We are launching a new series of articles, this time dedicated to Docker. Today we will discuss the simplest commands related to it. We will start with installation and configuration, then we will move to adding the user to the group and importing the container image. Finally, we will list and destroy the container with the images.
Contrary to the erroneous and, unfortunately, common belief, Docker does not mean a container. Docker is basically an application with a client-server architecture. The client is usually the
docker console command. Underneath, Docker uses the standard kernel mechanisms described in theoretical foundations to create isolated runtime environments. In some distributions (with the specification of Enterprise Linux distributions), an additional mechanism for securing containers is SELinux, which creates appropriate contexts for containers running on our system.
First, the following concepts need to be explained:
- image – it is a container pattern containing the runtime environment (necessary libraries and system structures). The images are read-only. To create (or change) an image, you need to create the next layer of files. From a single image, you can run potentially an infinite number of containers. After downloading, the images are usually ready to run immediately;
- images registry – contains images ready to be downloaded and run. There are both public and private registries. The most known public image registry is Docker Hub. Most organizations have their own private image registry, which contains images created by maintenance teams. These images usually contain internal company applications and allow for instant deployment and relatively simple management of a containerized application in the infrastructure. Note, however, that containerization is not always a simple and cost effective process.
The command to run the Docker daemon is
dockerd. Daemon Docker is responsible, among others, for building containers (images), importing and managing images, as well as launching and managing containers. The command
docker is a console interface used to communicate with the Docker daemon.
Docker installation in community version
Docker has long been available in two versions - Enterprise and Community. The way of versioning the project has also changed, so in some materials you can find editions marked as 1.xy, while the current development community edition is already 19.
Such a sudden change of the versioning of the project is a psychological procedure aimed at achieving the effect of a newer version. For example, upgrading from 2.0 to 2.3 seems less invasive than from 20.0 to 23.0. Returning, however, to the topic of choosing the Docker version - for development purposes, the Community edition is enough.
To add a repository for Enterprise Linux (for EuroLinux, Red Hat® Enterprise Linux®, Oracle® Linux, CentOS, or Scientific Linux), you can do the following:
curl https://download.docker.com/linux/centos/docker-ce.repo | sudo tee /etc/yum.repos.d/docker-ce.repo sudo yum install -y docker-ce
It is also possible to install Docker from the Extras repository, but I do not recommend this method, because the packages provided by Docker are simply fresher and in fact better supported.
To check if Docker has been installed, just run the command:
> docker -v Docker version 18.09.6, build 481bc77156
A brief overview of dockerd configuration
To run Daemon Docker, perform the following:
systemctl start docker
In order for the Docker daemon to be available after system startup, you must enable it:
systemctl enable docker
Docker daemon can also be started manually with the command:
However, the daemon launched in this way does not have the necessary configuration loaded, so it does not work as expected and is practically useless. This is because systemd, when running Docker as a service, loads a number of files, including configuration files, of course. The file responsible for the Docker service provided by Systemd is
To find the configuration (environment) files, you can run the following command:
> grep 'File' /usr/lib/systemd/system/docker.service EnvironmentFile=-/run/containers/registries.conf EnvironmentFile=-/etc/sysconfig/docker EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-network
The environment loaded from the given files is used by
ExecStart, which in plain language is a program run by systemd.
ExecStart=/usr/bin/dockerd-current \ --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ --default-runtime=docker-runc \ --exec-opt native.cgroupdriver=systemd \ --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ --init-path=/usr/libexec/docker/docker-init-current \ --seccomp-profile=/etc/docker/seccomp.json \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ $INSECURE_REGISTRY \ $REGISTRIES
Now that you know how loading Docker configurations in Enterprise Linux works, you may guess that editing the Docker daemon startup settings is done by editing the appropriate
Adding a user to the Docker group
If we want a non-privileged user to be able to enjoy the benefits of Docker without having to elevate their privileges (e.g. by sudo), we should add them to the Docker group. For this purpose, you can use the command
usermod -a -G docker user
When modifying groups running on a user's system, the easiest solution is to log out in order to reload the groups. However, if it is inappropriate or impossible, you can also use the
newgrp command to reload or add a group in your local session.
