Docker cheat sheet: Difference between revisions

From Coolscript
Jump to navigation Jump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 310: Line 310:
==Backup Volume==
==Backup Volume==
*Create a temporary Container and mount the volume, make sure that no one else is suing the volume
*Create a temporary Container and mount the volume, make sure that no one else is suing the volume
  docker run -v <volume_name>:/dbdata --name dbstore -itd ubuntu /bin/bash
  docker run -v <volume_name>:/dbdata --name dbstore -itd debian:stable-slim /bin/bash
*Backup the data
*Backup the data
  docker run --rm --volumes-from dbstore -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
  docker run --rm --volumes-from dbstore -v $(pwd):/backup debian:stable-slim tar cvf /backup/backup.tar /dbdata
  Or gz
  Or gz
  docker run --rm --volumes-from dbstore -v $(pwd):/backup ubuntu tar czvf /backup/backup.tar.gz /dbdata
  docker run --rm --volumes-from dbstore -v $(pwd):/backup debian:stable-slim tar czvf /backup/backup.tar.gz /dbdata


==Restore Volume==
==Restore Volume==
Line 320: Line 320:
  docker run -v <volume_name>:/dbdata --name dbstore2 -itd ubuntu /bin/bash
  docker run -v <volume_name>:/dbdata --name dbstore2 -itd ubuntu /bin/bash
  docker run --rm --volumes-from dbstore2 -v $(pwd):/backup ubuntu bash -c "cd /dbdata && tar xvf /backup/backup.tar --strip 1"
  docker run --rm --volumes-from dbstore2 -v $(pwd):/backup ubuntu bash -c "cd /dbdata && tar xvf /backup/backup.tar --strip 1"
=Workshop - Backup and Restore the Splunk Container=
*Workshop - Backup Splunk Volumes
*Copy the existing Splunk volumes (etc / var) from the host nuc01 to nuc02
==BACKUP nuc01==
docker compose down
#Mount the backup container along with the var volume
root@nuc01 ~ # docker run -v docker_splunk-var:/data --name container_backup -itd debian:stable-slim
#Tar/gz the var volume from the root view (we cd into the volume first and write the archive into root)
root@nuc01 ~ # docker exec container_backup  bash -c "cd /data && tar cvfz /docker_splunk-var.tar.gz ."
#Copy the var archive back home
root@nuc01 ~ # docker cp container_backup:/docker_splunk-var.tar.gz .
  # Reset
root@nuc01 ~ # docker container stop container_backup
root@nuc01 ~ # docker container rm container_backup
#SAME WITH ETC
#Mount the backup container along with the etc volume
root@nuc01 ~ # docker run -v docker_splunk-etc:/data --name container_backup -itd debian:stable-slim
#Tar/gz the var volume from the root view (we cd into the volume first and write the archive into root)
root@nuc01 ~ # docker exec container_backup bash -c "cd /data && tar cvfz /docker_splunk-etc.tar.gz ."
#Copy the etc archive back home
root@nuc01 ~ # docker cp container_backup:/docker_splunk-etc.tar.gz .
# Reset
root@nuc01 ~ # docker container stop container_backup
root@nuc01 ~ # docker container rm container_backup
#SCP TO NEW MACHINE
root@nuc01 ~ #  scp *.gz user@nuc02:/backup/nuc02
docker compose up -d
==RESTORE nuc02==
docker compose down
#Consider to recreate the volumes
root@nuc02 ~ # docker volume rm docker_splunk-var
root@nuc02 ~ # docker volume rm docker_splunk-etc
root@nuc02 ~ # docker volume create docker_splunk-var
root@nuc02 ~ # docker volume create docker_splunk-etc
#Mount the backup container along with the var volume
root@nuc02 ~ # docker run -v docker_splunk-var:/data --name container_backup -itd debian:stable-slim /bin/bash
#Copy the var archive to the backup container
root@nuc02 ~ # docker cp /backup/nuc02/docker_splunk-var.tar.gz container_backup:/
#UnTar/gz the var volume back to its volume
root@nuc02 ~ # docker exec container_backup bash -c "cd /data && tar xvfz /docker_splunk-var.tar.gz"
# Reset
root@nuc02 ~ # docker container stop container_backup
root@nuc02 ~ # docker container rm container_backup
#Do the same with  etc - Mount the backup container along with the etc volume
root@nuc02 ~ # docker run -v docker_splunk-etc:/data --name container_backup -itd debian:stable-slim /bin/bash
#Copy the etc archive to the backup container
root@nuc02 ~ # docker cp /backup/nuc02/docker_splunk-etc.tar.gz container_backup:/
#UnTar/gz the etc volume back to its volume
root@nuc02 ~ # docker exec container_backup bash -c "cd /data && tar xvfz /docker_splunk-etc.tar.gz"
#Reset
root@nuc02 ~ # docker container stop container_backup
root@nuc02 ~ # docker container rm container_backup
docker compose up -d


