Home > General, Security > Playing with Docker & Docker CLI

Playing with Docker & Docker CLI


root@karun-1:/home/paas# man docker-run
root@karun-1:/home/paas#


root@karun-1:/home/paas# sudo docker run -i -t ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
487bffc61de6: Pull complete
acb8e44f43fa: Pull complete
202e40f8bb3a: Pull complete
b0c2dfa2701f: Pull complete
17b6a9e179d7: Pull complete
Digest: sha256:5718d664299eb1db14d87db7bfa6945b28879a67b74f36da3e34f5914866b71c
Status: Downloaded newer image for ubuntu:latest

# Note: -i STDIN open from the container, -t above provides a putty option to connect to the container through ssh. In above command we've asked docker to run /bin/bash command in the container. This presents container's shell as below.

root@9426fd62a696:/#

Note: Here 9426fd62a696 is like a hostname to the container.

root@9426fd62a696:/# hostname
9426fd62a696

root@9426fd62a696:/# uname -a
Linux 9426fd62a696 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
root@9426fd62a696:/#

root@9426fd62a696:/# cat /etc/hosts
172.17.0.3 9426fd62a696
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

root@9426fd62a696:/# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 18236 2008 ? Ss 17:43 0:00 /bin/bash
root 31 0.0 0.0 34416 1464 ? R+ 20:32 0:00 ps -aux
root@9426fd62a696:/#

Note: If you are behind firewall or a proxy set environment variage http_proxy and https_proxy before firing below command

root@9426fd62a696:/# apt-get update && apt-get install vim
Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [94.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-security InRelease [93.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial/main Sources [1103 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial/restricted Sources [5179 B]

root@9426fd62a696:/# exit
exit

# Note: This exits the container, but container is still running ...
root@karun-1:/home/paas# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9426fd62a696 ubuntu "/bin/bash" 3 hours ago Exited (127) About a minute ago hungry_gates


root@karun-1:/home/paas# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9426fd62a696 ubuntu "/bin/bash" 3 hours ago Exited (127) 2 minutes ago hungry_gates


# Note: -l means last container's status, -a show all running/stopped/exited containers, none means only running containers

# To create containers with your own naming convention...
root@karun-1:/home/paas# sudo docker run --name karun_container -i -t ubuntu /bin/bash
root@521cfbc8bf97:/#

root@karun-1:/home/paas# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
521cfbc8bf97 ubuntu "/bin/bash" About a minute ago Exited (0) 6 seconds ago karun_container
root@karun-1:/home/paas#

# to stop/start/restart karun_container
root@karun-1:/home/paas# sudo docker stop 521cfbc8bf97
521cfbc8bf97
root@karun-1:/home/paas# sudo docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
521cfbc8bf97 ubuntu "/bin/bash" 4 minutes ago Exited (0) 4 seconds ago karun_container
root@karun-1:/home/paas# sudo docker start 521cfbc8bf97
521cfbc8bf97
root@karun-1:/home/paas# sudo docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
521cfbc8bf97 ubuntu "/bin/bash" 14 minutes ago Up 4 seconds karun_container
root@karun-1:/home/paas# sudo docker restart 521cfbc8bf97
521cfbc8bf97
root@karun-1:/home/paas# sudo docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
521cfbc8bf97 ubuntu "/bin/bash" 14 minutes ago Up 2 seconds karun_container


# to attach a container anytime...to bring back to docker's bash command prompt (Hit Enter twice)
root@karun-1:/home/paas# sudo docker attach 521cfbc8bf97
root@521cfbc8bf97:/#
root@521cfbc8bf97:/#


# Again on exit container goes down. Hence above container is not ideal for running applications, let's create a daemonized container for running applications and have an interactive session in a way are longer running containers

root@karun-1:/home/paas# sudo docker run --name karun_daemon -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done"
561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4

# -d flag to tell Docker to detaich the container to the background. Above while loop continues till container is stopped or the process stops.

root@karun-1:/home/paas# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
561787e6a699 ubuntu "/bin/sh -c 'while tr" About a minute ago Up About a minute karun_daemon
521cfbc8bf97 ubuntu "/bin/bash" 55 minutes ago Up 2 minutes karun_container

