Welcome to Intro to Docker Labs - F5 ISCFY17’s documentation!¶
This document is to help you learn more about Docker. Though this session we will help you: * Access a docker environment (hosted in UDF) * Manipulate docker containers
- Run a container (Create, Start, Stop, Delete, Status)
- Create a container
- Publish a container
- Overview of Docker networking
Contents:
Introduction¶
the following labs are a basic introduction to Docker containers and networking.
To do the labs, we will leverage UDF and the blueprint called ‘Introduction to Docker’.
if you would prefer to have a pdf version of this guide, you may click on v:latest at the bottom of the column menu and download a pdf version of this guide
Topology¶
The topology for this lab is more advanced than needed because it is leveraged also by another lab.
Here is the list of the blueprint components that we will use in this lab - everything else can be safely ignored:
- server01 node (ubuntu hosting docker)
- server02 node (ubuntu hosting docker)
- win2012 (jumpbox to the environment)
Connecting to UDF¶
We consider that you have access to UDF for the different labs
Start your environment¶
If you are running this on your own, find the ‘Introduction to Docker’ blueprint and deploy it.
Access your environment¶
Once your environment is started, find the ‘win2012’ component under ‘Components’ and launch RDP (in the ACCESS menu)
Click on the shortcut that got downloaded and it should open your RDP session. The credentials to use are under the Details tab.
Warning
For MAC user, it is recommended to use Microsoft Remote Desktop. You may not be able to access your jumpbox otherwise. It is available in the App store (FREE).
Setting up¶
There are GUI interfaces to manage a Docker container, but to start we are going to learn about using the command-line interface. Most users will prefer to use command-line tools.
Open a session on server01. Double click on this icon on your desktop
You should see a large terminal window. If the Text is too small; please visit the Appendix section at the end of this document on changing the size of the text.
You should be automatically logged in. If not, use the following credentials:
- Login: ubuntu
- SSH Key: [Located on Desktop]
Lab 1: Run a container¶
All commands from this lab will also be provided as a text file. You may want to download this file first and copy-and-paste the following commands. the commands are in a file on your desktop called Intro to Docker.sh. You may edit it by doing a right click on edit and select Edit with Notepad++
The first lab is an example of migrating an application to run in a container.
Goals of the lab
- Learn how to launch an existing container
- Create your own container
- Distribute your container
The legacy Application¶
One of the use-cases for utilizing containers is to migrate an existing on-premises application to first run in a container and eventually migrate the container to run in a public cloud environment. The first lab will migrate the existing app that is running at: http://10.1.10.11/
Launch Chrome and visit http://10.1.10.11 (make sure to enter http://)
10.1.10.11 is one of server01 IP addresses. You can check this by typing ifconfig eth1 in your putty session
The first step of this lab is to download a container that has PHP.
Docker Pull¶
Normally you would run the command docker pull [image]:[tag] to pull down a public image of a container. This is similar to going to the F5 Downloads site to grab the latest vLab or ISO, but it doesn’t require any authentication. This is an example of a low-friction method of obtaining software that is appealing to Mode 2 users.
The Docker Hub (transition to Store) has a listing of community images that are available. Visit https://hub.docker.com/ and search for php.
You’ll see a long list of available versions of PHP that can be downloaded.
In this lab, we have already downloaded the required containers. You can view the available containers by running the command:
docker images
For the lab we have retrieved php:5.6-apache and php:7-apache. These represent containers that can run PHP 5.6 / 7 running on the Apache web server (httpd).
Warning
For your information, if the user doesn’t have the proper privileges, you’ll see something like this:
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
In case of this error, you can either run as root or use the sudo command, i.e. sudo docker images In this lab, it should not be the case. We have added the user user to the docker unix group to enable it to be able to run these commands as a non-root user.
Docker Run¶
The community PHP container by default does not have any content. You can verify this by running:
docker run -p 8080:80 --name myphp php:5.6-apache
This command will start the PHP 5.6 container. Some of the options we specified:
- The ‘-p 8080:80’ indicates that we want to create a port forwarding rule to map the host port ‘8080’ to the container port 80 (more about container networking later in the lab).
- The ‘–name myphp’ is used to name the container. This is not required, but will make future steps in the lab easier.
Warning
You will see error messages like Could not reliably determine the server’s fully qualified domain name,.. this is expected.
You will see that you don’t get a prompt back. This is expected. We just launched the container in foreground.
