Hostname}}' 213 | f185c8f40489 214 | ``` 215 | For clarity, here is the relevant section of the `docker image inspect` output: 216 | 217 | ``` 218 | "Parent": "", 219 | "Comment": "", 220 | "Created": "2018-08-06T19:22:45.144404666Z", 221 | "Container": "f185c8f40489cf4921d51714053a8539c96b0588c6a333790a9b1efaf7d15f2b", 222 | "ContainerConfig": { 223 | "Hostname": "f185c8f40489", 224 | "Domainname": "", 225 | "User": "", 226 | "AttachStdin": false, 227 | "AttachStdout": false, 228 | "AttachStderr": false, 229 | "Tty": false, 230 | "OpenStdin": false, 231 | "StdinOnce": false, 232 | "Env": [ 233 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 234 | ], 235 | ``` 236 | 237 | If we want the entire section, we can request it in `.json` format using `--format '{{json .ContainerConfig}}'`: 238 | 239 | ``` 240 | [user@ellmarquez1 ~]$ docker image inspect centos:6 --format '{{json .ContainerConfig}}' 241 | {"Hostname":"f185c8f40489","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/bin/bash\"]"],"ArgsEscaped":true,"Image":"sha256:6cebc5f506c1aa4df4c68d9e43ba756a6ce8f0e22da3a977ee33d79f33e507b3","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{"org.label-schema.build-date":"20180804","org.label-schema.license":"GPLv2","org.label-schema.name":"CentOS Base Image","org.label-schema.schema-version":"1.0","org.label-schema.vendor":"CentOS"}} 242 | ``` -------------------------------------------------------------------------------- /SG-Meeting-9-20-18.md: -------------------------------------------------------------------------------- 1 | # Study Group September 20th 2 | 3 | Videos / Concepts to be discussed. Please pleace questions below each video or at the bottom if the page for general questions. 4 | 5 | * Convert an Application Deployment into a Stack File Using a YAML Compose File with 'docker stack deploy' 6 | 7 | * Understanding the 'docker inspect' Output 8 | 9 | * Identify the Steps Needed to Troubleshoot a Service Not Deploying 10 | 11 | * How Dockerized Apps Communicate with Legacy Systems 12 | 13 | * Paraphrase the Importance of Quorum in a Swarm Cluster 14 | 15 | * Exercise: Create a Swarm Cluster 16 | 17 | * Exercise: Start a Service and Scale It Within Your Swarm 18 | 19 | * Exercise: Demonstrate How Failure Affects Service Replicas in a Swarm 20 | 21 | * Exercise: Reassign a Swarm Worker to Manager 22 | -------------------------------------------------------------------------------- /SG-Namespaces_Cgroups.md: -------------------------------------------------------------------------------- 1 | # Docker Namespaces and Cgroups 2 | 3 | Namespaces provide "Isolation" making it so that other pieces of the system remain unaffected by whatever is within that namespace. 4 | 5 | Docker uses namespaces of various kinds to provide the isolation that containers need to remain portable and refrain from affecting the remainder of the host system. 6 | 7 | ## Namespace Types 8 | - Process ID — Allows the encapsulation of everything that is a container into a single process so that activity inside the container cannot affect the host system. 9 | - Mount — Can provide isolated mount points in a container. For example, volume mountings in a container. 10 | - IPC — Allows containers and services to communicate with each other but not outside of the namespace. 11 | - User — In Docker 1.12 and above there is the experimental usage of user namespaces. However, there are still issues, and it is essential to remember it is experimental and can break other isolation items if it has not been integrated correctly. 12 | - Network — Deals with routing that occurs in a container. 13 | 14 | ## Control Groups 15 | Control Groups provide resource limitation and reporting capability within the container space. They allow granular control over what host resources are allocated to the container(s) and when they are allocated. 16 | 17 | Common Control groups: 18 | 19 | - CPU 20 | - Memory 21 | - Network Bandwith 22 | - Disk 23 | - Priority -------------------------------------------------------------------------------- /SG-Sizing.md: -------------------------------------------------------------------------------- 1 | # Sizing a Docker Enviorment 2 | 3 | 4 | ## Vocabulary 5 | 6 | * **Universal Control Plane (UCP)**- Docker enterprise edition system that enables you to access your docker swarm resources, such as you manager and worker nodes, from a Web console instead of the command line. 7 | 8 | * **Docker Trusted Registry (DTR)** 9 | * **Docker EE**- Docker Engine with support. 10 | 11 | ## Things To Consider: 12 | 13 | * CPU, memory and Disk- Your containerized application will have running on any system; so be sure that your system has the resources necessary to be able to keep your enviroment running. 14 | 15 | * Concurrency is often forgotten in planning. It's important to know what are the load requirement of the application at peak and in total? Having this information will enable you to determine the optimal placement and the amount of hardware resources that you will need to allocate. 16 | 17 | * Understand what when and how your environment is going to be used. For example, if you are going to be deploying UCP, you would need 16 GIG RAM for managers and DTR nodes. Each of your workers would need 4 VCPUs for your worker nodes. You would need to ensure not only that your hardware could meet these standards but also remember these are minimum standards. This you would need to ensure these standards could stand up to your heaviest traffic. 18 | 19 | * Remember that some configuration variables are configurable and others that are not. So the timeout for ETCD is set to half a second and is configurable; however, the timeout for the RAFT consciences is 3 seconds and is not configurable. So though you can change the ETCD timeout to fit your environment, you have to be sure that communication between manager and manager in your environment can occur within three seconds. 20 | 21 | * Plan for load balancing so that you can better manage your workload 22 | 23 | * Use an external certificate authority when you are working with external variables. 24 | 25 | 26 | ## Special notes: 27 | Docker Eneterpirse edition includes: 28 | * Docker Engine with support from docker 29 | * DTR 30 | * UCP -------------------------------------------------------------------------------- /SG-Storage-Logging.md: -------------------------------------------------------------------------------- 1 | # Week 1 Storage and Logging Drivers: 2 | 3 | ## Selecting a Storage Driver 4 | - Docker volumes will be used to write data to as containers should be abstract and portable. 5 | - Docker uses a pluggable architecture that supports multiple storage drivers that controls how images and containers are stored and managed on your host. 6 | - Device mapper can be used on disk as block storage and uses loopback adaptor. 7 | - It can be used with a block storage device and allow Docker to manage it for us. 8 | 9 | 1. To check your Docker Storage driver is: 10 | ` docker info |grep Storage` 11 | - Overlay is the default 12 | - Overlay2 is recommended and will be enabled by default if your kernel supports it (Kernel version 4+, or 3.10.0-514+ if using RHEL or Centos). 13 | - Using Overlay2 on kernel 3.10.0-514+ requires an override -- see the [Docker Docs](https://docs.docker.com/storage/storagedriver/overlayfs-driver/#configure-docker-with-the-overlay-or-overlay2-storage-driver) for details. 14 | 15 | 16 | 2. Inside of your /etc/docker file there is a key.json file - this contains TLS keys for connecting to registries or other Docker services 17 | 1. We need to create a dameon.json file that will contain our configuration information for the Docker daemon to pull its information from. (We are using “devicemapper” for our example.) 18 | 19 | ` sudo vim /etc/docker/daemon.json` 20 | 21 | { “storage-driver”: “devicemapper” } 22 | 23 | 24 | 3. Restart Docker. 25 | - Note you will lose the images on your system. If they are needed you will need to back them up before restarting Docker. 26 | ` sudo systemctl restart docker` 27 | - confirm Docker status as any typos will cause the service not to start up again. 28 | ``` [user@ellmarquez1 ~]$ sudo systemctl restart docker 29 | [user@ellmarquez1 ~]$ sudo systemctl status docker 30 | ● docker.service - Docker Application Container Engine 31 | Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) 32 | Active: active (running) since Tue 2018-08-14 16:42:49 UTC; 8s ago 33 | Docs: https://docs.docker.com 34 | Main PID: 2029 (dockerd) 35 | Tasks: 17 36 | Memory: 46.1M 37 | CGroup: /system.slice/docker.service 38 | ├─2029 /usr/bin/dockerd 39 | └─2035 docker-containerd --config /var/run/docker/containerd/containerd.toml 40 | 4. Confirm changes: 41 | `docker info | grep Storage` 42 | 43 | [user@ellmarquez1 ~]$ docker info| grep Storage 44 | WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. 45 | Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. 46 | Storage Driver: devicemapper 47 | 48 | 49 | ## Configuring Logging drivers (syslog, JSON-File, etc ) 50 | - View currently supported logging drivers here: https://docs.docker.com/config/containers/logging/configure/ 51 | - By default docker uses a JSON file for logging in order to allow docker container logs command to be viewed. 52 | - In order to make a chance you need to be a privileged user as 53 | 54 | 55 | 1. Pull httpd image from the docker hub: 56 | 57 | `docker image pull httpd ` 58 | 59 | 2. Start the container : 60 | 61 | ` docker container run -d --name testweb httpd` 62 | 63 | 3. Obtain containers IP address: 64 | 65 | ` docker container inspect testweb |grep IPAddr` 66 | 67 | 68 | Sample output: (your IP may be different) 69 | 70 | [user@ellmarquez1 ~]$ docker container inspect testweb |grep IPAddr 71 | "SecondaryIPAddresses": null, 72 | "IPAddress": "172.17.0.2", 73 | "IPAddress": "172.17.0.2", 74 | 5. Install telnet and/or elinks to be able to connect to your container webhost. 75 | `sudo yum install -y telnet elinks` 76 | 6. Confirm that you can connect 77 | curl http:// 78 | - Note: you should see “It works!” 79 | 80 | [user@ellmarquez1 ~]$ curl http://172.17.0.2 81 |

It works!