# check the logs of container now... -f flag is like tail -f command
root@karun-1:/home/paas# sudo docker logs -f karun_daemon
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world

root@karun-1:/home/paas# sudo docker logs --tail 10 karun_daemon
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
root@karun-1:/home/paas#

# For timestamp
root@karun-1:/home/paas# sudo docker logs -ft karun_daemon
2016-05-13T21:49:18.608885021Z hello world
2016-05-13T21:49:19.607061776Z hello world
2016-05-13T21:49:20.608568951Z hello world
2016-05-13T21:49:21.609976161Z hello world
2016-05-13T21:49:22.611418756Z hello world
2016-05-13T21:49:23.613123250Z hello world
2016-05-13T21:49:24.614493112Z hello world
2016-05-13T21:49:25.615742071Z hello world

# To inspect processes running inside the container
root@karun-1:/home/paas# sudo docker top karun_daemon
UID PID PPID C STIME TTY TIME CMD
root 29614 867 0 05:49 ? 00:00:00 /bin/sh -c while true; do echo hello world; sleep 1; done
root 31063 29614 0 06:06 ? 00:00:00 sleep 1

# For checking stats of the docker containers
root@karun-1:/home/paas# sudo docker stats karun_daemon
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O
karun_daemon 0.10% 454.7 kB / 8.373 GB 0.01% 648 B / 648 B 0 B / 0 B

# This creates a new file in docker container karun_daemon
root@karun-1:/home/paas# sudo docker exec -d karun_daemon touch /etc/new_config_file

# Interactive command to connect or open a shell inside our karun_daemon
# -t is to create TTY and -i is to capture STDIN for executed process
# This creates a new bash session inside the container karun_daemon
root@karun-1:/home/paas# sudo docker exec -t -i karun_daemon /bin/bash
root@561787e6a699:/#

### since it's an interactive container, up on exit you can see that docker container didn't shutdown.
# To shutdown explicity you need to issue sudo docker shutdown <id> command
root@karun-1:/home/paas# sudo docker exec -t -i karun_daemon /bin/bash
root@561787e6a699:/# exit
exit
root@karun-1:/home/paas# sudo docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
561787e6a699 ubuntu "/bin/sh -c 'while tr" 40 minutes ago Up 40 minutes karun_daemon

# For auto start of docker always
root@karun-1:/home/paas# sudo docker run --restart=always --name karun-daemon -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done"

# Restart only on failure a maximum of five time if a non-zero exit code is received
root@karun-1:/home/paas# sudo docker run --restart=on-failure:5 --name karun-daemon -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done"