Visit http://10.1.10.11:8080 in Chrome and you will see the following error page (expected).
Docker ps / inspect¶
Now that you have a container running you may want to learn some additional docker commands.
Open a new terminal window on agent01 (leave the existing window open).
run the following command:
docker ps
You should see the following:
Note there are two containers that are running. The PHP container that you launched and a registry container that will be used later in this lab.
Note the ‘Container ID’ and ‘Ports’ columns. The ‘Container ID’ represents a unique identifier that you can use to manage individual containers and the ‘Ports’ columns lists what the current port forwarding mappings are:
Highlight the 'Container ID' for the PHP container (this will place the value into your copy and paste buffer - if you double click on the ID, Putty will automatically highlight it).
Use this to run the command:
docker inspect [CONTAINER ID]
or you can simply run:
docker inspect myphp
This provides a large amount of detailed data about a container that can be useful if you need to troubleshoot any problems.
Now run:
docker logs myphp
This will output the logs from the container (this should match what you see in the other terminal open where we started this container).
Docker stop¶
There are two ways that you can stop the container that we started earlier. Either type CTRL+C to terminate the running container (from the window that you originally started it).
Note that the web server logs are output to the screen (vs. a log file).
You could also do:
docker stop myphp
If you run this command, you willl see that we got our prompt back in the other terminal session since we stopped this process.
If you run:
docker ps
you will no longer see myphp running.
Run:
docker ps
docker ps -a
docker rm myphp
docker ps -a
Docker ps only shows running containers. Adding ‘-a’ will show stopped containers and ‘rm’ will remove a stopped container.
Lab 2: Building a container¶
Setup¶
Now that we’ve covered the basics of running a container it is time to take a look at building our own custom container. For this lab we will use WinSCP to transfer files from the Windows client to the Linux host running Docker.
Launch the ‘WINSCP’ shortcut that is on the Desktop. Be sure to use this link, it should connect and place you in the Folder ‘mycontainer’.
Note
If connection/authentication fails for some reason, here are the relevant information to launch your WinScp session:
- hostname : 10.1.10.11
- login: ubuntu
- ssh key: [On the Desktop]
once logged in:
- on server01: go to /home/ubuntu/f5-intro-to-docker/mycontainer directory
- locally: select your c:\Users\Administrator\Desktop\f5-intro-to-docker\mycontainer directory
On the left panel, first open Dockerfile by right-clicking on the filename and selecting Edit.
You should see a very simple Dockerfile. This file is used build a container. The first line references which container we want to use as the starting container and the second line references the file that we want to copy into the new container.
On the left panel, open ‘index.php’ and change the value of Your Name and click on the ‘Save’ button.
Save your changes and close Notepad++
Now upload your updated ‘index.php’. We don’t need to upload the Dockerfile file because we didn’t changed anything.
When prompted, click ‘Yes’ to overwrite the existing file.
Docker build¶
Back to your terminal window (on server01), run the following commands and verify that you’re in the correct directory:
cd mycontainer
pwd
docker build -t mycontainer:5.6 .
Note
Note the ‘.’ at the end of the command.
This command specifies that you want to build a new container with the name mycontainer and the tag ‘5.6’.
Running docker images you should see your new container.
docker images
Verifies that it works by running
docker run -d --name myapp -p 8080:80 mycontainer:5.6
Note
The option ‘-d’ makes the container run in the background. We get our prompt back.
We can check it is up and running by connecting to http://10.1.10.11:8080 in Chrome.
Note
Pay attention to the difference in Server IP (server01 is 10.1.10.11)
You are now running a supported version of PHP on the same host that was previously running an unsupported version. Similar to the virtue of running vCMP; containers make it easier to run multiple versions of software on the same platform.i
Bonus Activity¶
Rebuild mycontainer to run using the php:7-apache image. PHP 5.6 is also approaching end-of-life and PHP 7 is the most recent version! Do not delete the image mycontainer:5.6
Lab 3: Publishing a container¶
Docker registry¶
The container is now running on mesos-agent01, but what if we want to have it run on server02? It is possible to manually export/import the image from one host to another, but it is more practical to use a Docker registry.
A Docker registry is an image repository of Docker containers. You can ‘push’ a container into the public Docker Hub or maintain your own private Docker registry/repository. For the lab we have previously created a registry that lives at ‘registry:5000’ (running on mesos-agent01).
