1. 程式人生 > >Docker in Action

Docker in Action

docker help
docker help cp
docker run --detach --name web nginx:latest
docker run -d --name mailer
docker run --interactive --tty --link web:web --name web_test busybox:latest /bin/sh
docker run -it --name agent --link web:insideweb --link mailer:insidemailer  dockerinaction/ch2_agent
docker ps
docker restart web
docker restart mailer
docker restart agent
docker logs web
docker run -d --name namespaceA busybox:latest /bin/sh -c "sleep 30000"
docker run -d --name namespaceB busybox:latest /bin/sh -c "nc -l -p 0.0.0.0:80"
docker exec namespaceA ps
docker exec namespaceB ps
docker run --pid host busybox:latest ps
docker run –d --name webConflict nginx:latest
docker logs webConflict
docker exec webConflict nginx -g 'daemon off‘
docker run -d --name webA nginx:latest
docker logs webA
docker run -d --name webB nginx:latest
docker logs webB
docker run -d --name webid nginx
docker rename webid webid-old
docker run -d --name webid nginx
docker exec 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5 ps
docker stop 7cb5d2b9a7eab87f07182b5bf58936c9947890995b1b94f412912fa822a9ecb5
docker create nginx
CID=$(docker create nginx:latest)
echo $CID
docker create --cidfile /tmp/web.cid nginx
cat /tmp/web.cid
CID=$(docker ps --latest --quiet)
echo $CID
CID=$(docker ps -l –q)
echo $CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker create nginx)
AGENT_CID=$(docker create --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker ps -a
docker start $WEB_CID
docker start $AGENT_CID
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker run -d nginx)
AGENT_CID=$(docker run -d --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)
docker run -d --name wpdb -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5
docker run -d --name wp2 --link wpdb:mysql -p 80 --read-only wordpress:4
docker logs wp2
docker run -d --name wp3 --link wpdb:mysql -p 80 -v /run/lock/apache2/ -v /run/apache2/ --read-only wordpress:4
SQL_CID=$(docker create -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
docker start $SQL_CID
MAILER_CID=$(docker create dockerinaction/ch2_mailer)
docker start $MAILER_CID
WP_CID=$(docker create --link $SQL_CID:mysql -p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create --link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run --env MY_ENVIRONMENT_VAR="this is a test" \
busybox:latest \
env
docker create --env WORDPRESS_DB_HOST=<my database hostname> wordpress:4
docker create \
--env WORDPRESS_DB_HOST=<my database hostname> \
--env WORDPRESS_DB_USER=site_admin \
--env WORDPRESS_DB_PASSWORD=MeowMix42 \
wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_a_wp wordpress:4
docker create --link wpdb:mysql \
-e WORDPRESS_DB_NAME=client_b_wp wordpress:4
DB_CID=$(docker run -d -e MYSQL_ROOT_PASSWORD=ch2demo mysql:5)
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
if [ ! -n "$CLIENT_ID" ]; then
echo "Client ID not set”
exit 1
fi
WP_CID=$(docker create \
--link $DB_CID:mysql \
--name wp_$CLIENT_ID \
-p 80 \
-v /run/lock/apache2/ -v /run/apache2/ \
-e WORDPRESS_DB_NAME=$CLIENT_ID \
--read-only wordpress:4)
docker start $WP_CID
AGENT_CID=$(docker create \
--name agent_$CLIENT_ID \
--link $WP_CID:insideweb \
--link $MAILER_CID:insidemailer \
dockerinaction/ch2_agent)
docker start $AGENT_CID
docker run -d --name backoff-detector --restart always busybox date
docker run -d -p 80:80 --name lamp-test tutum/lamp