82 | 83 | 7. To see the logs for this container you would do: 84 | `docker logs testweb ` 85 | - remember the name of our container was testweb 86 | ``` [user@ellmarquez1 ~]$ docker logs testweb 87 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. S 88 | et the 'ServerName' directive globally to suppress this message 89 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. S 90 | et the 'ServerName' directive globally to suppress this message 91 | [Tue Aug 14 16:47:44.495110 2018] [mpm_event:notice] [pid 1:tid 140573965682560] AH00489: Apache/2.4.34 (U 92 | nix) configured -- resuming normal operations 93 | [Tue Aug 14 16:47:44.501366 2018] [core:notice] [pid 1:tid 140573965682560] AH00094: Command line: 'httpd 94 | -D FOREGROUND' 95 | 172.17.0.1 - - [14/Aug/2018:16:51:56 +0000] "GET / HTTP/1.1" 200 45 96 | 172.17.0.1 - - [14/Aug/2018:16:53:31 +0000] "GET / HTTP/1.1" 200 45 97 | 172.17.0.1 - - [14/Aug/2018:16:55:35 +0000] "GET / HTTP/1.1" 200 45 98 | 99 | - *Note:* The errors you are seeing concerning server name are due to the fact that we haven not configured a vhost for this environment. 100 | 101 | **Reset our environment by stoping and removing the container.** 102 | 103 | docker stop testweb && docker rm test web 104 | 105 | 106 | 107 | ## rsyslog 108 | 109 | Rsyslog should already be installed on your cloud server, however if you are using an enviroment outside of Linux Academy you can install it by: 110 | 111 | ` $ sudo yum install rsyslog ` 112 | 113 | OR 114 | 115 | `$ sudo apt-get install rsyslog` 116 | 117 | - Change configuration to allow for UDP syslog reception: 118 | 119 | `vim /etc/rsyslog.conf` 120 | 121 | - Find the section: 122 | ``` 123 | # Provides UDP syslog reception 124 | #$ModLoad imudp 125 | #$UDPServerRun 514``` 126 | - and uncomment out the ModLoad and UDPServerRun sections 127 | 128 | 129 | ``` 130 | # Provides UDP syslog reception 131 | $ModLoad imudp 132 | $UDPServerRun 514 133 | - Start the rsyslog service and confirm it is running: 134 | 135 | ` sudo systemctl start rsyslog && systemctl status rsyslog` 136 | - Configure for our syslog driver: 137 | 138 | `sudo vim /etc/docker/daemon.json ` 139 | - *Note*: you need to use your private IP which may differ from mine: 140 | ``` 141 | { "storage-driver": "devicemapper" } 142 | { 143 | "log-driver" : "syslog", 144 | "log-opts": { 145 | "syslog-address": "udp://172.31.21.64:514" 146 | } 147 | } 148 | ``` 149 | - Restart docker 150 | 151 | ` sudo systemctl restart docker ` 152 | - Confirm change 153 | 154 | `docker info |grep Logging ` 155 | - You should now see Logging Driver: syslog 156 | ``` 157 | [user@ellmarquez1 ~]$ docker info |grep Logging 158 | WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. 159 | Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. 160 | Logging Driver: json-file 161 | 162 | # **Testing changes:** 163 | In a new terminal, which I’ll refer to as terminal B, connect to server so we can tail logs. 164 | 165 | *Optional step:* Clear out current log files so we can have a better view of what we are doing: ( you will have to be root) 166 | 167 | sudo su - 168 | 169 | 170 | echo “” > /var/log/messages 171 | 172 | 173 | 1. Restart rsyslog: 174 | 175 | `systemctl restart rsyslog ` 176 | 3. Tail the logs: 177 | 178 | ` tail -f /var/log/messages ` 179 | 180 | *Note: It may be helpful to configure your lay out so you can see both terminals at once. This will help you see the logs come in real time.* 181 | 182 | **In original terminal :** 183 | 184 | 1. Let’s run a new container: *(keep an eye on terminal B as hit enter)* 185 | 186 | ` docker container run -d -name testweb -p 80:80 httpd` 187 | 188 | 189 | 2. Try connecting to local host: 190 | 191 | ` curl http://localhost ` 192 | or 193 | `elinks http://localhost ` 194 | 195 | **Reset our environment by stoping and removing the container.