Docker lab testing/learning

1. --------------------------------- Docker lab test/learn exploration -------------------------------
2.  
3. ENVIRO:
4. - centos7test 192.168.1.70 (CentOS 7.3 physical server w/I7 CPU, 32GB RAM, various SSD internal storage)
5. - chattypuma.acme.krt 192.168.1.55 (NetBackup 8.0 master server)
6.  
7.  
8. I. We'll create a tarball of the '/' volume on the NB master to import into docker to create a container image:
9.  
10. 1. On the physical NB server, stop NB svcs, cleanup logs, tmp dir. Then create a tarball of '/':
11. [root@chattypuma test]# tar --numeric-owner --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/mnt --exclude=/vol --exclude=/var/log/lastlog -cvf nb_master_server.tar /
12.  
13. 2. on the physical NB server, scp tarball to the docker host:
14. [root@chattypuma test]# scp nb_master_server.tar root@192.168.1.70:/test
15. root@192.168.1.70's password:
16. nb_master_server.tar 100% 6895MB 7.6MB/s 15:11
17.  
18.  
19. -- remaining steps on docker host:
20.  
21. 3. import the tarball to a new docker image:
22. root@centos7test]:/test # cat nb_master_server.tar | docker import - nb_master sha256:1b330615efd00c9aa1d985e4b33cc508521f550d392df92f1138e65ef8a3f5b8
23.  
24. - list docker images:
25. root@centos7test]:/test # docker images
26. REPOSITORY TAG IMAGE ID CREATED SIZE
27. nb_master latest 1b330615efd0 About a minute ago 7.09 GB
28.  
29. 4. run the new NB docker image:
30. root@centos7test]:/test # docker run -it --name=test --hostname=chattypuma2 1b330615efd0 /bin/bash
31. [root@chattypuma2 /]#
32.  
33. NOTE: to run it so iptables will work, add argument '--cap-add=NET_ADMIN':
34. # docker run -it --cap-add=NET_ADMIN --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
35.  
36. ------------ ------------- ------------- ----------------
37.  
38. Now how to remove/delete an image/container:
39.  
40. root@centos7test]:/test # docker image rm nb_master
41. Error response from daemon: conflict: unable to remove repository reference "nb_master" (must force) - container 31d6e8474324 is using its referenced image 1b330615efd0
42.  
43.  
44. - list running containers:
45. root@centos7test]:/test # docker ps
46.  
47. - stop a container:
48. # docker stop 31d6e8474324
49.  
50. - list non-running docker containers:
51. root@centos7test]:/test # docker ps -l
52. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53. 31d6e8474324 1b330615efd0 "/bin/bash" About an hour ago Exited (1) 54 minutes ago test
54.  
55.  
56. - show all containers/images:
57.  
58. root@centos7test]:/test # docker ps -as
59. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
60. 325042579f8a 52ea64cc2b79 "/bin/bash" 6 hours ago Exited (127) 4 minutes ago nb8master 289 MB (virtual 7.38 GB)
61. a9841e9b4efa docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 21 hours ago Up 21 hours 0.0.0.0:12381->12381/tcp ucp-cluster-root-ca 0 B (virtual 15.1 MB)
62. 92efb15df907 docker/ucp-agent:2.1.4 "/bin/ucp-agent re..." 21 hours ago Exited (1) 21 hours ago ucp-reconcile 0 B (virtual 22.5 MB)