docker top lamp-test
docker exec lamp-test ps
docker exec lamp-test kill <PID>
docker run --entrypoint="cat" wordpress:4 /entrypoint.sh
docker ps -a
docker rm wp
docker run --rm --name auto-exit-test busybox:latest echo Hello World
docker rm -vf $(docker ps -a -q)
docker search postgres
docker rmi dockerinaction/ch3_ex2_hunt
docker rmi <mystery repository>
docker pull quay.io/dockerinaction/ch3_hello_registry:latest
docker pull busybox:latest
docker save -o myfile.tar busybox:latest
docker rmi busybox
docker load –i myfile.tar
git clone https://github.com/dockerinaction/ch3_dockerfile.git
docker build -t dia_ch3/dockerfile:latest ch3_dockerfile
docker rmi dia_ch3/dockerfile
rm -rf ch3_dockerfile
docker pull dockerinaction/ch3_myapp
docker pull dockerinaction/ch3_myotherapp
docker images -a 
docker rmi dockerinaction/ch3_myapp dockerinaction/ch3_myotherapp java:6
--storage-driver
docker run -d \
--volume /var/lib/cassandra/data \
--name cass-shared alpine echo Data Container
docker run -d --volumes-from cass-shared --name cass1 cassandra:2.2
docker run –it --rm --link cass1:cass cassandra:2.2 cqlsh cass
docker stop cass1
docker rm -vf cass1
docker run -d --volumes-from cass-shared --name cass2 cassandra:2.2
docker run –it --rm --link cass2:cass cassandra:2.2 cqlsh cass
docker rm -vf cass2 cass-shared
docker run -d --name bmweb -v ~/example-docs:/usr/local/apache2/htdocs  -p 80:80 httpd:latest
docker rm -vf bmweb
docker run --name bmweb_ro --volume ~/example-docs:/usr/local/apache2/htdocs/:ro -p 80:80 httpd:latest
docker run --rm -v ~/example-docs:/testspace:ro alpine /bin/sh -c 'echo test > /testspace/test'
ls ~/example-docs/absent
docker run --rm -v ~/example-docs/absent:/absent alpine:latest /bin/sh -c 'mount | grep absent'
ls ~/example-docs/absent
docker run -d -v /var/lib/cassandra/data --name cass-shared alpine echo Data Container
docker inspect -f "{{json .Volumes}}" cass-shared
mkdir ~/web-logs-example
docker run --name plath -d -v ~/web-logs-example:/data dockerinaction/ch4_writer_a
docker run --rm -v ~/web-logs-example:/reader-data alpine:latest head /reader-data/logA
cat ~/web-logs-example/logA
docker stop plath
docker run --name woolf -d \
--volume ~/web-logs-example:/data \
dockerinaction/ch4_writer_a
docker run --name alcott -d \
-v ~/web-logs-example:/data \
dockerinaction/ch4_writer_b
docker run --rm --entrypoint head \
-v ~/web-logs-example:/towatch:ro \
alpine:latest \
/towatch/logA
docker run --rm \
-v ~/web-logs-example:/toread:ro \
alpine:latest \
head /toread/logB
docker run --name fowler \
-v ~/example-books:/library/PoEAA \
-v /library/DSL \
alpine:latest \
echo "Fowler collection created."
docker run --name knuth \
-v /library/TAoCP.vol1 \
-v /library/TAoCP.vol2 \
-v /library/TAoCP.vol3 \
-v /library/TAoCP.vol4.a \
alpine:latest \
echo "Knuth collection created"
docker run --name reader \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest ls -l /library/
docker inspect --format "{{json .Volumes}}" reader
docker run --name aggregator \
--volumes-from fowler \
--volumes-from knuth \
alpine:latest \
echo "Collection Created."
docker run --rm \
--volumes-from aggregator \
alpine:latest \
ls -l /library/
docker run --name chomsky --volume /library/ss \
alpine:latest echo "Chomsky collection created."
docker run --name lamport --volume /library/ss \
alpine:latest echo "Lamport collection created."