** 196 | 197 | docker stop testweb && docker rm test web 198 | 199 | 200 | **Changing options on a per container basis** 201 | 202 | - Create a new httpd container and specify the log driver you would like to use. *Below is an example of specifying json-file.* 203 | 204 | `docker container run -d --name testjson --log-driver json-file httpd` 205 | 206 | 207 | - Check the logs for testjson container 208 | `docker logs testjson` 209 | 210 | ``` 211 | [user@ellmarquez1 ~]$ docker logs testjson 212 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message 213 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message 214 | [Tue Aug 14 18:54:09.079886 2018] [mpm_event:notice] [pid 1:tid 140656390690688] AH00489: Apache/2.4.34 (Unix) configured -- resuming normal operations 215 | [Tue Aug 14 18:54:09.086288 2018] [core:notice] [pid 1:tid 140656390690688] AH00094: Command line: 'httpd -D FOREGROUND' 216 | 217 | -------------------------------------------------------------------------------- /Study-Group-Introduction.md: -------------------------------------------------------------------------------- 1 | # Study Group Introduction 2 | 3 | ## Docker Enterprise Edition 4 | 5 | Docker Enterprise Edition (DockerEE) provides a support mechanism for issues with an underlying engine as well as deployment challenges using it. When using DockerEE on a certified platform, organizations are assured through Docker’s certification that their applications will work as expected and that they will have support if they do not. 6 | 7 | ### Supported Platforms 8 | 9 | - CentOS 10 | - Debian 11 | - Fedora 12 | - Ubuntu 13 | - Oracle Linux 14 | - Microsoft windows Server 2016 15 | - RedHat Enterprise Linux 16 | - SUSE Linux Enterprise Server 17 | 18 | 19 | ### Tiers 20 | 21 | - Basic: Platform for certified infrastructure, containers, and plugins with support from Docker. 22 | - Standard: Adds advanced image and container management, LDAP, and RBAC. 23 | - Advanced: Adds security scanning and vulnerability scanning. 24 | 25 | 26 | ## Docker Swarm 27 | 28 | Docker swarm is a clustering and scheduling tool for the clusters of Docker containers (grouped together as services). Swarms allow portability, abstraction, flexibility, and consistency of complex application service deployments on a supported infrastructure. 29 | 30 | - Docker swarm managers are responsible for validating, logging the state of, and distributing instructions to Docker Swarm Workers. 31 | - Docker Service daemon is installed on every node in a swarm. 32 | 33 | ### Basic Swarm Architecture 34 | 35 | - Swarms can have a single manager; however, they can have 1 to any number of swarm managers: 36 | - The amount of managers you have determines the quorum: 37 | - You need to have at least 2 managers to have a quorum. 38 | - A quorum is the consciences method of agreeing on the instructions and how they will be communicated to the workers. 39 | - Swarm workers will have Docker Daemon installed and will register using the Docker discovery service that runs on the Swarm manager: 40 | - Workers will receive workloads from the Swarm managers. 41 | - Swarm manager receives a request to access services: 42 | - Services are 1 to any number of containers (or replicas) that provide a particular application or service. 43 | - Access to that service can be accessed from any node. 44 | - Routing mesh is used to guarantee access. 45 | 46 | --------------------------------------------------------------------------------