63. ddf6ad63025e docker/ucp-agent@sha256:d072694d639fbbe1a0e3e6a0e2ac9fdf4770daa186a5d7f39a4a0e0aadfe4be6 "/bin/ucp-agent agent" 33 hours ago Up 33 hours 2376/tcp ucp-agent.rhtxdg2o3ze2oyy0hp4hxobt0.txatpp6f9oo7oz6hbt33g4e72 0 B (virtual 22.5 MB)
64. 4281d5856ad3 docker/ucp-controller:2.1.4 "/bin/controller s..." 2 days ago Up 4 minutes (unhealthy) 0.0.0.0:443->8080/tcp ucp-controller 0 B (virtual 28 MB)
65. 8d42d9c1b994 docker/ucp-swarm:2.1.4 "/bin/swarm manage..." 2 days ago Up 33 hours 0.0.0.0:2376->2375/tcp ucp-swarm-manager 0 B (virtual 21 MB)
66. 0877473d5596 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-api 0 B (virtual 25.1 MB)
67. fc1667bc27d5 docker/ucp-metrics:2.1.4 "/bin/entrypoint.s..." 2 days ago Up 33 hours 0.0.0.0:12387->12387/tcp ucp-metrics 378 B (virtual 92.2 MB)
68. c10744df5ae4 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-worker 0 B (virtual 25.1 MB)
69. 210e10f8dfa9 docker/ucp-auth-store:2.1.4 "rethinkdb --bind ..." 2 days ago Up 33 hours 0.0.0.0:12383-12384->12383-12384/tcp ucp-auth-store 0 B (virtual 58.7 MB)
70. fd134e260859 docker/ucp-etcd:2.1.4 "/bin/etcd --data-..." 2 days ago Up 33 hours (healthy) 2380/tcp, 4001/tcp, 7001/tcp, 0.0.0.0:12380->12380/tcp, 0.0.0.0:12379->2379/tcp ucp-kv 0 B (virtual 38.5 MB)
71. 5c4de0d61669 docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 2 days ago Up 33 hours 0.0.0.0:12382->12382/tcp ucp-client-root-ca 0 B (virtual 15.1 MB)
72. 81a2db8ee3f1 docker/ucp-agent:2.1.4 "/bin/ucp-agent pr..." 2 days ago Up 33 hours 0.0.0.0:12376->2376/tcp ucp-proxy 0 B (virtual 22.5 MB)
73.  
74.  
75. - delete the name:
76.  
77. root@centos7test]:/test # docker rm nb8master
78. nb8master
79.  
80.  
81. - delete the image:
82.  
83. root@centos7test]:/test # docker image rm 52ea64cc2b79
84. Untagged: nb8_master:latest
85. Deleted: sha256:52ea64cc2b7943775e94228c58a6ea78fe03a061cbdffcda751427d901bd7ddf
86. Deleted: sha256:de174ed9a3c4ee040653938b39246e7df16729327a3c8e27b2940a1c3ae1af68
87.  
88.  
89. - now it is gone:
90.  
91. root@centos7test]:/test # docker ps -as
92. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
93. a9841e9b4efa docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 21 hours ago Up 21 hours 0.0.0.0:12381->12381/tcp ucp-cluster-root-ca 0 B (virtual 15.1 MB)
94. 92efb15df907 docker/ucp-agent:2.1.4 "/bin/ucp-agent re..." 21 hours ago Exited (1) 21 hours ago ucp-reconcile 0 B (virtual 22.5 MB)
95. ddf6ad63025e docker/ucp-agent@sha256:d072694d639fbbe1a0e3e6a0e2ac9fdf4770daa186a5d7f39a4a0e0aadfe4be6 "/bin/ucp-agent agent" 33 hours ago Up 33 hours 2376/tcp ucp-agent.rhtxdg2o3ze2oyy0hp4hxobt0.txatpp6f9oo7oz6hbt33g4e72 0 B (virtual 22.5 MB)
96. 4281d5856ad3 docker/ucp-controller:2.1.4 "/bin/controller s..." 2 days ago Up 2 minutes (unhealthy) 0.0.0.0:443->8080/tcp ucp-controller 0 B (virtual 28 MB)
97. 8d42d9c1b994 docker/ucp-swarm:2.1.4 "/bin/swarm manage..." 2 days ago Up 33 hours 0.0.0.0:2376->2375/tcp ucp-swarm-manager 0 B (virtual 21 MB)
98. 0877473d5596 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-api 0 B (virtual 25.1 MB)
99. fc1667bc27d5 docker/ucp-metrics:2.1.4 "/bin/entrypoint.s..." 2 days ago Up 33 hours 0.0.0.0:12387->12387/tcp ucp-metrics 378 B (virtual 92.2 MB)
