Docker or Aquaman?
Story
U guys need to run a docker to install tool/scripts from github!!! Running on your own machine is extremely dangerous act!!!
š° Actually our professor also runs github scripts on his own machine…
Crisis of Confidence mode in Hackers' mind? š
Sample Solution
$ sudo docker search c++
$ sudo docker pull grpc/cxx
$ docker run --rm -it grpc/cxx sh
git clone https://github.com/f4bb1t/simple_lucky_draw.git
cd simple_lucky_draw
g++ draw.cpp --std=c++14 -o draw
./draw
100
cat wallet.txt
exit
$ sudo docker save -o grpc/cxx_save.zip grpc/cxx
$ sudo docker export grpc/cxx > grpc/cxx_export.zip
$ sudo docker load --input grpc/cxx.zip
$ sudo docker rmi grpc/cxx.zip
If you are a Docker expert or a hacker who likes uploading your malicious scripts to github, can skip the content below. šāāļø (Container Escapology??)
Docker Definition
Docker š³ is an open-source project that automates the deployment of software applications inside containers by providing an additional layer of abstraction and automation of OS-level virtualization on Linux.
Advantages
The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit.
- One Development and Delivery Platform
- Any App, Any Language
- Developer Speed
- Build Kubernetes-ready applications
- Simplify Code to Cloud
- Secure from the start with Synk
Steps
1. Download Docker Desktop
2. Tutorials
Open the Docker App you downloaded from the above link to follow the tutorial.
Magically, this tutorial will configure the docker for local environment! Nice!
2.1 Download the Image
docker run --name repo alpine/git clone https://github.com/docker/getting-started.git
It will pull from alpine/git, and download the newer image for alpine/git:latest.
2.2 Build the Image
docker cp repo:/git/getting-started/ .
docker build -t docker101tutorial .
What does docker build do to build the image?
- Sending build context to Docker daemon.
- Step 1/21 : FROM python:alpine AS base (Pull from library)
- Step 2/21 : WORKDIR /app
- Step 3/21 : COPY requirements.txt .
- Step 4/21 : RUN pip install -r requirements.txt
- Downloading those packages
- Building wheels for collected packages
- Step 5/21 : FROM node:12-alpine AS app-base
- Status: Downloaded newer image for node:12-alpine
- Step 6/21 : WORKDIR /app
- Step 7/21 : COPY app/package.json app/yarn.lock ./
- Step 8/21 : RUN yarn install
- Step 9/21 : COPY app/spec ./spec
- Step 10/21 : COPY app/src ./src
- Step 11/21 : RUN yarn test
- Step 12/21 : FROM app-base AS app-zip-creator
- Step 13/21 : RUN rm -rf node_modules && apk add zip && zip -r /app.zip /app
- Step 14/21 : FROM base AS dev
- Step 15/21 : CMD [“mkdocs”, “serve”, “-a”, “0.0.0.0:8000”]
- Step 16/21 : FROM base AS build
- Step 17/21 : COPY . .
- Step 18/21 : RUN mkdocs build
- Step 19/21 : FROM nginx:alpine
- Step 20/21 : COPY –from=app-zip-creator /app.zip /usr/share/nginx/html/assets/app.zip
- Step 21/21 : COPY –from=build /app/site /usr/share/nginx/html
Result:
- Successfully built 27e3ffe1d631
- Successfully tagged docker101tutorial:latest
Actually it is configured using their Dockerfile:
# Install the base requirements for the app.
# This stage is to support development.
FROM python:alpine AS base
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
# Run tests to validate app
FROM node:12-alpine AS app-base
WORKDIR /app
COPY app/package.json app/yarn.lock ./
RUN yarn install
COPY app/spec ./spec
COPY app/src ./src
RUN yarn test
# Clear out the node_modules and create the zip
FROM app-base AS app-zip-creator
RUN rm -rf node_modules && \
apk add zip && \
zip -r /app.zip /app
# Dev-ready container - actual files will be mounted in
FROM base AS dev
CMD ["mkdocs", "serve", "-a", "0.0.0.0:8000"]
# Do the actual build of the mkdocs site
FROM base AS build
COPY . .
RUN mkdocs build
# Extract the static content from the build
# and use a nginx image to serve the content
FROM nginx:alpine
COPY --from=app-zip-creator /app.zip /usr/share/nginx/html/assets/app.zip
COPY --from=build /app/site /usr/share/nginx/html
2.3 Run the container based on the image
Running a container launches your application with private resources, securely isolated from the rest of your machine.
docker run -d -p 80:80 --name docker-tutorial docker101tutorial
2.4 Save and Share the image
Save and share your image on Docker Hub to enable other users to easily download and run the image on any destination machine.
This is interesting, I create a docker username fabbit.
docker tag docker101tutorial {userName}/docker101tutorial
docker push {userName}/docker101tutorial
Commit the docker container and export to image:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky
197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton
$ docker commit c3f279d17e0a svendowideit/testimage:version3
f5283438590d
$ docker images
REPOSITORY TAG ID CREATED SIZE
svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB
3. Try Containers
docker run -d -p 80:80 docker/getting-started
If encountered this error message Bind for 0.0.0.0:80 failed: port is already allocated., can try other port.
docker run -d -p 8000:80 docker/getting-started
and it will output the long ID, then it’s time to connect to the Container.
docker exec -it [long ID or name] /bin/sh; exit
docker exec -it testhaha /bin/bash; exit
By default, docker uses three ways to identify a container, namely:
- UUID long identifier e.g ā21fbb152a940a37e816a442e6b09022e26b78ccd5a8eb4fcf91efeb559425c8cā.
- UUID short identifier e.g ā21fbb152a940a37ā.
- name e.g discourse_app.
Note that the /bin/sh will disable the up and down button to find previous commands on keyboard, so can use /bin/bash.
Or you can try the UI option in the Docker App by clicking the CLI option in the image below:
Then you will connect to the docker:
Hands-on Tasks
Docker Curriculum - Getting Started
Docker pull image
docker pull busybox
Docker common commands
1. list & run images, list containers
docker run --help # get a list of all flags
docker images # list all images
docker run [image_name] # docker finds the image, loads up the container, run an empty command
docker run [image_name] [command_to_run] # docker runs the image, run the command, and then kill the vm
docker run --rm [image_name] # --rm flag automatically removes the container when it exits
docker ps # show all the currently running containers
docker ps -a # show a list of containers we ran before
docker rename old_name_app new_name_app
For example, I have a lot of docker images which I did not remember as shown in the image below. Some of them were even created 2 years ago, for the blockchain technology course…š
Maybe it’s because I have 256 GB storage, so I did not care the spaces taken by them, so I never think of cleaning them up. However, today seems to be their death date…šÆļø
2. Clean images
- Purging All Unused or Dangling Images, Containers, Volumes, and Networks
docker system prune
- To additionally remove any stopped containers and all unused images (not just dangling images):
docker system prune -a
PoC:
š
Then everything goes well:
3. Run more than one command in container
-it flag: attach us to an interactive tty in the container.
docker run -it busybox sh
Noted that Docker creates a new container every time.
4. Remove specific containers
When the work is done, clean up the containers.
These 3 commands achieve the same result:
docker rm [container_id]
docker rm $(docker ps -a -q -f status=exited)
docker container prune
5. Remove images
docker rmi
Cloud Support
- AWS ECS
- Build and deploy applications with Docker Desktop and Amazon ECS on AWS Fargate.
- Microsoft Azure
- Docker and Microsoft have simplified the developer flow of bringing container applications from your local machine and running them in Azure Container Instances.
Great, so my question is……Since both of them work for the sea…Is Docker š³ stronger than Aquaman? š
Next steps
References
- docker - official website
- docker for beginners
- docker tutorial
- How To Remove Docker Images, Containers, and Volumes
- C++ dev and debug with Docker containers
- Aquaman In Cinema - image
- How to Name or Rename Docker Containers
- docker commit