docker run --name student \
--volumes-from chomsky --volumes-from lamport \
alpine:latest ls -l /library/
docker inspect -f "{{json .Volumes}}" student
docker rm -v student
docker rm -v $(docker ps -aq)
docker run --name dpvc \
-v /config \
dockerinaction/ch4_packed /bin/sh -c 'cp /packed/* /config/'
docker run --rm --volumes-from dpvc \
alpine:latest ls /config
docker run --rm --volumes-from dpvc \
alpine:latest cat /config/packedData
docker rm -v dpvc
docker run --name tools dockerinaction/ch4_tools
docker run --rm \
--volumes-from tools \
alpine:latest \
ls /operations/*
docker run -d --name important_application \
--volumes-from tools \
dockerinaction/ch4_ia
docker exec important_application /operations/tools/someTool
docker rm -vf important_application
docker rm -v tools
docker run --name devConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /development/* /config/'
docker run --name prodConfig \
-v /config \
dockerinaction/ch4_packed_config:latest \
/bin/sh -c 'cp /production/* /config/'
docker run --name devApp \
--volumes-from devConfig \
dockerinaction/ch4_polyapp
docker run --name prodApp \
--volumes-from prodConfig \
dockerinaction/ch4_polyapp
docker run --rm \
--net none \
alpine:latest \
ip addr
docker run --rm \
--net none \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--net bridge \
alpine:latest \
ip addr
docker run --rm \
alpine:latest \
ping -w 2 8.8.8.8
docker run --rm \
--hostname barker \
alpine:latest \
nslookup barker
docker run --rm \
--dns 8.8.8.8 \
alpine:latest \
nslookup docker.com
docker run --rm \
--dns-search docker.com \
busybox:latest \
nslookup registry.hub
docker run --rm \
--dns-search dev.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search test.mycompany \
busybox:latest \
nslookup myservice
docker run --rm \
--dns-search mycompany \
--dns-search myothercompany ...
docker run --rm \
--add-host test:10.10.10.255 \
alpine:latest \
nslookup test
docker run --rm \
--hostname mycontainer \
--add-host docker.com:127.0.0.1 \
--add-host test:10.10.10.2 \
alpine:latest \
cat /etc/hosts
docker run -p 3333:3333
docker run -p 192.168.0.32::2222 ...
docker run -d --name dawson \
-p 5000 \
-p 6000 \
-p 7000 \
dockerinaction/ch5_expose
docker run -d --name woolery \
-P \
dockerinaction/ch5_expose
docker run -d --name philbin \
--expose 8000 \
-P \
dockerinaction/ch5_expose
docker port philbin
docker run -it --rm dockerinaction/ch5_nmap -sS -p 3333 172.17.0.0/24
docker -d --icc=false
docker -d --bip "192.168.0.128" 
docker -d --fixed-cidr "192.168.0.192/26"
docker -d –mtu 1200
docker -d -b mybridge ...
docker -d --bridge mybridge
docker run -d --name brady \
--net none alpine:latest \
nc -l 127.0.0.1:3333
docker run -it \
--net container:brady \
alpine:latest netstat –al
docker run --rm \
--net host \
alpine:latest ip addr
docker run -d --name importantData \
--expose 3306 \
dockerinaction/mysql_noauth \
service mysql_noauth start
docker run -d --name importantWebapp \
--link imporantData:db \
dockerinaction/ch5_web startapp.sh -db tcp://db:3306
docker run -d --name buggyProgram \
dockerinaction/ch5_buggy
docker run --link a:alias-a --link b:alias-b --link c:alias-c
docker run -d --name mydb --expose 3306 \
alpine:latest nc -l 0.0.0.0:3306
docker run -it --rm \
dockerinaction/ch5_ff echo This "shouldn't" work.
docker run -it --rm \
--link mydb:wrongalias \
dockerinaction/ch5_ff echo Wrong.
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff echo It worked.
