Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --------------------------------- Docker lab test/learn exploration -------------------------------
- ENVIRO:
- - centos7test 192.168.1.70 (CentOS 7.3 physical server w/I7 CPU, 32GB RAM, various SSD internal storage)
- - chattypuma.acme.krt 192.168.1.55 (NetBackup 8.0 master server)
- I. We'll create a tarball of the '/' volume on the NB master to import into docker to create a container image:
- 1. On the physical NB server, stop NB svcs, cleanup logs, tmp dir. Then create a tarball of '/':
- [root@chattypuma test]# tar --numeric-owner --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/mnt --exclude=/vol --exclude=/var/log/lastlog -cvf nb_master_server.tar /
- 2. on the physical NB server, scp tarball to the docker host:
- [root@chattypuma test]# scp nb_master_server.tar root@192.168.1.70:/test
- root@192.168.1.70's password:
- nb_master_server.tar 100% 6895MB 7.6MB/s 15:11
- -- remaining steps on docker host:
- 3. import the tarball to a new docker image:
- root@centos7test]:/test # cat nb_master_server.tar | docker import - nb_master sha256:1b330615efd00c9aa1d985e4b33cc508521f550d392df92f1138e65ef8a3f5b8
- - list docker images:
- root@centos7test]:/test # docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- nb_master latest 1b330615efd0 About a minute ago 7.09 GB
- 4. run the new NB docker image:
- root@centos7test]:/test # docker run -it --name=test --hostname=chattypuma2 1b330615efd0 /bin/bash
- [root@chattypuma2 /]#
- NOTE: to run it so iptables will work, add argument '--cap-add=NET_ADMIN':
- # docker run -it --cap-add=NET_ADMIN --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
- ------------ ------------- ------------- ----------------
- Now how to remove/delete an image/container:
- root@centos7test]:/test # docker image rm nb_master
- Error response from daemon: conflict: unable to remove repository reference "nb_master" (must force) - container 31d6e8474324 is using its referenced image 1b330615efd0
- - list running containers:
- root@centos7test]:/test # docker ps
- - stop a container:
- # docker stop 31d6e8474324
- - list non-running docker containers:
- root@centos7test]:/test # docker ps -l
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 31d6e8474324 1b330615efd0 "/bin/bash" About an hour ago Exited (1) 54 minutes ago test
- - show all containers/images:
- root@centos7test]:/test # docker ps -as
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
- 325042579f8a 52ea64cc2b79 "/bin/bash" 6 hours ago Exited (127) 4 minutes ago nb8master 289 MB (virtual 7.38 GB)
- a9841e9b4efa docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 21 hours ago Up 21 hours 0.0.0.0:12381->12381/tcp ucp-cluster-root-ca 0 B (virtual 15.1 MB)
- 92efb15df907 docker/ucp-agent:2.1.4 "/bin/ucp-agent re..." 21 hours ago Exited (1) 21 hours ago ucp-reconcile 0 B (virtual 22.5 MB)
- ddf6ad63025e docker/ucp-agent@sha256:d072694d639fbbe1a0e3e6a0e2ac9fdf4770daa186a5d7f39a4a0e0aadfe4be6 "/bin/ucp-agent agent" 33 hours ago Up 33 hours 2376/tcp ucp-agent.rhtxdg2o3ze2oyy0hp4hxobt0.txatpp6f9oo7oz6hbt33g4e72 0 B (virtual 22.5 MB)
- 4281d5856ad3 docker/ucp-controller:2.1.4 "/bin/controller s..." 2 days ago Up 4 minutes (unhealthy) 0.0.0.0:443->8080/tcp ucp-controller 0 B (virtual 28 MB)
- 8d42d9c1b994 docker/ucp-swarm:2.1.4 "/bin/swarm manage..." 2 days ago Up 33 hours 0.0.0.0:2376->2375/tcp ucp-swarm-manager 0 B (virtual 21 MB)
- 0877473d5596 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-api 0 B (virtual 25.1 MB)
- fc1667bc27d5 docker/ucp-metrics:2.1.4 "/bin/entrypoint.s..." 2 days ago Up 33 hours 0.0.0.0:12387->12387/tcp ucp-metrics 378 B (virtual 92.2 MB)
- c10744df5ae4 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-worker 0 B (virtual 25.1 MB)
- 210e10f8dfa9 docker/ucp-auth-store:2.1.4 "rethinkdb --bind ..." 2 days ago Up 33 hours 0.0.0.0:12383-12384->12383-12384/tcp ucp-auth-store 0 B (virtual 58.7 MB)
