jog memory: Docker

Purpose

These are quick notes to jog memory¹; it is a living document in that will expand or modify as needed.

Nearly everything in this document has been referenced at one time or another at https://docs.docker.com/.

Use the CLI to search Docker Hub

General search

For example, the repository and container image is saltstack/salt.

$ docker search saltstack     
NAME                      DESCRIPTION                                     STARS  OFFICIAL AUTOMATED
saltstack/salt            Software to automate the management and conf…   17                   
juniper/saltstack         SaltStack packaged with Juniper libraries       4                 [OK]
(...omitted brevity...)

Search using the filter option

To search for an official image use the --filter knob.

docker search --filter "is-official=true" postgresql 
NAME                DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
postgres            The PostgreSQL object-relational database sy…   6260                [OK]                

Supported filters as of 2/23/19 are,

• stars (int – number of stars the image has)
• is-automated (boolean – true or false) – is the image automated or not
• is-official (boolean – true or false) – is the image official or not

Get an image’s tags

The following examples are from the Internet and sources are credited. 

curl command line². This option has a dependency on jq. jq is a Lightweight and flexible command-line JSON processor. https://stedolan.github.io/jq/

curl 'https://registry.hub.docker.com/v2/repositories/library/postgres/tags/' -s | jq '."results"[]["name"]'
"9.4"
"9.4.21"
"9.5"
"9.5.16"
"9"
"9.6"
"9.6.12"
"10"
"10.7"
"latest"

wget command line³.

wget -q https://registry.hub.docker.com/v1/repositories/debian/tags -O -  | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n'  | awk -F: '{print $3}'

Use the CLI to pull an image from Docker Hub

The following example uses a particular tag (3003.3). Using the tag is not required. To pull the most recent image docker pull saltstack/salt will retrieve the latest.

$ docker pull saltstack/salt:3003.3        
3003.3: Pulling from saltstack/salt
4e9f2cdf4387: Pull complete 
7b03c43dfbd8: Pull complete 
ceb1d7cc7062: Pull complete 
2c06f625ac47: Pull complete 
2dac4788c7d9: Pull complete 
1f23841c171d: Pull complete 
83bf767dba91: Pull complete 
d66ae74e3dda: Pull complete 
f2d42dd2232c: Pull complete 
75c2c7ce5309: Pull complete 
Digest: sha256:bd66ab71a12d69ac01179a67373e1ca90d6afc573365c6e0f9a27b5783b4ef21
Status: Downloaded newer image for saltstack/salt:3003.3
docker.io/saltstack/salt:3003.3 

Download the image with a specific tag

Use tags to narrow a specific image version.

docker pull postres:11
(or)
docker pull postres:11.2

docker pull postres:9
(or)
docker pull postres:9.6
(or)
docker pull postres:9.6.12

Create and run a new container

docker run -d --name searx -p 8888:8888 wonderfall/searx

Run an existing container

docker start searx

Frequent Command Line Use

The following is credited to the Pandoc Docker container listed on https://hub.docker.com/r/pandoc/latex

Use a shell alias for frequent use.

alias pandock=\
'docker run --rm -v "$(pwd):/data" -u $(id -u):$(id -g) pandoc/latex'

In the above, the shell alias command is what is important. The docker commands will be different for whatever invocation your container requires.

Remove / delete container or image

Remove container

docker container list --all
 (identify the container id to remove)
 
 docker container rm 5c27f8a2a909
 5c27f8a2a909

Remove an image

# identify the image id to remove
docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   f32a97de94e1        5 months ago        25.8MB
hello-world         latest              fce289e99eb9        7 months ago        1.84kB

docker image rm fce289e99eb9
Untagged: hello-world:latest
Untagged: hello-world@sha256:451ce787d12369c5df2a32c85e5a03d52cbcef6eb3586dd03075f3034f10adcd
Deleted: sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e
Deleted: sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3

User the CLI to monitor running containers realtime

docker stats -a

Using docker build

The following example shows the steps of using docker build.

Step 1 Get a code

git clone https://github.com/asciimoo/searx.git
cd searx

Step 2 Run the build

docker build -t whatever/searx .
 (...omit brevity...)