docker stop mydb && docker rm mydb
docker run -d --name mydb \
--expose 2222 --expose 3333 --expose 4444/udp \
alpine:latest nc -l 0.0.0.0:2222
docker run -it --rm \
--link mydb:database \
dockerinaction/ch5_ff env
docker stop mydb && docker rm mydb
docker run -d --name ch6_mariadb \
--memory 256m \
--cpu-shares 1024
--user nobody \
--cap-drop all \
dockerfile/mariadb
docker run -d -P --name ch6_wordpress \
--memory 512m \
--cpu-shares 512 \
--user nobody \
--cap-drop net_raw \
--link ch6_mariadb \
wordpress:4.1
docker run -d \
--cpuset-cpus 0 \
--name ch6_stresser dockerinaction/ch6_stresse
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker -it --rm \
--device /dev/video0:/dev/video0 \
ubuntu:latest ls -al /dev
docker -d -u nobody --name ch6_ipc_producer \
dockerinaction/ch6_ipc -producer
docker -d -u nobody --name ch6_ipc_consumer \
dockerinaction/ch6_ipc -consumer
docker logs ch6_ipc_producer
docker logs ch6_ipc_consumer
docker rm -v ch6_ipc_consumer
docker -d --name ch6_ipc_consumer \
--ipc container:ch6_ipc_producer \
dockerinaction/ch6_ipc -consumer
docker -d --name ch6_ipc_producer \
--ipc host \
dockerinaction/ch6_ipc –producer
docker -d --name ch6_ipc_consumer \
--ipc host \
dockerinaction/ch6_ipc -consumer
docker rm -vf ch6_ipc_producer ch6_ipc_consumer
docker create --name bob busybox:latest ping localhost
docker inspect bob
docker inspect --format "{{.Config.User}}" bob
docker run --rm --entrypoint "" busybox:latest whoami
docker run --rm --entrypoint "" busybox:latest id
docker run --rm busybox:latest awk -F: '$0=$1' /etc/passwd
docker run --rm \
--user nobody \
busybox:latest id
docker run --rm \
-u nobody:default \
busybox:latest id
docker run --rm \
-u 10000:20000 \
busybox:latest id
docker run -it --name escalation -u nobody busybox:latest \
/bin/sh -c "whoami; su -c whoami"
echo "e=mc^2" > garbage
chmod 600 garbage
sudo chown root:root garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u nobody \
ubuntu:latest cat /test/garbage
docker run --rm -v "$(pwd)"/garbage:/test/garbage \
-u root ubuntu:latest cat /test/garbage
# Outputs: "e=mc^2"
# cleanup that garbage
sudo rm -f garbage
mkdir logFiles
sudo chown 2000:2000 logFiles
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo This is important info > /logFiles/important.log"
docker run --rm -v "$(pwd)"/logFiles:/logFiles \
-u 2000:2000 ubuntu:latest \
/bin/bash -c "echo More info >> /logFiles/important.log"
sudo rm –r logFiles
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
--cap-drop net_raw \
ubuntu:latest \
/bin/bash -c "capsh --print | grep net_raw"
docker run --rm -u nobody \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm -u nobody \
--cap-add sys_admin \
ubuntu:latest \
/bin/bash –c "capsh --print | grep sys_admin"
docker run --rm \
--privileged \
ubuntu:latest id
docker run --rm \
--privileged \
ubuntu:latest capsh –print
docker run --rm \
--privileged \
ubuntu:latest ls /dev
docker run --rm \
--privileged \
ubuntu:latest ifconfig
docker run -d \
--lxc-conf="lxc.cgroup.cpuset.cpus=0,1" \
--name ch6_stresser dockerinaction/ch6_stresser
docker run -it --rm dockerinaction/ch6_htop
docker rm -vf ch6_stresser
docker run --name hw_container ubuntu:latest touch /HelloWorld
docker commit hw_container hw_image
docker rm -vf hw_container
docker run --rm hw_image ls -l /HelloWorld
docker run -it --name image-dev ubuntu:latest /bin/bash
apt-get –y install git
git version
exit
docker diff image-dev
docker run --name tweak-a busybox:latest touch /HelloWorld
docker diff tweak-a
docker run --name tweak-d busybox:latest rm /bin/vi
docker run --name tweak-c busybox:latest touch /bin/vi
docker diff tweak-c
docker rm -vf tweak-a
docker rm -vf tweak-d
docker rm -vf tweak-c
docker commit -a "@dockerinaction" -m "Added git" image-dev ubuntu-git
docker run --rm ubuntu-git git version
docker run --rm ubuntu-git
docker run --name cmd-git --entrypoint git ubuntu-git
docker commit -m "Set CMD git" -a "@dockerinaction" cmd-git ubuntu-git