100. c10744df5ae4 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-worker 0 B (virtual 25.1 MB)
101. 210e10f8dfa9 docker/ucp-auth-store:2.1.4 "rethinkdb --bind ..." 2 days ago Up 33 hours 0.0.0.0:12383-12384->12383-12384/tcp ucp-auth-store 0 B (virtual 58.7 MB)
102. fd134e260859 docker/ucp-etcd:2.1.4 "/bin/etcd --data-..." 2 days ago Up 33 hours (healthy) 2380/tcp, 4001/tcp, 7001/tcp, 0.0.0.0:12380->12380/tcp, 0.0.0.0:12379->2379/tcp ucp-kv 0 B (virtual 38.5 MB)
103. 5c4de0d61669 docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 2 days ago Up 33 hours 0.0.0.0:12382->12382/tcp ucp-client-root-ca 0 B (virtual 15.1 MB)
104. 81a2db8ee3f1 docker/ucp-agent:2.1.4 "/bin/ucp-agent pr..." 2 days ago Up 33 hours 0.0.0.0:12376->2376/tcp ucp-proxy 0 B (virtual 22.5 MB)
105.  
106.  
107.  
108.  
109. root@centos7test]:/test # docker images
110. REPOSITORY TAG IMAGE ID CREATED SIZE
111. docker/ucp-swarm 2.1.4 d8b51d6801e5 3 weeks ago 21 MB
112. docker/ucp-metrics 2.1.4 e3e24ef156bd 3 weeks ago 92.2 MB
113. docker/ucp-hrm 2.1.4 38a19323327d 3 weeks ago 14.8 MB
114. docker/ucp-etcd 2.1.4 9aa382502e19 3 weeks ago 38.5 MB
115. docker/ucp-controller 2.1.4 5a852aa3039e 3 weeks ago 28 MB
116. docker/ucp-dsinfo 2.1.4 66ee9368796a 3 weeks ago 159 MB
117. docker/ucp 2.1.4 7a28dbfc44e4 3 weeks ago 19.1 MB
118. docker/ucp-cfssl 2.1.4 acdc1f147711 3 weeks ago 15.1 MB
119. docker/ucp-compose 2.1.4 25775e989077 3 weeks ago 32.9 MB
120. docker/ucp-auth-store 2.1.4 f27ad13dee6c 3 weeks ago 58.7 MB
121. docker/ucp-agent 2.1.4 d716a096c331 3 weeks ago 22.5 MB
122. docker/ucp-auth 2.1.4 1f4739cd3c08 3 weeks ago 25.1 MB
123. hello-world latest 48b5124b2768 4 months ago 1.84 kB
124.  
125.  
126.  
127. -------------------------------------------------------------------------
128.  
129. ===============================================================================================
130.  
131. - another import command, this time to create a media server (did this on a NB mediasvr w/svcs stopped):
132.  
133. [root@centos7test test]# cat nb_mediasvr.tar | docker import - nbmediasvr
134. sha256:61df98fce31a0655f283e0a1d9a94bc6309fcf4e6a59b38492785c525b36c549
135.  
136. ===============================================================================================
137. ===============================================================================================
138.  
139.  
140. ---> Tuesday, June 20 **macvlan testing**:
141.  
142. - NEED: Need the Docker container NB installations to be able to communicate directly on public IP addresses to other NB servers/clients on that public network.
143.  
144. - PROBLEM: Docker containerized NB installations run into network connectivity issues when on 172. network while other NB servers/clients on a 192.168.1.0 network.
145.  
146.  
147. - ENVIRO:
148. - Docker physical host server: centos7test 192.168.1.70 (CentOS 7.3 physical server w/I7 CPU, 32GB RAM, various SSD internal storage)
149. - NetBackup 8.0 physical master: chattypuma.acme.krt 192.168.1.55
150. - Cisco network router: 192.168.1.1
151. - Docker containers on NAT'd 172.17.0.0 network
152.  