- fd134e260859 docker/ucp-etcd:2.1.4 "/bin/etcd --data-..." 2 days ago Up 33 hours (healthy) 2380/tcp, 4001/tcp, 7001/tcp, 0.0.0.0:12380->12380/tcp, 0.0.0.0:12379->2379/tcp ucp-kv 0 B (virtual 38.5 MB)
- 5c4de0d61669 docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 2 days ago Up 33 hours 0.0.0.0:12382->12382/tcp ucp-client-root-ca 0 B (virtual 15.1 MB)
- 81a2db8ee3f1 docker/ucp-agent:2.1.4 "/bin/ucp-agent pr..." 2 days ago Up 33 hours 0.0.0.0:12376->2376/tcp ucp-proxy 0 B (virtual 22.5 MB)
- - delete the name:
- root@centos7test]:/test # docker rm nb8master
- nb8master
- - delete the image:
- root@centos7test]:/test # docker image rm 52ea64cc2b79
- Untagged: nb8_master:latest
- Deleted: sha256:52ea64cc2b7943775e94228c58a6ea78fe03a061cbdffcda751427d901bd7ddf
- Deleted: sha256:de174ed9a3c4ee040653938b39246e7df16729327a3c8e27b2940a1c3ae1af68
- - now it is gone:
- root@centos7test]:/test # docker ps -as
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
- a9841e9b4efa docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 21 hours ago Up 21 hours 0.0.0.0:12381->12381/tcp ucp-cluster-root-ca 0 B (virtual 15.1 MB)
- 92efb15df907 docker/ucp-agent:2.1.4 "/bin/ucp-agent re..." 21 hours ago Exited (1) 21 hours ago ucp-reconcile 0 B (virtual 22.5 MB)
- ddf6ad63025e docker/ucp-agent@sha256:d072694d639fbbe1a0e3e6a0e2ac9fdf4770daa186a5d7f39a4a0e0aadfe4be6 "/bin/ucp-agent agent" 33 hours ago Up 33 hours 2376/tcp ucp-agent.rhtxdg2o3ze2oyy0hp4hxobt0.txatpp6f9oo7oz6hbt33g4e72 0 B (virtual 22.5 MB)
- 4281d5856ad3 docker/ucp-controller:2.1.4 "/bin/controller s..." 2 days ago Up 2 minutes (unhealthy) 0.0.0.0:443->8080/tcp ucp-controller 0 B (virtual 28 MB)
- 8d42d9c1b994 docker/ucp-swarm:2.1.4 "/bin/swarm manage..." 2 days ago Up 33 hours 0.0.0.0:2376->2375/tcp ucp-swarm-manager 0 B (virtual 21 MB)
- 0877473d5596 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-api 0 B (virtual 25.1 MB)
- fc1667bc27d5 docker/ucp-metrics:2.1.4 "/bin/entrypoint.s..." 2 days ago Up 33 hours 0.0.0.0:12387->12387/tcp ucp-metrics 378 B (virtual 92.2 MB)
- c10744df5ae4 docker/ucp-auth:2.1.4 "/usr/local/bin/en..." 2 days ago Restarting (1) 2 hours ago ucp-auth-worker 0 B (virtual 25.1 MB)
- 210e10f8dfa9 docker/ucp-auth-store:2.1.4 "rethinkdb --bind ..." 2 days ago Up 33 hours 0.0.0.0:12383-12384->12383-12384/tcp ucp-auth-store 0 B (virtual 58.7 MB)
- fd134e260859 docker/ucp-etcd:2.1.4 "/bin/etcd --data-..." 2 days ago Up 33 hours (healthy) 2380/tcp, 4001/tcp, 7001/tcp, 0.0.0.0:12380->12380/tcp, 0.0.0.0:12379->2379/tcp ucp-kv 0 B (virtual 38.5 MB)
- 5c4de0d61669 docker/ucp-cfssl:2.1.4 "/bin/ucp-ca serve..." 2 days ago Up 33 hours 0.0.0.0:12382->12382/tcp ucp-client-root-ca 0 B (virtual 15.1 MB)
- 81a2db8ee3f1 docker/ucp-agent:2.1.4 "/bin/ucp-agent pr..." 2 days ago Up 33 hours 0.0.0.0:12376->2376/tcp ucp-proxy 0 B (virtual 22.5 MB)
- root@centos7test]:/test # docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker/ucp-swarm 2.1.4 d8b51d6801e5 3 weeks ago 21 MB
- docker/ucp-metrics 2.1.4 e3e24ef156bd 3 weeks ago 92.2 MB
- docker/ucp-hrm 2.1.4 38a19323327d 3 weeks ago 14.8 MB
- docker/ucp-etcd 2.1.4 9aa382502e19 3 weeks ago 38.5 MB
- docker/ucp-controller 2.1.4 5a852aa3039e 3 weeks ago 28 MB
- docker/ucp-dsinfo 2.1.4 66ee9368796a 3 weeks ago 159 MB
- docker/ucp 2.1.4 7a28dbfc44e4 3 weeks ago 19.1 MB
- docker/ucp-cfssl 2.1.4 acdc1f147711 3 weeks ago 15.1 MB
- docker/ucp-compose 2.1.4 25775e989077 3 weeks ago 32.9 MB
- docker/ucp-auth-store 2.1.4 f27ad13dee6c 3 weeks ago 58.7 MB
- docker/ucp-agent 2.1.4 d716a096c331 3 weeks ago 22.5 MB
- docker/ucp-auth 2.1.4 1f4739cd3c08 3 weeks ago 25.1 MB
- hello-world latest 48b5124b2768 4 months ago 1.84 kB
- -------------------------------------------------------------------------
- ===============================================================================================
- - another import command, this time to create a media server (did this on a NB mediasvr w/svcs stopped):