Step 3 Verify

docker images           
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
test/searx              latest              bd4086091c59        8 hours ago         133MB

Step 4 Run

docker run -d --name searx -p 8888:8888 whatever/searx

Docker registry pull-through cache

Documentation:

• https://docs.docker.com/registry/
• https://docs.docker.com/registry/configuration/

Source: https://docs.docker.com/registry/recipes/mirror/

Docker Hub: https://hub.docker.com/_/registry?tab=description

Setup and configuration steps 1 of 3

# get the image from docker hub
docker pull registry:2

# define a named-volume
docker volume create registry-cache

Setup and configuration steps 2 of 3

# extract the registry config.yml from the image or use a pre-captured example config.yml, such as the example registry config in this document.

docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > config_reg.yml

# add the following to the config_reg.yml
proxy:
  remoteurl: https://registry-1.docker.io
(save & exit)

# move the new config_reg.yml file into place
sudo mkdir /etc/docker/registry
sudo mv config_reg.yml /etc/docker/registry/config.yml

Setup and configuration steps 3 of 3

# start (with config file and named volume)
docker run -d -p 5000:5000 \
--volume registry-cache:/var/lib/registry \
--volume /etc/docker/registry/config.yml:/etc/docker/registry/config.yml:ro \
--restart=on-failure:3 \
--name registry \
registry:2

# verify registry is up and running
ss -natl
(look for tcp-5000)

curl localhost:5000/v2/_catalog
   {"repositories":[]}

# perform a test pull. use an image not already downloaded
docker pull localhost:5000/library/hello-world

curl localhost:5000/v2/_catalog
   {"repositories":["library/hello-world"]}
   
# stop
docker container stop registry

Example registry configuration file at, /etc/docker/registry/config.yml

---
version: 0.1
log:
  accesslog:
    disabled: true
  level: debug
  formatter: text
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
delete:
  enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io

Verify configuration

# check status
systemctl status docker

# restart docker
systemctl restart docker

# verify configuration has been loaded
systemctl show --property=Environment docker

# flush changes
systemctl daemon-reload

Configure dockerd to use a local registry-mirror

Add the following to the docker daemon configuration file, /etc/docker/daemon.json

Example on the registry-mirror:

{
  "insecure-registries": ["localhost:5000"]
}

Example command on the local registry to pull an image: 

docker pull localhost:5000/library/hello-world

Example on a remote platform pointing to the local registry-mirror (192.168.70.16):

{
  "debug": false,
  "ipv6": false,
  "registry-mirrors": ["http://172.25.0.48:5000"]
}

Example command on a remote docker to use the registry pull through cache: 

docker pull hello-world

Set dockerd config values

Configuration file is, /etc/docker/daemon.json

Example:

{
  "debug": true
  "ipv6": false
}

Installation

Install docker-ce on Ubuntu Linux

Source: https://docs.docker.com/install/linux/docker-ce/ubuntu/

sudo apt-get remove docker docker-engine docker.io containerd runc

sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo apt-key fingerprint 0EBFCD88

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

sudo docker run hello-world

Install docker-ce on Raspbain Linux (Raspberry Pi)

Source: https://docs.docker.com/install/linux/docker-ce/debian/

Following method used 4/24/2019.

Ran the command to pull the convenience script, curl -fsSL https://get.docker.com -o get-docker.sh

Example:

pi@pkgcache:~ $ curl -fsSL https://get.docker.com -o get-docker.sh
pi@pkgcache:~ $ chmod 0755 get-docker.sh
pi@pkgcache:~ $ sudo ./get-docker.sh 
# Executing docker install script, commit: 2f4ae48
+ sh -c apt-get update -qq >/dev/null
+ sh -c apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sh -c curl -fsSL "https://download.docker.com/linux/raspbian/gpg" | apt-key add -qq - >/dev/null
Warning: apt-key output should not be parsed (stdout is not a terminal)
+ sh -c echo "deb [arch=armhf] https://download.docker.com/linux/raspbian stretch stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ [ -n  ]
+ sh -c apt-get install -y -qq --no-install-recommends docker-ce >/dev/null
+ sh -c docker version
Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:57:21 2018
 OS/Arch:           linux/arm
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:17:57 2018
  OS/Arch:          linux/arm
  Experimental:     false
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:

  sudo usermod -aG docker your-user

Remember that you will have to log out and back in for this to take effect!