153. - Docker host ip a snippets:
154. [root@centos7test ~]# ip a
155. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
156. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
157. inet 127.0.0.1/8 scope host lo
158. valid_lft forever preferred_lft forever
159. inet6 ::1/128 scope host
160. valid_lft forever preferred_lft forever
161. 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
162. link/ether 60:a4:4c:24:a7:80 brd ff:ff:ff:ff:ff:ff
163. inet 192.168.1.70/32 brd 192.168.1.70 scope global enp3s0
164. valid_lft forever preferred_lft forever
165. inet6 fe80::62a4:4cff:fe24:a780/64 scope link
166. valid_lft forever preferred_lft forever
167. 5: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
168. link/ether 02:42:cc:b2:a4:27 brd ff:ff:ff:ff:ff:ff
169. inet 172.18.0.1/16 scope global docker_gwbridge
170. valid_lft forever preferred_lft forever
171. inet6 fe80::42:ccff:feb2:a427/64 scope link
172. valid_lft forever preferred_lft forever
173. 6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
174. link/ether 02:42:34:3b:0f:8b brd ff:ff:ff:ff:ff:ff
175. inet 172.17.0.1/16 scope global docker0
176. valid_lft forever preferred_lft forever
177. inet6 fe80::42:34ff:fe3b:f8b/64 scope link
178. valid_lft forever preferred_lft forever
179.  
180.  
181.  
182. REFERENCE: http://blog.scottlowe.org/2016/01/28/docker-macvlan-interfaces/
183.  
184. - create the macvlan network named mvln1 (where the public network is the entire 192.168.1.0 and default gateway (physical router) is 192.168.1.1 and the NIC on the physical Docker host server is enp3s0):
185. docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
186.  
187.  
188. [root@centos7test ~]# docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
189. 6d168fc65358ae0d32673adc47bcfb9257db96dfbaac0bdd43b9686a29300af3
190.  
191.  
192. - list docker networks:
193. [root@centos7test ~]# docker network ls
194. NETWORK ID NAME DRIVER SCOPE
195. fc49a9cf4d03 bridge bridge local
196. 65f7e49091c6 docker_gwbridge bridge local
197. eb168770de9b host host local
198. lri1vkb8v5nb ingress overlay swarm
199. 6d168fc65358 mvln1 macvlan local
200. 3fd9518912f1 none null local
201. [root@centos7test ~]#
202.  
203.  
204. [root@centos7test ~]# docker network inspect mvln1
205. [
206. {
207. "Name": "mvln1",
208. "Id": "6d168fc65358ae0d32673adc47bcfb9257db96dfbaac0bdd43b9686a29300af3",
209. "Created": "2017-06-20T07:17:24.105548324-04:00",
210. "Scope": "local",
211. "Driver": "macvlan",
212. "EnableIPv6": false,
213. "IPAM": {
214. "Driver": "default",
215. "Options": {},
216. "Config": [
217. {
218. "Subnet": "192.168.1.0/24",
219. "Gateway": "192.168.1.1"
220. }
221. ]
222. },
223. "Internal": false,
224. "Attachable": false,
225. "Containers": {},
226. "Options": {
227. "host_iface": "enp3s0"
228. },
229. "Labels": {}
230. }
231. ]
232.  
233.  
234.  
235. - now run a container and specify to use the new macvlan network:
236. docker run -it --cap-add=NET_ADMIN --rm --net=mvln1--name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
237.  
238. - ran into a problem running a container:
239. [root@centos7test ~]# docker run -it --cap-add=NET_ADMIN --net=mvln1 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
240. docker: Error response from daemon: Conflict. The container name "/nbmediasvr1" is already in use by container d487530b26700654fb07d6f420075d056c945ebda293c558471a37b243e2165c. You have to remove (or rename) that container to be able to reuse that name..
241. See 'docker run --help'.
242.  
243. - list running containers:
244. [root@centos7test ~]# docker ps -l
245. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
246. d487530b2670 61df98fce31a "/bin/bash" 2 weeks ago Exited (137) 2 weeks ago nbmediasvr1
247. [root@centos7test ~]#
248.  