docker rm -vf cmd-git
docker run --name cmd-git ubuntu-git version
docker run --name rich-image-example \
-e ENV_EXAMPLE1=Rich -e ENV_EXAMPLE2=Example \
busybox:latest
docker commit rich-image-example rie
docker run --rm rie \
/bin/sh -c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker run --name rich-image-example-2 \
--entrypoint "/bin/sh" \
rie \
-c "echo \$ENV_EXAMPLE1 \$ENV_EXAMPLE2"
docker commit rich-image-example-2 rie
docker run --rm rie
docker run --name mod_ubuntu ubuntu:latest touch /mychange
docker diff mod_ubuntu
docker run --name mod_busybox_delete busybox:latest rm /etc/profile
docker diff mod_busybox_delete
docker run --name mod_busybox_change busybox:latest touch /etc/profile
docker diff mod_busybox_change
docker commit mod_ubuntu
docker commit mod_ubuntu myuser/myfirstrepo:mytag
docker tag ubuntu-git:latest ubuntu-git:1.9
docker run --name image-dev2 \
--entrypoint /bin/bash \
ubuntu-git:latest -c "apt-get remove -y git"
docker commit image-dev2 ubuntu-git:removed
docker tag -f ubuntu-git:removed ubuntu-git:latest
docker images
docker history ubuntu-git:removed
docker run --name export-test dockerinaction/ch7_packed:latest ./echo For Export
docker export --output contents.tar export-test
docker rm export-test
tar -tf contents.tar
docker run --rm -v "$(pwd)":/usr/src/hello \
-w /usr/src/hello golang:1.3 go build -v
docker import -c "ENTRYPOINT [\"/hello\"]" - \
dockerinaction/ch7_static < static_hello.tar
docker run dockerinaction/ch7_static
docker history dockerinaction/ch7_static

# An example Dockerfile for installing Git on Ubuntu
FROM ubuntu:latest
MAINTAINER "
[email protected]
" RUN apt-get install -y git ENTRYPOINT ["git"] docker build --tag ubuntu-git:auto . docker run --rm ubuntu-git:auto RUN apt-get install -y git docker build --tag ubuntu-git:auto . .dockerignore mailer-base.df mailer-logging.df mailer-live.df FROM debian:wheezy MAINTAINER Jeff Nickoloff "
[email protected]
" RUN groupadd -r -g 2200 example && \ useradd -rM -g example -u 2200 example ENV APPROOT="/app" \ APP="mailer.sh" \ VERSION="0.6" LABEL base.name="Mailer Archetype" \ base.version="${VERSION}" WORKDIR $APPROOT ADD . $APPROOT ENTRYPOINT ["/app/mailer.sh"] EXPOSE 33333 # implementations will not be able to update the image # USER example:example docker build -t dockerinaction/mailer-base:0.6 -f mailer-base.df docker inspect dockerinaction/mailer-base:0.6 FROM dockerinaction/mailer-base:0.6 COPY ["./log-impl", "${APPROOT}"] RUN chmod a+x ${APPROOT}/${APP} && \ chown example:example /var/log USER example:example VOLUME ["/var/log"] CMD ["/var/log/mailer.log"] #!/bin/sh printf "Logging Mailer has started.\n" while true do MESSAGE=$(nc -l -p 33333) printf "[Message]: %s\n" "$MESSAGE" > $1 sleep 1 done docker build -t dockerinaction/mailer-logging -f mailer-logging.df . docker run -d --name logging-mailer dockerinaction/mailer-logging FROM dockerinaction/mailer-base:0.6 ADD ["./live-impl", "${APPROOT}"] RUN apt-get update && \ apt-get install -y curl python && \ curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" && \ python get-pip.py && \ pip install awscli && \ rm get-pip.py && \ chmod a+x "${APPROOT}/${APP}" RUN apt-get install -y netcat USER example:example CMD ["
[email protected]
", "[email protected]"] #!/bin/sh printf "Live Mailer has started.\n" while true do MESSAGE=$(nc -l -p 33333) aws ses send-email --from $1 \ --destination {\"ToAddresses\":[\"$2\"]} \ --message "{\"Subject\":{\"Data\":\"Mailer Alert\"},\ \"Body\":{\"Text\":{\"Data\":\"$MESSAGE}\"}}}" sleep 1 done docker build -t dockerinaction/mailer-live -f mailer-live.df . docker run -d --name live-mailer dockerinaction/mailer-live ONBUILD COPY [".", "/var/myapp"] ONBUILD RUN go build /var/myapp FROM busybox:latest WORKDIR /app RUN touch /app/base-evidence ONBUILD RUN ls -al /app FROM dockerinaction/ch8_onbuild RUN touch downstream-evidence RUN ls -al . docker build -t dockerinaction/ch8_onbuild -f base.df . ocker build -t dockerinaction/ch8_onbuild_down -f downstream.df . #!