WARNING: Adding a user to the "docker" group will grant the ability to run
         containers which can be used to obtain root privileges on the
         docker host.
         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
         for more information.
pi@pkgcache:~ $

Various commands

Extract file contents from a container

Implies the path and file name are already known.

docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > output.yml

Miscellaneous

Create container: Docker Docs for off-line reference

For those times you would like to reference the documents but do not have Internet at that moment. The Docker Hub info is located here, https://hub.docker.com/r/docs/docker.github.io

docker pull docs/docker.github.io

docker container create -it -p 4000:4000 --name dockerdocs1903 docs/docker.github.io 

docker start dockerdocs

(point web-browser at http://0.0.0.0:4000) 

According to docsarchive the docs for specific versions may be obtained using tags.

v19.03	docker run -ti -p 4000:4000 docs/docker.github.io:latest
v18.09	docker run -ti -p 4000:4000 docs/docker.github.io:v18.09
v18.03	docker run -ti -p 4000:4000 docs/docker.github.io:v18.03
v17.06	docker run -ti -p 4000:4000 docs/docker.github.io:v17.06

Historical

Docker Host / Machine

Create a docker machine

Use the command docker-machine create <NAME>

docker-machine create default 
Running pre-create checks...
Creating machine...
(default) Copying /Users/jneuffer/.docker/machine/cache/boot2docker.iso to /Users/jneuffer/.docker/machine/machines/default/boot2docker.iso...
(default) Creating VirtualBox VM...
(default) Creating SSH key...
(default) Starting the VM...
(default) Check network to re-create if needed...
(default) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env default

Start / Restart / Stop / Kill a docker machine

docker-machine start <NAME>
docker-machine restart <NAME>
docker-machine stop <NAME>
docker-machine kill <NAME>

Status / State of a docker machine

docker-machine ls
NAME      ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER     ERRORS
default   -        virtualbox   Running   tcp://192.168.99.100:2376           v18.09.5 

Delete / remove a docker machine

docker-machine rm default
About to remove default
WARNING: This action will delete both local reference and remote instance.
Are you sure? (y/n): y
Successfully removed default

Connect to CLI of docker machine

docker-machine ssh default  
   ( '>')
  /) TC (\   Core is distributed with ABSOLUTELY NO WARRANTY.
 (/-_--_-\)           www.tinycorelinux.net

docker@default:~$

docker@default:~$ whoami
docker

docker@default:~$ cat /etc/os-release 
NAME=Boot2Docker
VERSION=18.09.5
ID=boot2docker
ID_LIKE=tcl
VERSION_ID=18.09.5
PRETTY_NAME="Boot2Docker 18.09.5 (TCL 8.2.1)"
ANSI_COLOR="1;34"
HOME_URL="https://github.com/boot2docker/boot2docker"
SUPPORT_URL="https://blog.docker.com/2016/11/introducing-docker-community-directory-docker-community-slack/"
BUG_REPORT_URL="https://github.com/boot2docker/boot2docker/issues"
docker@default:~$ 

Document Revision History

Date	Summary of Changes
1/22/2022	First draft and publish
11/28/2022	* Added section, Frequent Command Line Use. * Added section, Document Revision History. * Added section header, Endnotes / Footnotes / Sources

Endnotes / Footnotes / Sources

---

Footnotes and Sources

1. To cause one to remember something. jog memory. (n.d.) Farlex Dictionary of Idioms. (2015). Retrieved January 27 2022 from https://idioms.thefreedictionary.com/jog+memory[↩]
2. Attribution: http://www.googlinux.com/list-all-tags-of-docker-image/index.html[↩]
3. Attribution: https://stackoverflow.com/questions/28320134/how-to-list-all-tags-for-a-docker-image-on-a-remote-registry[↩]

---