249. - need to 'remove' the docker container by container ID:
250. [root@centos7test ~]# docker rm d487530b2670
251. d487530b2670
252. [root@centos7test ~]#
253. [root@centos7test ~]#
254.  
255. - now it runs:
256. [root@centos7test ~]# docker run -it --cap-add=NET_ADMIN --net=mvln1 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
257. [root@nbmediasvr1 /]#
258.  
259. ....but nbmediasvr1 cannot ping out, nor can it be pinged from outside.
260.  
261.  
262. ------------ ------------ ------------ 2nd try below: ------------ ------------ ------------
263.  
264. -- winner!:
265. - reference: https://docs.docker.com/engine/userguide/networking/get-started-macvlan/#macvlan-bridge-mode-example-usage
266.  
267. - delete prior attempt macvlan network:
268. docker network rm mvln
269.  
270. - create macvlan network to use public network 192.168.1.0, public gateway (it's a physical network router) 192.168.1.1, attached to the physical docker host NIC enp3s0:
271. docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
272.  
273. docker run -it --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
274.  
275. SUCCESS!! Ping works from inside the Docker container!!!
276. [root@nbmediasvr1 ~]# ping chattypuma
277. PING chattypuma.acme.krt (192.168.1.55) 56(84) bytes of data.
278. 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=1 ttl=64 time=1.50 ms
279. 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=2 ttl=64 time=1.52 ms
280. 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=3 ttl=64 time=1.63 ms
281. ^C
282. --- chattypuma.acme.krt ping statistics ---
283. 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
284. rtt min/avg/max/mdev = 1.507/1.554/1.634/0.072 ms
285. [root@nbmediasvr1 ~]#
286.  
287.  
288. Note: They solution involved changing the docker network create command to change the -o host_iface= to -host parent=, but I really think the true solution was the change in the docker run command of explicitly specifying an IP address for the container.
289.  
290.  
291. =============================================================================================================
292.  
293. June 22:
294.  
295. ---- How to add a docker volume to be used for MSDP storage and other persistent items and then mount it in a container:
296.  
297. - create volume:
298. docker volume create --name msdp1
299.  
300. - now run a container while calling for the msdp1 volume to be mounted in the container into directory '/msdp':
301.  
302. docker run -it -v msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
303.  
304. - if we have external disk storage mounted as /msdp1, then we would change the -v path like this:
305.  
306. docker run -it -v /msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
307.  
308. ------------- -------------- ------------- -------------- ------------- --------------
309.  
310. ---- How to run a Docker container non-interactive:
311.  
312. - Run container as a daemon (no interactive shell), the switches that allow this are the -i[t] and particularly -[d]:
313.  
314. [root@centos7test ~]# docker run -it -v msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 -d --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
315. d92ceb34aee64d5441761f3f11e71569cada72ed927e3542471556d51a894e48
316.  
317. note: if we had left off the 't' in the -it argument, then if we attach then detach the container will quit.
318.  
319.  
320. To attach:
321. 1. get the container id:
322. [root@centos7test docker]# docker ps -l
323. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
324. d92ceb34aee6 bf143e15395f "/bin/bash" 4 minutes ago Up 4 minutes nbmediasvr1
325.  
326. 2. attach:
327. [root@centos7test ~]# docker attach d92ceb34aee6
328.  
329.  
330. To detach, type the following (which will leave the container running): ctrl+p+q
331.  
332. ===============================================================================================
333.  
334. -- login to a running container (open a bash prompt inside the container):
335. 1. Get a list of containers, note the names:
336. # docker ps
337.  
338. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
339. 9638dbeef055 nicolaka/netshoot "/bin/bash -l" 8 hours ago Up 8 hours gracious_neumann
340. 566af1ee4ab8 3bbb526d2608 "bash" 8 hours ago Up 8 hours debian
341.  
342. 2. Run (typically 'docker exec -it <container name> /bin/bash' for Debian/Ubuntu, just run 'docker exec -it <container name> bash'):
343. # docker exec -it debian bash