Blog

We are launching a new series of articles, this time dedicated to Docker. Today we will discuss the simplest commands related to it. We will start with installation and configuration, then we will move to adding the user to the group and importing the container image. Finally, we will list and destroy the container with the images.

Contrary to the erroneous and, unfortunately, common belief, Docker does not mean a container. Docker is basically an application with a client-server architecture. The client is usually the docker console command. Underneath, Docker uses the standard kernel mechanisms described in theoretical foundations to create isolated runtime environments. In some distributions (with the specification of Enterprise Linux distributions), an additional mechanism for securing containers is SELinux, which creates appropriate contexts for containers running on our system.

First, the following concepts need to be explained:

• image – it is a container pattern containing the runtime environment (necessary libraries and system structures). The images are read-only. To create (or change) an image, you need to create the next layer of files. From a single image, you can run potentially an infinite number of containers. After downloading, the images are usually ready to run immediately;
• images registry – contains images ready to be downloaded and run. There are both public and private registries. The most known public image registry is Docker Hub. Most organizations have their own private image registry, which contains images created by maintenance teams. These images usually contain internal company applications and allow for instant deployment and relatively simple management of a containerized application in the infrastructure. Note, however, that containerization is not always a simple and cost effective process.

The command to run the Docker daemon is dockerd. Daemon Docker is responsible, among others, for building containers (images), importing and managing images, as well as launching and managing containers. The command docker is a console interface used to communicate with the Docker daemon.

Docker installation in community version

Docker has long been available in two versions – Enterprise and Community. The way of versioning the project has also changed, so in some materials you can find editions marked as 1.xy, while the current development community edition is already 19.

Such a sudden change of the versioning of the project is a psychological procedure aimed at achieving the effect of a newer version. For example, upgrading from 2.0 to 2.3 seems less invasive than from 20.0 to 23.0. Returning, however, to the topic of choosing the Docker version – for development purposes, the Community edition is enough.

To add a repository for Enterprise Linux (for EuroLinux, Red Hat^® Enterprise Linux^®, Oracle^® Linux, CentOS, or Scientific Linux), you can do the following:

curl https://download.docker.com/linux/centos/docker-ce.repo | sudo tee /etc/yum.repos.d/docker-ce.repo
sudo yum install -y docker-ce

It is also possible to install Docker from the Extras repository, but I do not recommend this method, because the packages provided by Docker are simply fresher and in fact better supported.

To check if Docker has been installed, just run the command:

> docker -v
Docker version 18.09.6, build 481bc77156

A brief overview of dockerd configuration

To run Daemon Docker, perform the following:

systemctl start docker

In order for the Docker daemon to be available after system startup, you must enable it:

systemctl enable docker

Docker daemon can also be started manually with the command:

dockerd

However, the daemon launched in this way does not have the necessary configuration loaded, so it does not work as expected and is practically useless. This is because systemd, when running Docker as a service, loads a number of files, including configuration files, of course. The file responsible for the Docker service provided by Systemd is /usr/lib/systemd/system/docker.service.

To find the configuration (environment) files, you can run the following command:

> grep 'File' /usr/lib/systemd/system/docker.service
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network

The environment loaded from the given files is used by ExecStart, which in plain language is a program run by systemd.

ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --init-path=/usr/libexec/docker/docker-init-current \
          --seccomp-profile=/etc/docker/seccomp.json \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
      $REGISTRIES

Now that you know how loading Docker configurations in Enterprise Linux works, you may guess that editing the Docker daemon startup settings is done by editing the appropriate /etc/sysconfig/docker\* files.

Adding a user to the Docker group

If we want a non-privileged user to be able to enjoy the benefits of Docker without having to elevate their privileges (e.g. by sudo), we should add them to the Docker group. For this purpose, you can use the command usermod:

usermod -a -G docker user

When modifying groups running on a user’s system, the easiest solution is to log out in order to reload the groups. However, if it is inappropriate or impossible, you can also use the newgrp command to reload or add a group in your local session.

newgrp -

or

newgrp docker

Searching and importing containers

After launching the Docker daemon, we can go to container management using the console client, i.e. the docker command. At the very beginning, I suggest searching for an image using the docker search command. The image you are looking for is an image that contains Python version 3. Thus, the 2nd argument to docker search command, which is the search term, will be Python. To limit the results, I allowed myself to add head -4 to the pipeline.