=Backup Image=
=Backup Image=
Line 336: Line 392:
*Mention to chown local data dir to appropriate users
*Mention to chown local data dir to appropriate users


=Recovery special, example for Splunk=
=Network=
*cat /etc/passwd
*Create
  splunk:x:41812:41812::/home/splunk:/bin/bash
docker network create my-network
*OPTIONAL Create the splunk user on the physical host
*Inspect
  addgroup splunk --gid 41812
  docker inspect network my-network
  adduser splunk --uid 41812 --gid 41812
*Use sample
  docker run -itd --name=apache --network my-network apache_slim:1.0
*Create volume
  docker run --name=nginx -itd -p 80:80 -p 443:443 --network my-network nginx:1.0
  docker volume create docker_splunk-etc
 
  docker volume create docker_splunk-var
=Dockerfile=
*Install Syslog
#Syslog Prepare
  RUN apt-get install rsyslog --assume-yes
  RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf


*Mount helper container
=Debug Enrypoint=
  docker run -v docker_splunk-etc:/opt/splunk/etc -v docker_splunk-var:/opt/splunk/var --name shrestore -itd debian:stable-slim /bin/bash
  #Debugging
*Switch into the newly container '''docker exec -it shrestore bash'''
ENTRYPOINT ["/bin/bash","-c","while [ true ];do sleep 30s;done;"]
addgroup splunk --gid 41812
adduser splunk --uid 41812 --gid 41812
chown  splunk /opt/splunk -R


*Copy the tar archives from the host
=References=
docker cp /home/vmadmin/restore/backup/docker/volumes/docker_splunk-etc.tar.gz shrestore:/tmp/docker_splunk-etc.etc.gz
*Ref
docker cp /home/vmadmin/restore/backup/docker/volumes/docker_splunk-var.tar.gz shrestore:/tmp/docker_splunk-var.tar.gz
*https://stackoverflow.com/questions/31149501/how-to-reach-docker-containers-by-name-instead-of-ip-address
*Then uncompress them
*https://webdock.io/en/docs/how-guides/docker-guides/how-to-create-and-manage-docker-networks-and-docker-volumes
docker exec -it -u splunk shrestore bash -c "cd /opt/splunk/etc && tar xvf /tmp/docker_splunk-etc.etc.gz --strip 1 "
docker exec -it -u splunk shrestore bash -c "cd /opt/splunk/var && tar xvf /tmp/docker_splunk-var.tar.gz --strip 1 "

Latest revision as of 12:35, 4 January 2024

Various Commands

List container 

docker container ls -a

DELETE ALL IMAGES 

docker rmi $(docker images -a -q)

View Logs of a specific container 

docker logs foo
  • Remove Container
docker rm foo
  • Stop all containers
docker stop $(docker ps -a -q)
  • Remove all containers
docker rm $(docker ps -a -q)
or
docker container ls -aq | xargs docker container rm
  • Remove all images
docker rmi $(docker images -a -q)
  • Clean
docker container prune
docker image prune -a
docker volume prune


  • List volume size
docker system df

delete Script

#!/bin/bash
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
yes | docker rmi $(docker images -a -q)
yes | docker container prune
yes | docker image prune -a
yes | docker volume prune

Create an easy Ubuntu Container

  • Search for various releases
docker search ubuntu
  • Build container and use interactive with bash
docker create --name=foo -it ubuntu bash
  • Then start the container
docker start foo
  • Then attach to the container, note that this will only work because we have an interactive bash behind
    • To exit and stop the container use CTRL + D
    • To exit only use CTRL + P + Q
docker attach foo
  • Alternative run the new Ubuntu container in one shot and attach to it, this will automatically install the image if not already present
    • To exit and stop the container use CTRL + D
    • To exit only use CTRL + P + Q
docker run --name=foo -it ubuntu bash
  • Or run detached:
docker run --name=foo -itd ubuntu bash
  • And then attach
docker attach ubuntu