- [root@centos7test test]# cat nb_mediasvr.tar | docker import - nbmediasvr
- sha256:61df98fce31a0655f283e0a1d9a94bc6309fcf4e6a59b38492785c525b36c549
- ===============================================================================================
- ===============================================================================================
- ---> Tuesday, June 20 **macvlan testing**:
- - NEED: Need the Docker container NB installations to be able to communicate directly on public IP addresses to other NB servers/clients on that public network.
- - PROBLEM: Docker containerized NB installations run into network connectivity issues when on 172. network while other NB servers/clients on a 192.168.1.0 network.
- - ENVIRO:
- - Docker physical host server: centos7test 192.168.1.70 (CentOS 7.3 physical server w/I7 CPU, 32GB RAM, various SSD internal storage)
- - NetBackup 8.0 physical master: chattypuma.acme.krt 192.168.1.55
- - Cisco network router: 192.168.1.1
- - Docker containers on NAT'd 172.17.0.0 network
- - Docker host ip a snippets:
- [root@centos7test ~]# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
- link/ether 60:a4:4c:24:a7:80 brd ff:ff:ff:ff:ff:ff
- inet 192.168.1.70/32 brd 192.168.1.70 scope global enp3s0
- valid_lft forever preferred_lft forever
- inet6 fe80::62a4:4cff:fe24:a780/64 scope link
- valid_lft forever preferred_lft forever
- 5: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
- link/ether 02:42:cc:b2:a4:27 brd ff:ff:ff:ff:ff:ff
- inet 172.18.0.1/16 scope global docker_gwbridge
- valid_lft forever preferred_lft forever
- inet6 fe80::42:ccff:feb2:a427/64 scope link
- valid_lft forever preferred_lft forever
- 6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
- link/ether 02:42:34:3b:0f:8b brd ff:ff:ff:ff:ff:ff
- inet 172.17.0.1/16 scope global docker0
- valid_lft forever preferred_lft forever
- inet6 fe80::42:34ff:fe3b:f8b/64 scope link
- valid_lft forever preferred_lft forever
- REFERENCE: http://blog.scottlowe.org/2016/01/28/docker-macvlan-interfaces/
- - create the macvlan network named mvln1 (where the public network is the entire 192.168.1.0 and default gateway (physical router) is 192.168.1.1 and the NIC on the physical Docker host server is enp3s0):
- docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
- [root@centos7test ~]# docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
- 6d168fc65358ae0d32673adc47bcfb9257db96dfbaac0bdd43b9686a29300af3
- - list docker networks:
- [root@centos7test ~]# docker network ls
- NETWORK ID NAME DRIVER SCOPE
- fc49a9cf4d03 bridge bridge local
- 65f7e49091c6 docker_gwbridge bridge local
- eb168770de9b host host local
- lri1vkb8v5nb ingress overlay swarm
- 6d168fc65358 mvln1 macvlan local
- 3fd9518912f1 none null local
- [root@centos7test ~]#
- [root@centos7test ~]# docker network inspect mvln1
- [
- {
- "Name": "mvln1",
- "Id": "6d168fc65358ae0d32673adc47bcfb9257db96dfbaac0bdd43b9686a29300af3",
- "Created": "2017-06-20T07:17:24.105548324-04:00",
- "Scope": "local",
- "Driver": "macvlan",
- "EnableIPv6": false,
- "IPAM": {
- "Driver": "default",
- "Options": {},
- "Config": [
- {
- "Subnet": "192.168.1.0/24",
- "Gateway": "192.168.1.1"
- }
- ]
- },
- "Internal": false,
- "Attachable": false,
- "Containers": {},
- "Options": {
- "host_iface": "enp3s0"
- },
- "Labels": {}
- }
- ]
- - now run a container and specify to use the new macvlan network:
- docker run -it --cap-add=NET_ADMIN --rm --net=mvln1--name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
- - ran into a problem running a container:
- [root@centos7test ~]# docker run -it --cap-add=NET_ADMIN --net=mvln1 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
- docker: Error response from daemon: Conflict. The container name "/nbmediasvr1" is already in use by container d487530b26700654fb07d6f420075d056c945ebda293c558471a37b243e2165c. You have to remove (or rename) that container to be able to reuse that name..