/bin/bash set -e if [ -n "$WEB_PORT_80_TCP" ]; then if [ -z "$WEB_HOST" ]; then WEB_HOST='web' else echo >&2 '[WARN]: Linked container, "web" overridden by $WEB_HOST.' echo >&2 "===> Connecting to WEB_HOST ($WEB_HOST)" fi fi if [ -z "$WEB_HOST" ]; then echo >&2 '[ERROR]: specify a linked container, "web" or WEB_HOST environment variable' exit 1 fi exec "[email protected]" # run the default command docker pull debian:jessie FROM busybox:latest USER 1000:1000 ENTRYPOINT ["nc"] CMD ["-l", "-p", "80", "0.0.0.0"] docker build \ -t dockerinaction/ch8_perm_denied \ -f UserPermissionDenied.df \ . docker run dockerinaction/ch8_perm_denied # Output: # nc: bind: Permission denied RUN groupadd -r postgres && useradd -r -g postgres postgres FROM ubuntu:latest # Set the SUID bit on whoami RUN chmod u+s /usr/bin/whoami # Create an example user and set it as the default RUN adduser --system --no-create-home --disabled-password --disabled-login \ --shell /bin/sh example USER example # Set the default to compare the container user and # the effective user for whoami CMD printf "Container running as: %s\n" $(id -u -n) && \ printf "Effectively running whoami as: %s\n" $(whoami) docker build -t dockerinaction/ch8_whoami . docker run dockerinaction/ch8_whoami docker run --rm debian:wheezy find / -perm +6000 -type f docker run --rm debian:wheezy find / -perm +2000 -type f RUN for i in $(find / -type f \( -perm +6000 -o -perm +2000 \)); \ do chmod ug-s $i; done FROM busybox:latest CMD echo Hello World docker build \ -t <insert Docker Hub username>/hello-dockerfile \ -f HelloWorld.df \ docker login docker push <insert Docker Hub username>/hello-dockerfile docker search dockerinaction/hello-dockerfile git init git config --global user.email "[email protected]" git config --global user.name "Your Name" git remote add origin \ https://github.com/<your username>/hello-docker.git git add Dockerfile git commit -m "first commit" git push -u origin master docker search <your username>/hello-docker docker run -d -p 5000:5000 \ -v "$(pwd)"/data:/tmp/registry-dev \ --restart=always --name local-registry registry:2 docker pull dockerinaction/ch9_registry_bound docker images -f "label=dia_excercise=ch9_registry_bound" docker tag dockerinaction/ch9_registry_bound \ localhost:5000/dockerinaction/ch9_registry_bound docker push localhost:5000/dockerinaction/ch9_registry_bound docker rmi \ dockerinaction/ch9_registry_bound \ localhost:5000/dockerinaction/ch9_registry_bound docker images -f "label=dia_excercise=ch9_registry_bound" docker pull localhost:5000/dockerinaction/ch9_registry_bound docker images -f "label=dia_excercise=ch9_registry_bound" docker rm -vf local-registry docker run -d --name ftp-transport -p 21:12 dockerinaction/ch9_ftpd docker save -o ./registry.2.tar registry:2 docker run --rm --link ftp-transport:ftp_server \ -v "$(pwd)":/data \ dockerinaction/ch9_ftp_client \ -e 'cd pub/incoming; put registry.2.tar; exit' ftp_server docker run --rm --link ftp-transport:ftp_server \ -v "$(pwd)":/data \ dockerinaction/ch9_ftp_client \ -e "cd pub/incoming; ls; exit" ftp_server docker run --rm --link ftp-transport:ftp_server \ -v "$(pwd)":/data \ dockerinaction/ch9_ftp_client \ -e 'cd pub/incoming; get registry.2.tar; exit' ftp_server docker load -i registry.2.tar it init git config --global user.email "[email protected]" git config --global user.name "Your Name" git add Dockerfile # git add *whatever other files you need for the image* git commit -m "first commit" git remote add origin https://github.com/<your username>/<your repo>.git git push -u origin master git clone https://github.com/<your username>/<your repo>.git cd <your-repo> docker build -t <your username>/<your repo> . docker run -d --name personal_registry \ -p 5000:5000 --restart=always \ registry:2 docker tag registry:2 localhost:5000/distribution:2 docker push localhost:5000/distribution:2 docker rmi