Build an easy Apache2 Container

Create the Dockerfile

root@vm-docker01:~/# mkdir apache

root@vm-docker01:~/#  cd apache

root@vm-docker01:~/apache# echo "#Dockerfile sample
#Choose ubuntu or debian
FROM ubuntu
#These images have no apt cache installed yet
RUN apt-get update
#Install apache2 
RUN apt-get install apache2-utils apache2 --assume-yes
#Here comes the most important part as we need to init an entrypoint for the container,
#if you don't do this then the container will exit right away
CMD [\"-D\", \"FOREGROUND\"]
ENTRYPOINT [\"apachectl\"]" > Dockerfile

Build the Image

  • Build a new image named apache_image:1.0, note the dot at the end as this expects the Dockerfile within the current directory
root@vm-docker01:~/apache# docker build -t apache_image:1.0 . 
Sending build context to Docker daemon  18.94kB
Step 1/6 : FROM ubuntu
 ---> a8780b506fa4
Step 2/6 : RUN apt-get update
 ---> Running in 2021ece81156
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
...
...
Fetched 24.6 MB in 2s (12.6 MB/s)
Reading package lists...
Removing intermediate container 2021ece81156
---> 7e2028ae926a
Step 3/6 : RUN apt-get install apache2 --assume-yes
 ---> Running in 7462500da559
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils bzip2 ca-certificates file libapr1
...
...
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils bzip2 ca-certificates file
...
...
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 perl-modules-5.34 all 5.34.0-3ubuntu1.1 [2976 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/main amd64 libgdbm6 amd64 1.23-1 [33.9 kB]
...
...
Removing intermediate container 7462500da559
 ---> 4df992b99ae5
Step 4/6 : RUN apt-get install apache2-utils --assume-yes
 ---> Running in e11af1c7cd8d
Reading package lists...
Building dependency tree...
Reading state information...
apache2-utils is already the newest version (2.4.52-1ubuntu4.2).
apache2-utils set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Removing intermediate container e11af1c7cd8d
 ---> 800f1b355425
Step 5/6 : CMD ["-D", "FOREGROUND"]
 ---> Running in 76635350d8dd
Removing intermediate container 76635350d8dd
 ---> b24fa728d6d7
Step 6/6 : ENTRYPOINT ["apachectl"]
 ---> Running in 5d642bc0312a
Removing intermediate container 5d642bc0312a
 ---> fccb8e6a0568
Successfully built fccb8e6a0568
Successfully tagged apache_image:1.0
  • Check to see if the image is present
root@vm-docker01:~/apache# docker image ls 
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
apache_image   1.0       fccb8e6a0568   8 minutes ago   225MB
ubuntu         latest    a8780b506fa4   2 weeks ago     77.8MB

Start the new buildet image

  • Note the -d flag which says that the container runs detached and note that we map the container port 80 to the real host port 80
root@vm-docker01:~/apache# docker run --name myapache -d -p 80:80 apache_image:1.0
b4865c05a704055bb3bf080a58f1ee33334b0197bec4d89ce76e4995856879dc
  • Note the entrypoint/command which we have specified
root@vm-docker01:~/apache# docker container ls
CONTAINER ID   IMAGE              COMMAND                  CREATED          STATUS          PORTS                NAMES
b4865c05a704   apache_image:1.0   "apachectl -D FOREGR…"   51 seconds ago   Up 50 seconds   0.0.0.0:80->80/tcp   myapache

Connect to the container

  • Do not use the docker attach myapache method as the entrypoint will lead into a dead terminal, instead use the interactive method and start a bash
    • To exit and stop the container use CTRL + D
    • To exit only use CTRL + P + Q
root@vm-docker01:~/apache# docker exec -it myapache bash
root@b4865c05a704:/# ps -e
   PID TTY          TIME CMD
     1 ?        00:00:00 apachectl
    15 ?        00:00:00 apache2
    16 ?        00:00:00 apache2
    17 ?        00:00:00 apache2
    72 pts/0    00:00:00 bash
    80 pts/0    00:00:00 ps
  • Now the webserver should be reachable through the network
root@vm-docker01:~/apache# netstat -tpan | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      160554/docker-proxy