Searching and importing containers
After launching the Docker daemon, we can go to container management using the console client, i.e. the
docker command. At the very beginning, I suggest searching for an image using the
docker search command. The image you are looking for is an image that contains Python version 3. Thus, the 2nd argument to
docker search command, which is the search term, will be Python. To limit the results, I allowed myself to add
head -4 to the pipeline.
> docker search python | head -4 NAME DESCRIPTION STARS OFFICIAL AUTOMATED python Python is an interpreted, interactive, objec… 4319 [OK] django Django is a free web application framework, … 850 [OK] pypy PyPy is a fast, compliant alternative implem… 194 [OK]
docker pull command to import the container. Docker will download the latest version of the container by default (tagged as
latest). However, we are interested in the one marked as 3. We'll learn more about tagging (versioning) containers in the next Docker article. Executing the command
docker pull should return similar results.
> docker pull python:3 3: Pulling from library/python 6f2f362378c5: Pull complete ...(wyjście ucięte) c8514b1c6524: Pull complete Digest: sha256:9e0b4f32487ca1863b45383420b8db77990debae748e2e875d2f86fa9510d4a5 Status: Downloaded newer image for python:3:
Launching the first container with Docker
To run the container, use the command
docker run. We will also run our Python container with other parameters:
-iruns the container interactively
-tallocates terminal (tty) in the container.
docker run -it python:3 Python 3.7.3 (default, Jun 11 2019, 01:05:09) [GCC 6.3.0 20170516] on linux Type "help", "copyright", "credits" or "license" for more information. >>>
In this way, we have access to Python running in the container. To change the command that will run inside the container, you can add another argument to the previous command or use the
docker run -it python:3 bash docker run -it --entrypoint '/bin/bash' python:3
Docker Container Listing
Working containers are listed with the use of the command
docker ps. By default, it only shows running containers. At the moment, I have to images running:
> docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES faf92be3b289 python:3 "python3" 3 seconds ago Up 3 seconds zealous_shirley 2a688789b5f7 python:3 "/bin/bash" 3 minutes ago Up 3 minutes gallant_mahavira
If you want to see all the saved containers, use
docker ps with the
-a switch or the longer version
> docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES faf92be3b289 python:3 "python3" 4 minutes ago Up 4 minutes zealous_shirley 2a688789b5f7 python:3 "/bin/bash" 7 minutes ago Exited (0) 2 seconds ago gallant_mahavira f8618196f0e2 python:3 "bash" 7 minutes ago Exited (0) 4 minutes ago affectionate_babbage 93fad0d3e0ee python:3 "bash" 10 minutes ago Exited (0) 9 minutes ago determined_cori 7a5e7a241689 python:3 "python3" 15 minutes ago Exited (0) 12 minutes ago cranky_hermann
Destruction of the container
To destroy the container, use the
docker rm command. Both the container ID and its name can be used as arguments. Docker generates the container name by default from a list of random adjectives and nouns. Nevertheless, we can give the container a name ourselves.
Using the results of the previous
docker ps -a command, I have selected the images to delete.
> docker rm faf92be3b289 gallant_mahavira affectionate_babbage 93fad0d3e0ee 7a5e7a241689 faf92be3b289 gallant_mahavira affectionate_babbage 93fad0d3e0ee 7a5e7a241689
After this procedure, the
docker ps -a command will return an empty list to us.
Listing and Deleting Container Images
docker images command to list images.
> docker images REPOSITORY TAG IMAGE ID CREATED SIZE python 3 34a518642c76 3 weeks ago 929MB python latest 34a518642c76 3 weeks ago 929MB
To delete a container image, use
docker rmi along with the image ID.
> docker rmi 34a518642c76 Untagged: python:latest Untagged: [email protected]:9e0b4f32487ca1863b45383420b8db77990debae748e2e875d2f86fa9510d4a5 Deleted: sha256:34a518642c76e77f0cace72bd993352ac99802c3295931f70a407b735ecb6e27 ...(wyjście skrócone) Deleted: sha256:0db06dff9d9aeb9bed4edde7bd772ad0f3aea497c129d48ed587664d098c6c41
The article presents a simple but complete scenario of using Docker. In addition to simple and basic information, such as the installation of Docker-CE, we also covered more advanced topics, such as the configuration of the dockerd daemon service from the systemd level.
In the next section, we'll look at even more advanced topics associated with Docker. Among other things, releasing a given container port to the world, mounting volumes or versioning images.