Note
We already setup docker to use this registry in the /etc/default/docker file (need to be root to access it)
Docker tag¶
Currently ‘mycontainer:5.6’ lives locally on server01. We need to apply a tag that will indicate where we want it to go, then me need to push/copy the image to that location.
Run
docker tag mycontainer:5.6 registry:5000/mycontainer:5.6
docker images
Note
Note that you have two tags with the same Image ID.
Now run:
docker push registry:5000/mycontainer:5.6
Open a terminal window to server02. You have the following shortcut on your desktop, use it.
Run
docker run --rm -p 8080:80 --name myapp mycontainer:5.6
Note that the command failed. The container does not exist on this host. Now run.
docker run --rm -p 8080:80 --name myapp registry:5000/mycontainer:5.6
Note
The option ‘–-rm’ specify that the container should be automatically removed with it exits
The container was found on the private registry and was started. Verify by visiting http://10.1.10.12:8080 in Chrome.
We are done with this container so we can delete it. Since we specified the ‘rm’ option, you just need to terminate the process. You can do so by doing
Ctrl+C
Make sure that it got removed with this command
docker ps -a
You can now close the agent02 terminal window. It will not be used for the rest of the lab.
Lab 4: Docker Networking¶
Ephemeral ports¶
Up to this point we have been using a static port mapping of port 8080 on the host to port 80 on a container. This works OK for a limited use-case, but generally you should not expect a container’s port binding to be static.
Connect to server01 via putty (use shortcut on Desktop) and run:
docker run -d --name myapp2 -p :80 mycontainer:5.6
docker port myapp2
Note
the port option allows you to see the port mappings that was done with the container.
Record the port value that is returned (your output will differ) and open a new Chrome window for http://10.1.10.11:[PORT VALUE]
Now run:
docker restart myapp2
docker port myapp2
Observe that the port value has changed!
Linux Bridge Network¶
From the previous labs you may have noticed that on both server01 and server02 the container is running in the 172.17.0.0/16 network. By default Docker will create a Linux Bridge network on the host called docker0.
Connect via putty to mesos-agent01 and run:
ifconfig docker0
From Chrome visit http://10.1.10.11:[PORT VALUE] (port value from last lab step) and record what the Server IP value is.
If you remember, agent01 interface eth1 has the IP of 10.1.10.11
Let’s create a route on our windows client so that all traffic related to the container’s network is sent to our server01 interface:
Open a Windows terminal window (you have a shortcut on your desktop)
In the windows terminal, run:
route add 172.17.0.0 mask 255.255.0.0 10.1.10.11
In Chrome open a tab to http://[container ip]
What happened? On server01 IP forwarding is enabled. When we created a static route from the Windows desktop to the Linux host we are able to forward packets directly to the Linux bridge network and by-pass the IPtables rules that were used previously for port forwarding.
You can check ip forwarding is enabled by running this command on server01
cat /proc/sys/net/ipv4/ip_forward
Now run again:
docker restart myapp2
Reload both browser windows.
Observe that you can no longer connect to using the previous port value, but can still connect via the linux bridge.
Docker and networking¶
As we have seen in previous lab, the networking setup of our containers are done automatically.
Docker provides a default network bridge and use it to attach containers to the network. This default network is 172.17.0.0/16 and leverage bridge0 interface. You can create your own bridge / network when needed.
If you want to review your bridge interface and the containers attached to it, you can do the following on mesos-agent01:
docker network ls
Here you can see the bridge network which is what is used by docker container by default. If you want to run a container in a specific network, you can use the –network option when using docker run
the none network adds a container to a container-specific network stack. That containers lacks network interface
The host network adds a container on the hosts network stack. You’ll find the network configuration inside the container is identical to the host.
let’s review what has been deployed over the bridge network. Copy the network ID for your bridge (in the previous screenshot, it is 1f443785159f)
docker network inspect *[NETWORK ID]*
Here you will see:
- the network configuration
- IPv4/v6 addresses that have been associated with each container
More advanced examples of Docker networking include Docker Swarm that utilizes its own SDN to provide multi-host Docker networking. The Kubernetes project utilizes flanneld for mutli-host Docker networking that can leverage host-gw (basic L2/L3), UDP packet encapsulation, or VXLAN.
Appendix¶
Changing display for HiRes displays¶
For HiRes Displays (Optional) If you find the text hard to read you may opt to change the resolution. You can either size your laptop display to something like 1920x1080
OR Login via the UDF Portal Console and change the display setting.
Click on Make text and other items larger or smaller
Logout the Windows client and reconnect via RDP.