Create an easy mysql container

  • Create a password file
root@vm-docker01:~# mkdir ./secrets
root@vm-docker01:~# echo "Passwd" > ./secrets/mysql-root-password
  • Create the mysql container using the above passwd file, alos create an extra volume to keep the database persistant
root@vm-docker01:~# docker run --name mysql -d \
-p 3306:3306 \
-e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root-password \
-v /root/secrets:/run/secrets \
-v mysql:/var/lib/mysql \
mysql:8
  • Connect to the container and run mysql, you can the create your database, user and so on
root@vm-docker01:~# docker exec -it mysql mysql -p
Your MySQL connection id is 8
Server version: 8.0.31 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database mydatabase;
Query OK, 1 row affected (0.03 sec)

mysql> CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypwd';
Query OK, 0 rows affected (0.03 sec)

mysql> GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'%';
Query OK, 0 rows affected (0.01 sec)

mysql> ALTER USER 'myuser'@'%' IDENTIFIED WITH mysql_native_password BY 'mypwd';
Query OK, 0 rows affected (0.01 sec)

mysql> quit


  • Mysql is now ready on port 3306
root@vm-dev01:~# docker container ls
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                                  NAMES
62b28b965c54   mysql:8   "docker-entrypoint.s…"   9 minutes ago   Up 8 minutes   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp   mysql


Build an easy msql container

root@vm-docker01:~/# mkdir mysql
root@vm-docker01:~/#  cd mysql
  • Create a sample sql init script which we run during the container init
root@vm-docker01:~/mysql # echo "#mysql script sample
create database mydatabase;
CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypwd';
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'%';
ALTER USER 'myuser'@'%' IDENTIFIED WITH mysql_native_password BY 'mypwd'; "> init.sql

root@vm-docker01:~/mysql # echo "#Dockerfile sample
#Get the mysql version 8 image
FROM mysql:8
#Set the root pw during init, alternative use the /run/secrets option from above
ENV MYSQL_ROOT_PASSWORD=Pass123
#Copy one or more sql init files to the container entrypoint
COPY init.sql /docker-entrypoint-initdb.d/" > Dockerfile
  • Build the msql Image
root@vm-docker01:~/mysql# docker build -t mysql_image:1.0 .
Sending build context to Docker daemon  3.072kB
Step 1/3 : FROM mysql:8
8: Pulling from library/mysql
0bb5c0c24818: Pull complete
...
ad655e218e12: Pull complete
Digest: sha256:96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492
Status: Downloaded newer image for mysql:8
 ---> 3842e9cdffd2
Step 2/3 : ENV MYSQL_ROOT_PASSWORD=Pass123
 ---> Running in 655ef85c56db
Removing intermediate container 655ef85c56db
 ---> 208553d8cba2
Step 3/3 : COPY init.sql /docker-entrypoint-initdb.d/
 ---> 1cc6b668c6e1
Successfully built 1cc6b668c6e1
Successfully tagged mysql_image:1.0
  • Run the new container
root@vm-docker01:~/mysql# docker run --name mysql -d -p 3306:3306 mysql_image:1.0
ade81568e9e77b8c87834f3422f23886e8b7251a8f3402f85d4d7f31c2877fcd

root@vm-docker01:~/mysql# docker container ls
CONTAINER ID   IMAGE             COMMAND                  CREATED         STATUS         PORTS                                                  NAMES
ade81568e9e7   mysql_image:1.0   "docker-entrypoint.s…"   2 minutes ago   Up 2 minutes   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp   mysql


Using docker-compose

This would be the docker-compose.yml file to build the above apache and mysql container

  • To build
    • docker-compose build
    • docker-compose build -d MyProjectName (Otherwise the current directory will be used to prefix volumes)
  • To View
    • docker-compose logs
    • docker-compose logs -f
  • To start/stop
    • docker-compose up -d
    • docker-compose down
version: '3.0'
services:
  apache:
    image: "apache_image:1.0"
    container_name: apache
    hostname: apache
    build:
      context: ./apache
    ports:
      - "80:80"

  mysql:
    image: "mysql_image:1.0"
    container_name: mysql
    hostname: mysql
    volumes:
     - mysql:/var/lib/mysql
    build:
      context: ./mysql
    ports:
      - "3306:3306"

volumes:
  mysql: null

Backup/Restore

Backup Volume

  • Create a temporary Container and mount the volume, make sure that no one else is suing the volume
docker run -v <volume_name>:/dbdata --name dbstore -itd debian:stable-slim /bin/bash
  • Backup the data
docker run --rm --volumes-from dbstore -v $(pwd):/backup debian:stable-slim tar cvf /backup/backup.tar /dbdata
Or gz
docker run --rm --volumes-from dbstore -v $(pwd):/backup debian:stable-slim tar czvf /backup/backup.tar.gz /dbdata

Restore Volume

  • Create a temporary Container and mount the volume, make sure that no one else is suing the volume
docker run -v <volume_name>:/dbdata --name dbstore2 -itd ubuntu /bin/bash
docker run --rm --volumes-from dbstore2 -v $(pwd):/backup ubuntu bash -c "cd /dbdata && tar xvf /backup/backup.tar --strip 1"