localhost:5000/distribution:2 docker pull localhost:5000/distribution:2 FROM gliderlabs/alpine:latest LABEL source=dockerinaction LABEL category=utility RUN apk --update add curl ENTRYPOINT ["curl"] CMD ["--help"] docker build -t dockerinaction/curl -f curl.df . docker run --rm --net host dockerinaction/curl -Is http://localhost:5000/v2/ docker run --rm -u 1000:1000 --net host \ dockerinaction/curl -s http://localhost:5000/v2/distribution/tags/list docker tag \ localhost:5000/distribution:2 \ localhost:5000/distribution:two docker push localhost:5000/distribution:two docker run --rm \ -u 1000:1000 \ --net host \ dockerinaction/curl \ -s http://localhost:5000/v2/distribution/tags/list upstream docker-registry { server registry:5000; } server { listen 80; # Use the localhost name for testing purposes server_name localhost; # A real deployment would use the real hostname where it is deployed # server_name mytotallyawesomeregistry.com; client_max_body_size 0; chunked_transfer_encoding on; # We’re going to forward all traffic bound for the registry location /v2/ { proxy_pass http://docker-registry; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } FROM nginx:latest LABEL source=dockerinaction LABEL category=infrastructure COPY ./basic-proxy.conf /etc/nginx/conf.d/default.conf docker build -t dockerinaction/basic_proxy -f basic-proxy.df . docker run -d --name basic_proxy -p 80:80 \ --link personal_registry:registry \ dockerinaction/basic_proxy docker run --rm -u 1000:1000 --net host \ dockerinaction/curl \ -s http://localhost:80/v2/distribution/tags/list docker run --rm -e COMMON_NAME=localhost -e KEY_NAME=localhost \ -v "$(pwd)":/certs centurylink/openssl upstream docker-registry { server registry:5000; } server { listen 443 ssl; server_name localhost client_max_body_size 0; chunked_transfer_encoding on; ssl_certificate /etc/nginx/conf.d/localhost.crt; ssl_certificate_key /etc/nginx/conf.d/localhost.key; location /v2/ { proxy_pass http://docker-registry; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } FROM nginx:latest LABEL source=dockerinaction LABEL category=infrastructure COPY ["./tls-proxy.conf", \ "./localhost.crt", \ "./localhost.key", \ "/etc/nginx/conf.d/"] docker build -t dockerinaction/tls_proxy -f tls-proxy.df . docker run -d --name tls-proxy -p 443:443 \ --link personal_registry:registry \ dockerinaction/tls_proxy docker run --rm \ --net host \ dockerinaction/curl -ks \ https://localhost:443/v2/distribution/tags/list FROM debian:jessie LABEL source=dockerinaction LABEL category=utility RUN apt-get update && \ apt-get install -y apache2-utils ENTRYPOINT ["htpasswd"] docker build -t htpasswd -f htpasswd.df . docker run -it --rm htpasswd -nB <USERNAME> # filename: tls-auth-proxy.conf upstream docker-registry { server registry:5000; } server { listen 443 ssl; server_name localhost client_max_body_size 0; chunked_transfer_encoding on; # SSL ssl_certificate /etc/nginx/conf.d/localhost.crt; ssl_certificate_key /etc/nginx/conf.d/localhost.key; location /v2/ { auth_basic "registry.localhost"; auth_basic_user_file /etc/nginx/conf.d/registry.password; proxy_pass http://docker-registry; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } FROM nginx:latest LABEL source=dockerinaction LABEL category=infrastructure COPY ["./tls-auth-proxy.conf", \ "./localhost.crt", \ "./localhost.key", \ "./registry.password", \ "/etc/nginx/conf.d/"] # Filename: tls-auth-registry.df FROM registry:2 LABEL source=dockerinaction LABEL category=infrastructure # Set the default argument to specify the config file to use # Setting it early will enable layer caching if the # tls-auth-registry.yml changes. CMD ["/tls-auth-registry.yml"] COPY ["./tls-auth-registry.yml", \ "./localhost.crt", \ "./localhost.key", \ "./registry.password", \ "/"] docker build -t dockerinaction/secure_registry -f tls-auth-registry.df . docker run -d --name secure_registry \ -p 5443:5000 --restart=always \ dockerinaction/secure_registry upstream