Skip to content

Instantly share code, notes, and snippets.

@giulianolatini

giulianolatini/0_README.md

Forked from liuggio/0_README.md
Created March 17, 2016 17:14
Show Gist options
  • Save giulianolatini/f55705e3da3500022a62 to your computer and use it in GitHub Desktop.
Save giulianolatini/f55705e3da3500022a62 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0_README.md

Creare macchina virtuale

$ docker-machine create one -d virtualbox

docker-machine ssh one

edit /var/lib/boot2docker/profile (sotto debian /etc/default/docker)

EXTRA_ARGS='
 --registry-mirror=https://192.168.2.174:5000
  --insecure-registry=192.168.2.174:5000
'
exit;

docker-machine restart one;
docker-machine ssh one
docker pull alpine

 https://tmate.io/t/ro-qxlYiO1WrcUkKxNXbZdSucZlH
 ssh [email protected]

Images used in the workshop:

docker pull alpine
docker pull redis:alpine
docker pull nginx
docker pull avthart/consul-template
docker pull gliderlabs/registrator
docker pull progrium/consul
docker pull mongo
exercise:
docker pull atbaker/nginx-example
docker pull alpine
docker pull golang:1.5-alpine
Raw
1_exercise_basic-server.md

A basic webserver

Pull down this Docker image from the Docker Hub: atbaker/nginx-example

This Docker image uses the Nginx webserver to serve a static HTML website.

Start a new container from the atbaker/nginx-example image that exposes port 80 from the container to port 8000 on your host.

Open a web browser and go to http://localhost:8000

Raw
2_exercise_basic-server.md

Your webserver

Goal of the exercise:

Use the image of the above exercise atbaker/nginx-example and modify /usr/share/nginx/html/index.html in order to have: with

https://screencloud.net/v/qQfP

Raw
3_exercise_cleanup.md

You have to cleanup your local images and old containers regulary. Write a single line command to delete all container exited

Raw
4_a_secomp_cmod.md

Wow chmod doesn't work

$ echo ' { "defaultAction": "SCMP_ACT_ALLOW","syscalls": [ { "name": "chmod","action": "SCMP_ACT_ERRNO"} ] }' > chmod.json && cat chmod.json | jq .

{
  "defaultAction": "SCMP_ACT_ALLOW",
  "syscalls": [
    {
      "name": "chmod",
      "action": "SCMP_ACT_ERRNO"
    }
  ]
}

$ docker run --security-opt seccomp:chmod.json alpine /bin/sh -c "touch a;chmod 777 a;"

$ docker run --cap-drop=CHOWN

The goal here is to block and then unblock the unshare command

Given the template: docker run SECOMP-OPTIONS alpine /bin/sc -c "unshare --user --pid echo hello". find the proper secomp options SECOMP-OPTIONS and create two docker run commands in order to have:

  1. a failure with the first command.

  2. a "hello" with the second command.

Raw
4_b_slow_down_that_cnt.md

Reduce it!

Your client is not paying and you want to reduce his/her nginx container litiming read ps to 1mb.

Execute an nginx container with a single cpu, with read and write on 1mb per second

Raw
5_attachment_test.sh
#!/usr/bin/env sh
docker build -t test-bashd . || exit 1
pid=$(docker run -d -p 8080:8080 test-bashd)
wget -O /tmp/index.html localhost:8080 || exit 2
docker logs $pid
docker rm -f $pid;
echo "\n\n\n--------------------\nBuild ok!"
exit 0;
Raw
5_Dockerfile_bash_http_server.md

The HTTP bash server

The goal is to write your Dockerfile, build it with a tag name, and run exposing the 8080 port.

using the 6_attachment_test.sh you can test if it worked :)

Raw
5a_backup_state.md

Backup state!

Committing (saving) a container state writing 2 commands that:

  1. Pick an image and run a container that writes to a log file in /var/log/log.log every second call it daemon
  2. While damon is running, create and run a second daemon starting from the container's volume of daemon.
Raw
6a_exercise_volume.md

Prove that

  • if you don't modify the filesystem into the container: docker run -d -v /usr/share/nginx/html --name mynginx nginx creates a directory under /var/lib/docker/volumes/?
  • If you create a container with no volumes, and a new file was created... what's up to that file when container is stopped?
  • If you create a container from a dockerfile that has a volume, is in the aufs?
Raw
6b_exercise_sharing_logs.md

Share the logs

Given the nginx container, create another container that shows the nginx log

Raw
7_machine.md

Machine create

Create those machines

$ docker-machine create -d virtualbox consul && \ 
docker $(docker-machine config consul) pull nginx

$docker-machine create -d virtualbox manager && \
      docker-machine create -d virtualbox ag1 && \
      docker-machine create -d virtualbox ag2

git clone liuggio/workshop.git

Raw
7a_compose_build_from_email.md

Build that

Using the main.go application create a Dockerfile and a docker-compose.yml to run in production.

Email from dev to you dev-operator

Hi dev-ops mate,
you have to deploy this great application I made!

I suggest you to use docker-compose 

ps: you need to run `go get gopkg.in/mgo.v2` then `go build main.go` than `./main.go`
pps: remember to change the mongo ip, the db name would change in the future.
ppps: I suggest you to use `golang:1.5-alpine`

bye!

dev.

main.go

package main

import (
	"fmt"
	"net/http"
	"gopkg.in/mgo.v2"
	"gopkg.in/mgo.v2/bson"
	"time"
)

type Ping struct {
	Id   bson.ObjectId `bson:"_id"`
	Time time.Time     `bson:"time"`
}

func handler(w http.ResponseWriter, r *http.Request) {

	session, err := mgo.Dial("localhost")
	if err != nil {
		panic(err)
	}
	db := session.DB("aaa")
	defer session.Close()

	ping := Ping{
		Id:   bson.NewObjectId(),
		Time: time.Now(),
	}

	db.C("pings").Insert(ping)
	// get all records
	pings := []Ping{}
	db.C("pings").Find(nil).All(&pings)

	fmt.Fprintf(w, "%s", pings)
}

func main() {
	http.HandleFunc("/", handler)
	http.ListenAndServe(":8080", nil)
}
Raw
7b_compose_blue_green.md

Duplicates services

Improving the docker-compose.yml you created in the exercise 7a, are you able to have 2 golang services one called blue and the other called green, also the green network and blue network?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment