Docker¶
What is Docker¶
to be described
Step 1 - setting up the servers¶
Nowadays the servers are usually preinstalled or an installation process can be kicked off via web interface. For the F4A usecase we chose Ubuntu 16.04 LTS (Long term support).
First we should ensure that the system is up-to-date and secure. This is done by kicking off the advanced packaging tool (apt). Within this process we can directly install the docker server component. All steps are done by issueing the following command:
apt-get update && apt-get upgrade -y && apt install -y docker.io
As docker is still being developed, certain functionality still changes. This tutorial has been created using the following docker version (you can find our yours by executing `docker version`
):
root@nxp100:~# docker version
Client:
Version: 1.13.1
API version: 1.26
Go version: go1.6.2
Git commit: 092cba3
Built: Thu Nov 2 20:40:23 2017
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Go version: go1.6.2
Git commit: 092cba3
Built: Thu Nov 2 20:40:23 2017
OS/Arch: linux/amd64
Experimental: false
root@nxp100:~#
Step 2 - initiate a swarm¶
Setting up the docker swarm. A swarm is a group of computers:
docker swarm init --advertise-addr 89.144.27.100
getting the feedback:
Swarm initialized: current node (r3t3pu7rd74njml1afsf2uoev) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token <some secret token displayed here> \
89.144.27.100:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
If you dont remember the token etc - just run:
docker swarm join-token worker
Step 3 - preparing the domain¶
register any domain you like. Just make sure that the domain names are pointing to all the server IPs you have. With that load balancing / failover is possible:
f4a.me. 86400 IN SOA nsa3.schlundtech.de. mail.tillwitt.de. 2017112808 43200 7200 1209600 86400
f4a.me. 86400 IN NS nsa3.schlundtech.de.
f4a.me. 86400 IN NS nsb3.schlundtech.de.
f4a.me. 86400 IN NS nsc3.schlundtech.de.
f4a.me. 86400 IN NS nsd3.schlundtech.de.
f4a.me. 600 IN MX 10 mail.f4a.me.
*.f4a.me. 600 IN A 89.144.24.15
*.f4a.me. 600 IN A 89.144.27.100
*.f4a.me. 600 IN A 89.144.27.101
*.f4a.me. 600 IN A 89.144.27.102
*.f4a.me. 600 IN A 89.144.27.103
nxp100.f4a.me. 600 IN A 89.144.27.100
nxp101.f4a.me. 600 IN A 89.144.27.101
nxp102.f4a.me. 600 IN A 89.144.27.102
nxp103.f4a.me. 600 IN A 89.144.27.103
nxp104.f4a.me. 600 IN A 89.144.24.15
Docker commands¶
docker run vs docker compose¶
Advantages of docker run are that the command is easy to issue, just a copy & paste to the servers command line. Downside is, that the commands get quite long and adding line breaks introduces another possible fault. If you want to correct a running service you need to remove it first and then reissue it.
Advantages of using a docker-compose.yml is that they are usually easy to edit. Disadvantage is that you have to create them on the server first then issue the command to start them - so one additional step. But the biggest advantage is that they can be re-executed on existing services which will lead to a service update.
Examples¶
starting a generic web application with docker run:
docker service create \
--name demo \
--label "traefik.port=80" \
--network traefik-net \
kitematic/hello-world-nginx
Thats all - and the service is running.
To create the same via docker-compose.yml:
version: "3"
services:
nginx:
image: kitematic/hello-world-nginx
networks:
- traefik-net
deploy:
labels:
- traefik.port=80
- "traefik.frontend.rule=Host:demo.f4a.me"
networks:
traefik-net:
external: true
Then you need to issue the following command:
docker stack deploy --compose-file docker-compose.yml demo
Conclusion¶
To quickly test a service - docker run is nice. But to maintain a production environment docker-compose files are strongly recommended.
Docker registry¶
Running your own registry:
docker service create \
--name backoffice \
--network traefik-net \
--label "traefik.port=5000" \
--label 'traefik.frontend.auth.basic=flex4apps:$apr1$G9e4rgPu$jbn2AAk2F.OeGnRVFnIR/1' \
--mount type=bind,src=/swarm/volumes/registry,dst=/var/lib/registry \
registry:2
Pushing to private registry¶
The local image needs to be taged and then pushed:
docker tag phabricator_image registry.f4a.me/phabricator
docker push registry.f4a.me/phabricator
- Run that image::
- docker service create
- –name demo –label “traefik.port=80” -e “GITURL=https://secret@gogs.tillwitt.de/NXP/homomorphic-encryption-demo.git” flex4apps:GQfgCEsjkHC7LRf3Q9PkW4L6onDLtu@backoffice.f4a.me/homomorphic_img
Query the registry¶
Get the overview of all images:
https://registry.f4a.me/v2/_catalog
Get all tags of an image:
https://registry.f4a.me/v2/henc/tags/list