> docker search python | head -4
NAME                             DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
python                           Python is an interpreted, interactive, objec…   4319                [OK]                
django                           Django is a free web application framework, …   850                 [OK]                
pypy                             PyPy is a fast, compliant alternative implem…   194                 [OK]

Use the docker pull command to import the container. Docker will download the latest version of the container by default (tagged as latest). However, we are interested in the one marked as 3. We’ll learn more about tagging (versioning) containers in the next Docker article. Executing the command docker pull should return similar results.

> docker pull python:3
3: Pulling from library/python
6f2f362378c5: Pull complete  
...(wyjście ucięte) 
c8514b1c6524: Pull complete 
Digest: sha256:9e0b4f32487ca1863b45383420b8db77990debae748e2e875d2f86fa9510d4a5
Status: Downloaded newer image for python:3:

Launching the first container with Docker

To run the container, use the command docker run. We will also run our Python container with other parameters:

• -i runs the container interactively
• -t allocates terminal (tty) in the container.

docker run -it python:3
Python 3.7.3 (default, Jun 11 2019, 01:05:09) 
[GCC 6.3.0 20170516] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

In this way, we have access to Python running in the container. To change the command that will run inside the container, you can add another argument to the previous command or use the --entrypointoption.

docker run -it python:3 bash
docker run -it --entrypoint '/bin/bash'  python:3

Docker Container Listing

Working containers are listed with the use of the command docker ps. By default, it only shows running containers. At the moment, I have to images running:

> docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
faf92be3b289        python:3            "python3"           3 seconds ago       Up 3 seconds                            zealous_shirley
2a688789b5f7        python:3            "/bin/bash"         3 minutes ago       Up 3 minutes                            gallant_mahavira

If you want to see all the saved containers, use docker ps with the -a switch or the longer version --all.

> docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
faf92be3b289        python:3            "python3"           4 minutes ago       Up 4 minutes                                    zealous_shirley
2a688789b5f7        python:3            "/bin/bash"         7 minutes ago       Exited (0) 2 seconds ago                        gallant_mahavira
f8618196f0e2        python:3            "bash"              7 minutes ago       Exited (0) 4 minutes ago                        affectionate_babbage
93fad0d3e0ee        python:3            "bash"              10 minutes ago      Exited (0) 9 minutes ago                        determined_cori
7a5e7a241689        python:3            "python3"           15 minutes ago      Exited (0) 12 minutes ago                       cranky_hermann

Destruction of the container

To destroy the container, use the  docker rm command. Both the container ID and its name can be used as arguments. Docker generates the container name by default from a list of random adjectives and nouns. Nevertheless, we can give the container a name ourselves.

Using the results of the previous docker ps -a command, I have selected the images to delete.

> docker rm faf92be3b289 gallant_mahavira affectionate_babbage 93fad0d3e0ee 7a5e7a241689
faf92be3b289
gallant_mahavira
affectionate_babbage
93fad0d3e0ee
7a5e7a241689

After this procedure, the docker ps -a command will return an empty list to us.

Listing and Deleting Container Images

Use the docker images command to list images.

> docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
python              3                   34a518642c76        3 weeks ago         929MB
python              latest              34a518642c76        3 weeks ago         929MB

To delete a container image, use docker rmi along with the image ID.

> docker rmi 34a518642c76
Untagged: python:latest
Untagged: python@sha256:9e0b4f32487ca1863b45383420b8db77990debae748e2e875d2f86fa9510d4a5
Deleted: sha256:34a518642c76e77f0cace72bd993352ac99802c3295931f70a407b735ecb6e27
...(wyjście skrócone)
Deleted: sha256:0db06dff9d9aeb9bed4edde7bd772ad0f3aea497c129d48ed587664d098c6c41

Summary

The article presents a simple but complete scenario of using Docker. In addition to simple and basic information, such as the installation of Docker-CE, we also covered more advanced topics, such as the configuration of the dockerd daemon service from the systemd level.

In the next section, we’ll look at even more advanced topics associated with Docker. Among other things, releasing a given container port to the world, mounting volumes or versioning images.