Docker

Command utility tools

ctop lazydocker

Rimuovere immagini non più usate

docker image prune -f

Pulizia di dati non più utilizzati (images, container, networks)

docker system prune --all --force

Note (don't create a container every times!)

ogni volta che si lancia il comando si creano nuovi container di quell'immagine

Creare un container (oracle)

docker run -d -p 49161:1521 -v mdist-dev-local:/opt/oracle/oradata wnameless/oracle-xe-11g-r2

--name altrimenti creato un nome random:

docker run --name oracle-ee -p 1521:1521 ...

docker ps -ALTER

Starting services of docker compose

docker-compose up -d

To start a specific service of a docker-compose

docker-compose up -d mysql-server

Rebuild service of docker-compose

docker-compose up --build --force-recreate --no-deps -d <servicename>

Starting a container (already created)

docker start -ai 11cc47339ee1

(docker start -ai e17d58165b78)

Stop services of docker compose

docker-compose down

Stop a container

docker stop e17d58165b78

Show container images (showing sizes in MB)

docker-compose images

Collegarsi con SQLcl al docker oracle avviato

sql system/oracle@//localhost:49162:xe

dover user:sytstem, pwd:oracle e SID:xe

Run script sql on docker oracle image

sqlplus user/pwd@//localhost:1521/ORCLPDB1 yourpath/yourscript.sql

Copy file from containter to host

docker cp revproxy_webngx_1:/etc/nginx/conf-d.tgz docker/nginx/

Remove container (by name)

docker container rm mdistDevOracle

Remove containers and images from docker-compose

docker-compose down -v --rmi all

Build di un'immagine locale (con Dockerfile)

docker build -t wnameless/oracle-xe-11g-mdistdev .

Utilities

Find UID ad users/gruop of container (ie: www-data)

docker DOCKER_CONTAINER_ID id

Con docker-compose:

docker-compose exec SERVICE_NAME id

Shell on image

As root (you need to specify workdir)

docker-compose exec --workdir /var/www/php --user root php-dei sh

Volumes

Create a Volume

docker volume create my-vol

Possible local volume path: /var/lib/docker/volumes/mysql_mysql-data/_data

TODO Verify:

docker volume create --name=mdist-dev-local --opt device=/home/gabri/Documents/oracle/db/mdist-dev-local/oradata --opt type=none --opt o=bind

List volumes

docker volume ls

Inspect a volume

docker inspect mysql_mysql-data

Remove a Volume

docker volume rm mysqldev_mysql-data

Backups

Database backup on instance

Backup di un db usando mysqldump e utenza root, poi zippando l'sql generato e salvandolo in una cartella dell'host

docker exec mysql_mysql-server_1 sh -c 'exec mysqldump -u root -p"$MYSQL_ROOT_PASSWORD" gabri_nueter' | gzip -c > $HOME/backup/db/nueter/gabri_nueter-`date +\%Y\%m\%d`.sql.gz

Docker Limits

It's possible to limit, on docker compose file, cpu e mem usage

Docker Secrets

Don't store secrets on Env variable (docker inspect [image] show them) and if you copy files and delete theme ..pay attention to docker chache @see Docker Secrets for docker compose

Creating ssh to connect to server (avoiding auth root)

ssh-keygen -t rsa -b 4096 -f ~/.ssh/vps-cloud.web-server.key -C "My web-server key"

Where, -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2. -b 4096 : Specifies the number of bits in the key to create -f ~/.ssh/vps-cloud.web-server.key : Specifies the filename of the key file. -C "My web-server key" : Set a new comment.

Connect via ssh with generated key

ssh -i ~/.ssh/vps-hetz.web-server.key [email protected]

Installation docker and other stuff

sudo apt-get update

sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo apt-key fingerprint 0EBFCD88

fingerprint should be '9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88'

sudo add-apt-repository \
   "deb [arch=amd64] https://download.
   er.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

sudo apt-get install docker-ce docker-ce-cli containerd.io

Verify installation sudo docker run hello-world

NB: For alpine, the following dependency packages are needed: py-pip, python-dev, libffi-dev, openssl-dev, gcc, libc-dev, and make

--apt install ctop [non è quello per vedere i processi docker]
sudo wget https://github.com/bcicen/ctop/releases/download/v0.7.5/ctop-0.7.5-linux-amd64 -O /usr/local/bin/ctop
sudo chmod +x /usr/local/bin/ctop

apt install make
--apt install py-pip python-dev libffi-dev openssl-dev gcc libc-dev
sudo apt install libffi-dev gcc libc6-dev

Docker compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Creating sudoers (non root) user [https://community.hetzner.com/tutorials/debian-base-configuration-docker]

adduser --disabled-password gabri

To assign the permissions to the user, we create the file /etc/sudoers.d/90-gabri

vim /etc/sudoers.d/90-gabri

with the following content:

gabri ALL=(ALL) NOPASSWD:ALL

For additional security, we adjust the configuration of the SSH server. To do this we open /etc/ssh/sshd_config, delete the contents of the file and insert the configuration below instead:

Protocol 2
Port 44933
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin no
StrictModes yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers gabri

Depositing the public key

mkdir -p /home/gabri/.ssh
vim /home/gabri/.ssh/authorized_keys [insert the public key]
chmod 600 /home/gabri/.ssh/authorized_keys
chown gabri:gabri /home/gabri/.ssh/authorized_keys

Activating the new configuration

systemctl restart sshd

Try connecting with the new user

ssh -i ~/.ssh/vps-hetz.web-server.key -p 44933 gabri@<your_host>

Access to Docker By default, Docker can only be used as root. In order use Docker (without sudo) the user 'holu' has to be a member of the 'docker' group.

sudo usermod -aG docker gabri

Note: Users in the 'docker' group effectively have root privileges

Firewall setup and config : [https://community.hetzner.com/tutorials/debian-base-configuration-docker#step-3---firewall-setup]

Copying file to remote

scp -i ~/.ssh/vps-hetz.web-server.key -P 44933 -p gabri_deiverbum-20201107.sql.gz .env Makefile TODO.txt docker-compose.yml [email protected]:/home/gabri/devops/deiverbum

-p preserva le date di modifica se si vuole copiare ricorsivamente usare -rp

Creating network to bridge all the containers

docker network create nginx-proxy

From now on, we need to ensure that we’re always adding new containers to the nginx-proxy Docker network

In docker-compose we have /var/run/docker.sock:/tmp/docker.sock line accomplishes. Essentially, this gives any container access to the host’s Docker socket, which contains information about a variety of Docker events, such as creating a new container, or shutting one down. Every time you add a container, nginx-proxy sees the event through the socket, automatically creates the configuration file needed to route traffic, and restarts nginx to make the changes available immediately. nginx-proxy looks for containers with the VIRTUAL_HOST variable enabled, so that’s critical to our operations moving forward.

Gabri/dockerCommands.md