- See 'docker run --help'.
- - list running containers:
- [root@centos7test ~]# docker ps -l
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d487530b2670 61df98fce31a "/bin/bash" 2 weeks ago Exited (137) 2 weeks ago nbmediasvr1
- [root@centos7test ~]#
- - need to 'remove' the docker container by container ID:
- [root@centos7test ~]# docker rm d487530b2670
- d487530b2670
- [root@centos7test ~]#
- [root@centos7test ~]#
- - now it runs:
- [root@centos7test ~]# docker run -it --cap-add=NET_ADMIN --net=mvln1 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
- [root@nbmediasvr1 /]#
- ....but nbmediasvr1 cannot ping out, nor can it be pinged from outside.
- ------------ ------------ ------------ 2nd try below: ------------ ------------ ------------
- -- winner!:
- - reference: https://docs.docker.com/engine/userguide/networking/get-started-macvlan/#macvlan-bridge-mode-example-usage
- - delete prior attempt macvlan network:
- docker network rm mvln
- - create macvlan network to use public network 192.168.1.0, public gateway (it's a physical network router) 192.168.1.1, attached to the physical docker host NIC enp3s0:
- docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o host_iface=enp3s0 mvln1
- docker run -it --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 61df98fce31a /bin/bash
- SUCCESS!! Ping works from inside the Docker container!!!
- [root@nbmediasvr1 ~]# ping chattypuma
- PING chattypuma.acme.krt (192.168.1.55) 56(84) bytes of data.
- 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=1 ttl=64 time=1.50 ms
- 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=2 ttl=64 time=1.52 ms
- 64 bytes from chattypuma.acme.krt (192.168.1.55): icmp_seq=3 ttl=64 time=1.63 ms
- ^C
- --- chattypuma.acme.krt ping statistics ---
- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
- rtt min/avg/max/mdev = 1.507/1.554/1.634/0.072 ms
- [root@nbmediasvr1 ~]#
- Note: They solution involved changing the docker network create command to change the -o host_iface= to -host parent=, but I really think the true solution was the change in the docker run command of explicitly specifying an IP address for the container.
- =============================================================================================================
- June 22:
- ---- How to add a docker volume to be used for MSDP storage and other persistent items and then mount it in a container:
- - create volume:
- docker volume create --name msdp1
- - now run a container while calling for the msdp1 volume to be mounted in the container into directory '/msdp':
- docker run -it -v msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
- - if we have external disk storage mounted as /msdp1, then we would change the -v path like this:
- docker run -it -v /msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 --rm --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
- ------------- -------------- ------------- -------------- ------------- --------------
- ---- How to run a Docker container non-interactive:
- - Run container as a daemon (no interactive shell), the switches that allow this are the -i[t] and particularly -[d]:
- [root@centos7test ~]# docker run -it -v msdp1:/msdp --cap-add=NET_ADMIN --net=mvln1 --ip=192.168.1.34 -d --name=nbmediasvr1 --hostname=nbmediasvr1 bf143e15395f /bin/bash
- d92ceb34aee64d5441761f3f11e71569cada72ed927e3542471556d51a894e48
- note: if we had left off the 't' in the -it argument, then if we attach then detach the container will quit.
- To attach:
- 1. get the container id:
- [root@centos7test docker]# docker ps -l
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d92ceb34aee6 bf143e15395f "/bin/bash" 4 minutes ago Up 4 minutes nbmediasvr1
- 2. attach:
- [root@centos7test ~]# docker attach d92ceb34aee6
- To detach, type the following (which will leave the container running): ctrl+p+q
- ===============================================================================================
- -- login to a running container (open a bash prompt inside the container):
- 1. Get a list of containers, note the names:
- # docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 9638dbeef055 nicolaka/netshoot "/bin/bash -l" 8 hours ago Up 8 hours gracious_neumann
- 566af1ee4ab8 3bbb526d2608 "bash" 8 hours ago Up 8 hours debian
- 2. Run (typically 'docker exec -it <container name> /bin/bash' for Debian/Ubuntu, just run 'docker exec -it <container name> bash'):
- # docker exec -it debian bash
Add Comment
Please, Sign In to add comment