# docker inspect
root@karun-1:/home/paas# sudo docker inspect 561787e6a699
[
{
 "Id": "561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4",
 "Created": "2016-05-13T21:49:18.326489298Z",
 "Path": "/bin/sh",
 "Args": [
 "-c",
 "while true; do echo hello world; sleep 1; done"
 ],
 "State": {
 "Status": "running",
 "Running": true,
 "Paused": false,
 "Restarting": false,
 "OOMKilled": false,
 "Dead": false,
 "Pid": 29614,
 "ExitCode": 0,
 "Error": "",
 "StartedAt": "2016-05-13T21:49:18.605583292Z",
 "FinishedAt": "0001-01-01T00:00:00Z"
 },
 "Image": "17b6a9e179d7cb99d2f27978ca3ac6cf23eefb23201472ed54f5d9fb94894922",
 "ResolvConfPath": "/var/lib/docker/containers/561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4/resolv.conf",
 "HostnamePath": "/var/lib/docker/containers/561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4/hostname",
 "HostsPath": "/var/lib/docker/containers/561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4/hosts",
 "LogPath": "/var/lib/docker/containers/561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4/561787e6a6992434ffe4551a1d5f47a6debdb08377544d68b406b667ed3e37b4-json.log",
 "Name": "/karun_daemon",
 "RestartCount": 0,
 "Driver": "aufs",
 "ExecDriver": "native-0.2",
 "MountLabel": "",
 "ProcessLabel": "",
 "AppArmorProfile": "",
 "ExecIDs": null,
 "HostConfig": {
 "Binds": null,
 "ContainerIDFile": "",
 "LxcConf": [],
 "Memory": 0,
 "MemoryReservation": 0,
 "MemorySwap": 0,
 "KernelMemory": 0,
 "CpuShares": 0,
 "CpuPeriod": 0,
 "CpusetCpus": "",
 "CpusetMems": "",
 "CpuQuota": 0,
 "BlkioWeight": 0,
 "OomKillDisable": false,
 "MemorySwappiness": -1,
 "Privileged": false,
 "PortBindings": {},
 "Links": null,
 "PublishAllPorts": false,
 "Dns": [],
 "DnsOptions": [],
 "DnsSearch": [],
 "ExtraHosts": null,
 "VolumesFrom": null,
 "Devices": [],
 "NetworkMode": "default",
 "IpcMode": "",
 "PidMode": "",
 "UTSMode": "",
 "CapAdd": null,
 "CapDrop": null,
 "GroupAdd": null,
 "RestartPolicy": {
 "Name": "no",
 "MaximumRetryCount": 0
 },
 "SecurityOpt": null,
 "ReadonlyRootfs": false,
 "Ulimits": null,
 "LogConfig": {
 "Type": "json-file",
 "Config": {}
 },
 "CgroupParent": "",
 "ConsoleSize": [
 0,
 0
 ],
 "VolumeDriver": ""
 },
 "GraphDriver": {
 "Name": "aufs",
 "Data": null
 },
 "Mounts": [],
 "Config": {
 "Hostname": "561787e6a699",
 "Domainname": "",
 "User": "",
 "AttachStdin": false,
 "AttachStdout": false,
 "AttachStderr": false,
 "Tty": false,
 "OpenStdin": false,
 "StdinOnce": false,
 "Env": [],
 "Cmd": [
 "/bin/sh",
 "-c",
 "while true; do echo hello world; sleep 1; done"
 ],
 "Image": "ubuntu",
 "Volumes": null,
 "WorkingDir": "",
 "Entrypoint": null,
 "OnBuild": null,
 "Labels": {},
 "StopSignal": "SIGTERM"
 },
 "NetworkSettings": {
 "Bridge": "",
 "SandboxID": "35851c5605d975eb3f5c2fe04d8cea1f61e3d97e2cda84bba975218c41cbde8d",
 "HairpinMode": false,
 "LinkLocalIPv6Address": "",
 "LinkLocalIPv6PrefixLen": 0,
 "Ports": {},
 "SandboxKey": "/var/run/docker/netns/35851c5605d9",
 "SecondaryIPAddresses": null,
 "SecondaryIPv6Addresses": null,
 "EndpointID": "b05b3e5cb956298308212a1e3168352e780550c21c3281347040994ff6391edb",
 "Gateway": "172.17.0.1",
 "GlobalIPv6Address": "",
 "GlobalIPv6PrefixLen": 0,
 "IPAddress": "172.17.0.4",
 "IPPrefixLen": 16,
 "IPv6Gateway": "",
 "MacAddress": "02:42:ac:11:00:04",
 "Networks": {
 "bridge": {
 "EndpointID": "b05b3e5cb956298308212a1e3168352e780550c21c3281347040994ff6391edb",
 "Gateway": "172.17.0.1",
 "IPAddress": "172.17.0.4",
 "IPPrefixLen": 16,
 "IPv6Gateway": "",
 "GlobalIPv6Address": "",
 "GlobalIPv6PrefixLen": 0,
 "MacAddress": "02:42:ac:11:00:04"
 }
 }
 }
}
]

# docker inspect formatting
root@karun-1:/home/paas# sudo docker inspect --format '{{.NetworkSettings.IPAddress}}' karun_daemon
172.17.0.4

root@karun-1:/home/paas# sudo docker inspect --format '{{.Name}} {{.State.Running}}' karun_daemon
/karun_daemon true

# to delete all docker containers
$ sudo docker rm 'sudo docker ps -a -q'

Advertisements
Categories: General, Security Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: