Containers and virtual machines

From Wiki at Neela Nurseries
Revision as of 23:59, 25 June 2021 by Ted (talk | contribs) (^ Private docker registration configuration topics)
Jump to: navigation, search

Unix and Linux config :: Containers :: Clusters :: <link>


^ Container Software

A promising starting point, collection of six articles / tutorials on Docker containers:

 *  https://medium.com/sysf/docker/home

A general note following about three days' Docker container experimentation, and to question "should I be using a Docker container interactively, running multiple apps, some simultaneously?". (Note the following forum post chain is a quagmire of issues and opions!):

 *  https://news.ycombinator.com/item?id=7950326

^ Docker starting point

Notes on Docker containerizing software. Note, to get a practical start it is a good and or needed step to create a user account with Docker dot com. Single user and free accounts with some advanced Docker features disabled are available. A good starting tutorial for beginners is written by one Brian Hogan of Digital Ocean, this article published 2018 July 5. First reference in list here:

Ted noting too there may be a daily limit to the number of docker images which a user with a free account can push to Docker's image repository. Docker's image repository provides URLs of the form https://hub.docker.com/u/<user_name>, where username is the given person's Docker account user name.

^ Docker registries and repositories

Nick Janetakis writes a pretty concise brief article to describe what are Docker repositories and Docker registries. An image repository holds versions (committed and tagged versions) of a given Docker image. A registry holds zero or more Docker repositories, and is generally a full-fledged always live service that's accessible on the internet or on an intranet.


^ specific commands

Start a docker image with access to a particular host directory:

^ docker commit ...



^ docker push <image_identifier_string_and_optional_tag>

Series of docker push invocations for a work-in-progress image. Note the tag names are optional until one needs push an image that's being amended, such that it is a newer or different version of an existing image on the remote Docker repository:

  886  docker push tedhavelkaad0602/ubuntu-git-plus-arm-none-eabi-gcc
  932  docker push tedhavelkaad0602/ubuntu-git-plus-arm-none-eabi-gcc:version-0p2
  944  docker push tedhavelkaad0602/ubuntu-git-plus-arm-none-eabi-gcc:version-0p3
  962  docker push tedhavelkaad0602/ubuntu-git-plus-arm-none-eabi-gcc:version-0p4
  965  docker push tedhavelkaad0602/ubuntu-git-plus-arm-none-eabi-gcc:version-0p5

And here is a link to an article describing Docker push command syntax:

We'll note this link also in the References section of this page. Takeaway here is that the third token in the above push command examples, the latter four examples, that token has the form "<docker_user_name>/<image_name>:<docker_tag>".


Delete a Docker repository on Docker hub:

^ docker container rm [...], docker image rm [...]

Delete (remove) a local Docker image . . . first must remove all local containers which use given image:

Commands which worked locally:

 1036  docker ps -a
 1037  docker container rm bdc45e3021ad
 1038  docker ps -a
 1039  docker container rm 3899ce3b4c5f 85206c6c2565
 1040  docker ps -a
 1041  docker container rm e530246d9393 775ef655da0f 51a5967aecf8
 1042  docker ps -a
   .
   .
   .
 1047  docker image rm tedhavelkaad0602/ubuntu-04-vim--openssh-server--man-db
 1048  docker images
 1049  docker image rm tedhavelkaad0602/ubuntu-nodejs-net-tools
 1050  docker images


Secure shell into, or otherwise connect with a running Docker container in and of a Linux environment:

A couple examples of running second bash instance of a given Docker container, not a login, but provides second interactive window or interface to a given Docker container:

^ docker exec [options] [command_in_container]

  937  docker exec -t -i a42e2e801d60 bash
  938  docker exec -i -t 51a5967aecf8 bash

Note this can have unintended consequences given that there's no ssh server running to handle multiple, or additional logins!

-- Enable USB access in Docker container --


^ Docker volumes

https://www.digitalocean.com/community/tutorials/how-to-share-data-between-docker-containers


^ Anatomy of a Dockerfile

Ok Ted needs to figure out what are Dockerfiles and how should they be authored and maintained. One example that's annotated:

A link to a Docker based project which comes very close to what we're working on for an embedded development toolchain and environment that's fully tracked, easy to reproduce on demand:


^ Promising Docker images


^ to access physical devices within container


^ Docker registries to share images

Notes on how to set up a Docker container registry, a networked server from which Docker images can be accessed and shared:

Setting up authentication using htaccess files:

Some requirements for the above link to Docker registry recipe:

 
Above tutorials and articles don't paint a clear easy path to setting up a first, basic Docker registry. Taking up a different path here at DigitalOcean:

Regarding port forwarding in apache2 config files:

There is some nginx configuration stuff that's not obvious how to port to apache2 config files, but following how-to article gives a clue with "Header set Host ..." and "RequestHeader set X-Forwarded-Proto "https"":


^ web server configuration

A dedicated virtual machine can easily have one web server configured to act as a reverse proxy in front of a Docker registry. In this context we mean 'proxy' as in a proxy for the public to reach one's internal, in this case Docker registry server. But for development purposes where our virtual machine options are not yet easily configured to be accessible on a LAN, we face a need to set up a first private registry on an existing cloud host which has a name and fixed IP. And there is already a web server config in place there, which we want to leave intact while testing the reverse proxy and other Docker registry pieces. Hence this section in this notes page.

^ apache2 plus nginx

This section contains references and notes regarding how to set up apache2 and nginx on one server.

^ to run multiple instances of apache2

At startpage.com entered search phrase "possible to run apache2 twice with distinct configurations". First result helpful:

^ Reverse proxy choices

Excerpt from https://help.sonatype.com/repomanager3/system-configuration/configuring-ssl#ConfiguringSSL-InboundSSL-ConfiguringtoServeContentviaHTTPS:

Inbound SSL - Configuring to Serve Content via HTTPS
Available in Nexus Repository OSS and Nexus Repository Pro

Providing access to the user interface and content via HTTPS is a best practice.

You have two options:

Use a separate reverse proxy server in front of the repository manager to manage HTTPS
Configure the repository manager itself to serve HTTPS directly
Using A Reverse Proxy Server
A common approach is to access the repository manager through a dedicated server which answers HTTPS requests on behalf of the repository manager - these servers are called reverse proxies or SSL/TLS terminators. Subsequently requests are forwarded to the repository manager via HTTP and responses received via HTTP are then sent back to the requestor via HTTPS.

There are a few advantages to using these which can be discussed with your networking team. For example, the repository manager can be upgraded/installed without the need to work with a custom JVM keystore. The reverse proxy could already be in place for other systems in your network. Common reverse proxy choices are Apache httpd, nginx, Eclipse Jetty or even dedicated hardware appliances. All of them can be configured to serve SSL content, and there is a large amount of reference material available online.

Serving SSL Directly 
The second approach is to use the Eclipse Jetty instance that is distributed with the repository manager to accept HTTPS connections.

How to Enable...


^ Docker Features Not Done

Apparently there is no ready facility to list the images in a private Docker registry, one that's running from the official registry:2 Docker image. A forum post includes mentions of two possible home brew scripts to provide such a listing:

The second of the two scripts is hosted at Github. Need to check the license applied to it, looks like there are recent updates to this project, from about 2021 March:

- - - - -   - - - - -   - - - - -   - - - - -   - - - - -   - - - - -   - - - - -   - - - - -   - - - - -

^ Kubernetes Container Software

Kubernetes notes 2021-06-09 This section a stub section.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

^ Oracle Corporation VirtualBox software

VirtualBox on-line manual