Workshop - Backup and Restore the Splunk Container

  • Workshop - Backup Splunk Volumes
  • Copy the existing Splunk volumes (etc / var) from the host nuc01 to nuc02

BACKUP nuc01

docker compose down
#Mount the backup container along with the var volume
root@nuc01 ~ # docker run -v docker_splunk-var:/data --name container_backup -itd debian:stable-slim
#Tar/gz the var volume from the root view (we cd into the volume first and write the archive into root)
root@nuc01 ~ # docker exec container_backup  bash -c "cd /data && tar cvfz /docker_splunk-var.tar.gz ."
#Copy the var archive back home
root@nuc01 ~ # docker cp container_backup:/docker_splunk-var.tar.gz .
 # Reset
root@nuc01 ~ # docker container stop container_backup
root@nuc01 ~ # docker container rm container_backup
#SAME WITH ETC
#Mount the backup container along with the etc volume
root@nuc01 ~ # docker run -v docker_splunk-etc:/data --name container_backup -itd debian:stable-slim
#Tar/gz the var volume from the root view (we cd into the volume first and write the archive into root)
root@nuc01 ~ # docker exec container_backup bash -c "cd /data && tar cvfz /docker_splunk-etc.tar.gz ."
#Copy the etc archive back home
root@nuc01 ~ # docker cp container_backup:/docker_splunk-etc.tar.gz .
# Reset
root@nuc01 ~ # docker container stop container_backup
root@nuc01 ~ # docker container rm container_backup
#SCP TO NEW MACHINE
root@nuc01 ~ #  scp *.gz user@nuc02:/backup/nuc02
docker compose up -d

RESTORE nuc02

docker compose down
#Consider to recreate the volumes
root@nuc02 ~ # docker volume rm docker_splunk-var
root@nuc02 ~ # docker volume rm docker_splunk-etc
root@nuc02 ~ # docker volume create docker_splunk-var
root@nuc02 ~ # docker volume create docker_splunk-etc
#Mount the backup container along with the var volume
root@nuc02 ~ # docker run -v docker_splunk-var:/data --name container_backup -itd debian:stable-slim /bin/bash
#Copy the var archive to the backup container
root@nuc02 ~ # docker cp /backup/nuc02/docker_splunk-var.tar.gz container_backup:/
#UnTar/gz the var volume back to its volume
root@nuc02 ~ # docker exec container_backup bash -c "cd /data && tar xvfz /docker_splunk-var.tar.gz"
# Reset
root@nuc02 ~ # docker container stop container_backup
root@nuc02 ~ # docker container rm container_backup
#Do the same with  etc - Mount the backup container along with the etc volume
root@nuc02 ~ # docker run -v docker_splunk-etc:/data --name container_backup -itd debian:stable-slim /bin/bash
#Copy the etc archive to the backup container
root@nuc02 ~ # docker cp /backup/nuc02/docker_splunk-etc.tar.gz container_backup:/
#UnTar/gz the etc volume back to its volume
root@nuc02 ~ # docker exec container_backup bash -c "cd /data && tar xvfz /docker_splunk-etc.tar.gz"
#Reset 
root@nuc02 ~ # docker container stop container_backup
root@nuc02 ~ # docker container rm container_backup
docker compose up -d

Backup Image

docker save mysql_image:1.0 apache_image:1.0 -o mybackup.tar.gz

Restore Image

docker load -i mybackup.tar.gz

VARS

  • Sample

ARG MY_JAR=myJar.jar # ARG is only available during the build of a Docker image COPY bin/$MY_JAR $ORACLE_HOME/user_projects/domains/$DOMAIN_NAME/lib/ COPY bin/$MY_JAR $ORACLE_HOME/wlserver/server/lib/mbeantypes/

VBind Mount

  • Mention to chown local data dir to appropriate users

Network

  • Create
docker network create my-network
  • Inspect
docker inspect network my-network
  • Use sample
docker run -itd --name=apache --network my-network apache_slim:1.0
docker run --name=nginx -itd -p 80:80 -p 443:443 --network my-network nginx:1.0

Dockerfile

  • Install Syslog
#Syslog Prepare
RUN apt-get install rsyslog --assume-yes
RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf

Debug Enrypoint

#Debugging
ENTRYPOINT ["/bin/bash","-c","while [ true ];do sleep 30s;done;"]

References

Retrieved from "https://coolscript.org/index.php?title=Docker_cheat_sheet&oldid=1018"