docker-registry-v2 { server registry2:5000; } upstream docker-registry-v1 { server registry1:5000; } server { listen 80; server_name localhost; client_max_body_size 0; chunked_transfer_encoding on; location /v1/ { proxy_pass http://docker-registry-v1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } location /v2/ { proxy_pass http://docker-registry-v2; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } FROM nginx:latest LABEL source=dockerinaction LABEL category=infrastructure COPY ./dual-client-proxy.conf /etc/nginx/conf.d/default.conf docker build -t dual_client_proxy -f dual-client-proxy.df . docker run -d --name registry_v1 registry:0.9.1 docker run -d --name dual_client_proxy \ -p 80:80 \ --link personal_registry:registry2 \ --link registry_v1:registry1 \ dual_client_proxy docker run --rm -u 1000:1000 \ --net host \ dockerinaction/curl -s http://localhost:80/v1/_ping docker run --rm -u 1000:1000 \ --net host \ dockerinaction/curl -Is http://localhost:80/v2/ docker run -d --name dual_client_proxy \ -p 80:80 \ --link personal_registry:registry2 \ --link registry_v1:registry1 \ dual_client_proxy docker run --rm -u 1000:1000 \ --net host \ dockerinaction/curl -s http://localhost:80/v1/_ping docker run --rm -u 1000:1000 \ --net host \ dockerinaction/curl -Is http://localhost:80/v2/ docker run -d -e REGISTRY_LOG_LEVEL=error registry:2 docker run -d -e REGISTRY_HTTP_DEBUG='' registry:2 # Filename: docker-compose.yml wordpress: image: wordpress:4.2.2 links: - db:mysql ports: - 8080:80 db: image: mariadb environment: MYSQL_ROOT_PASSWORD: example docker-compose up docker ps docker-compose ps docker-compose rm -v git clone https://github.com/dockerinaction/ch11_notifications.git cd ch11_notifications docker-compose up -d docker-compose logs docker-compose logs pump elasticsearch docker-compose up -d db coffee: build: ./coffee user: 777:777 restart: always expose: - 3000 ports: - "0:3000" links: - db:db environment: - COFFEEFINDER_DB_URI=postgresql://postgres:[email protected]:5432/po... - COFFEEFINDER_CONFIG=development - SERVICE_NAME=coffee labels: com.dockerinaction.chapter: "11" com.dockerinaction.example: "Coffee API" com.dockerinaction.role: "Application Logic" docker-machine help docker-machine create --driver virtualbox host1 docker-machine create --driver virtualbox host2 docker-machine create --driver virtualbox host3 docker-machine ls docker-machine inspect host1 docker-machine inspect --format "{{.Driver.IPAddress}}" host1 docker-machine upgrade host3 docker-machine ssh host1 touch dog.file exit docker-machine ssh host1 "echo spot > dog.file" docker-machine scp host1:dog.file host2:dog.file docker-machine ssh host2 "cat dog.file" docker-machine stop host2 docker-machine kill host3 docker-machine start host2 docker-machine rm host1 host2 host3 ocker-machine env machine1 docker-machine env --shell powershell machine1 docker-machine env --shell cmd machine1 docker-machine env --shell fish machine1 docker-machine env --shell bash machine1 docker-machine env --shell=powershell machine1 | Invoke-Expression docker-machine active docker-machine ls docker pull dockerinaction/ch12_painted eval "$(docker-machine env machine2)" docker images docker-machine create --driver virtualbox local eval "$(docker-machine env local)" docker run --rm swarm create docker-machine create \ --driver virtualbox \ --swarm \ --swarm-discovery token://<TOKEN> \ --swarm-master \ machine0-manager docker-machine create \ --driver virtualbox \ --swarm \ --swarm-discovery token://<TOKEN> \ machine1 docker-machine create \ --driver virtualbox \ --swarm \ --swarm-discovery token://<TOKEN> \ machine2 eval "$(docker-machine env --swarm machine0-manager)" docker-machine env --swarm machine0-master | Invoke-Expression docker run -t -d --name hello-swarm \ dockerinaction/ch12_painted \ Hello Swarm docker ps -a -f name=hello-swarm docker-compose -f flock.yml scale bird=10 docker-compose -f flock.yml kill docker-compose -f flock.yml rm –vf