docker

README

Getting Started

0A. Get Gandi API key and set the GANDI_API_KEY environment variable.

See https://www.gandi.net/admin/api_key.

1A. Download and install Gandi's Docker Machine driver.

Download and install docker-machine-driver-gandi (more info).

2A. Create "Dockerized host" on Gandi infrastructure.

Provision Gandi virtual machine and install Docker Engine on it, creating a "Dockerized host" that is able to run Docker containers:

$ docker-machine create \
  --driver gandi \
  --gandi-api-key=$GANDI_API_KEY \
  --gandi-image "Ubuntu 16.04 64 bits LTS (HVM)" \
  --gandi-memory 256 \
  default

default is the machine name; if this exists, then many docker-machine commands will apply to this machine by default.

3A. Configure docker command to interact with Gandi's Docker Engine.

(Instead of the Docker Engine provided by the local Docker.app.)

$ eval (docker-machine env default)

4. (Optional) Test Dockerized host.

$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c04b14da8d14: Pull complete
Digest:
sha256:0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working
correctly.
...

Note: "locally" refers to the location of the docker machine is running. (Either the datacenter, or locally.)

See Docker's Getting Started documentation for some more examples.

5. Create image (named fred) from ~/.dotfiles/docker/Dockerfile.

$ docker build -t fred ~/.dotfiles/docker

6A. Create and start a container (named barry) on Cloud Docker Engine:

$ docker run --privileged -it --name barry -p 80:22 -h barry -d -v /root/.ssh:/etc/ssh/keys:ro fred

• --name barry – the name of the container
• -p 80:22 – maps port 80 on the virtual machine to port 22 on the container
  • Port 22 is used for ssh on the virtual machine itself, as accessible via docker-machine ssh
• -h barry – the hostname of the container
• -v /root/.ssh:/etc/ssh/keys:ro – make contents of /root/.ssh on the virtual machine available (ro) as /etc/ssh/keys on the container
  • This directory contains an authorized_keys generated by Docker, and presumably placed there via docker-machine create.
• fred – the name of the image

6B. Create and start a container (named barry) on local Docker Engine:

$ docker run --privileged -it --name barry -p 127.0.0.1:8022:22 -h barry -d -v $HOME/.ssh:/etc/ssh/keys:ro fred

7A. ssh into the container as user mjs on the Cloud Docker Engine.

$ ssh -i (docker-machine inspect -f "{{.HostOptions.AuthOptions.StorePath}}")/id_rsa -p 80 mjs@(docker-machine ip)

• (docker-machine inspect -f "{{.HostOptions.AuthOptions.StorePath}}") – the directory holding the encryption keys that manage the virtual machine.
  • The id_rsa.pub file in this directory is available as /root/.ssh/authorized_keys on the virtual machine (docker-machine create did this), and /etc/ssh/keys/authorized_keys in the container (-v /root/.ssh:/etc/ssh/keys/authorized_keys did this).
• -p 80 – connect to port 80
• (docker-machine ip) returns the ip address of the virtual machine.

[TODO: Copy ssh keys to the container via ssh-copy-id.]

Or, get interactive shell (user root) on the container via Docker:

$ docker exec --privileged -it barry bash -l

Or, attach to the sshd (or whatever is run by CMD in Dockerfile) via:

$ docker attach barry

Exiting or killing this process stops the container. To detach from the container without killing the process, use ctrl-p, ctrl-q.

7B. ssh into the container as user mjs on local Docker Engine.

$ ssh -i $HOME/.ssh/play_rsa -p 8022 mjs@127.0.0.1

Appendix A: Docker Concepts

In this document, "virtual machine" refers to the virtual machine running Docker engine, as visible in Gandi's management interface.

docker-machine installs and manages Docker Engine on virtual hosts.

docker is the CLI to interact with Docker Engine.

A docker image is like a virtual disk.

A docker container is like a virtual machine. (A container can be started and stopped; images can only be created and deleted.)

See also What's the difference between Docker Engine and Docker Machine?

Appendix B: docker commands

Images:

• docker images - list images
• docker build ... - create image
• docker rmi ... - remove image
  • docker rmi (docker images -q -a) - remove all images
  • docker system prune - remove "unusaed" images and other resources

Containers:

• docker ps -a - list (all) containers
  • docker ps - list running containers
• docker create ... - create container
• docker rm ... - remove container
  • docker rm (docker ps -q -a) - remove all containers
• docker start ... - start container
• docker stop ... - stop container

Commands (applicable to created and started containers):

• docker exec mycontainer echo hello - run echo hello in container
  • docker exec --privileged mycontainer echo hello - run command in privileged mode
• docker exec --privileged -it mycontainer bash - start interactive shell in container
• docker attach mycontainer - attach to an already running container; on exit, container will stop

Commands (applicable to images):

• docker run --privileged -it -h myhostname myimage - create and start container, run default command and attach interactively
  • docker run --privileged -it -h myhostname --rm myimage - as above, but remove container on exit
• `docker run --rm --mount source=data,target=/data myimage sh -c 'tar cOzf - -C /data . > data.tar.gz' - mount volume data as /data, then dump as *.tar.gz
• docker run --rm --mount type=bind,source=$(pwd)/data,target=/data myimage - mount data (in current directory) via bind mount to /data (allows container to write to /data, and changes appear in data)

Appendix C: docker-machine commands

• docker-machine ssh – ssh into machine (not container!)
  • For example, to see how much disk space is left.
• docker-machine ls – list Dockerized hosts (excludes Docker.app for some reason)
• docker-machine rm – remove host (also (always?) destroys the virtual machine in the cloud)