Friday, July 17, 2015

How to expose docker container's ip and port to outside docker host without port mapping?

http://stackoverflow.com/questions/25036895/how-to-expose-docker-containers-ip-and-port-to-outside-docker-host-without-port
You can accomplish this with virtual interface(s) on the host.
First, add a virtual interface on the host that has a different IP address than the primary interface. We'll call the primary interface eth0 with IP 10.0.0.10, and the virtual interface eth0:1 with IP address 10.0.0.11.
 ifconfig eth0:1 10.0.0.11 netmask 255.255.255.0 up
Now run the containers and map port 5000 to the corresponding interface. For example:
docker run -p 10.0.0.10:5000:5000 -name container1  
docker run -p 10.0.0.11:5000:5000 -name container2
Now you can access each container on port 5000 using different IP addresses externally.

- OR -

When creating a VM make sure that the following are selected under networking
    Attached to:        Bridged NetworkManager
    Adapter Type:       PCnet-Fast III (Am 79C973)
    Promiscious Mode    Allow All

RHEL 6.5 / Fedora 20
    Install docker, libvrt

    Make sure the following are done using root
        # chkconfig NetworkManager off
        # chkconfig network on  
        # service NetworkManager stop
        # service network start

    create file ifcfg-xxxxx in /etc/sysconfig/network-scripts
        DEVICE=xxxxx
        TYPE=Bridge
        BOOTPROTO=dhcp
        ONBOOT=yes
        DELAY=0

    and append to ifcfg-p2p1 / ifcfg-eth0 at the end of the file BRIDGE=xxxx

Restart the VM
    run 
    brctl show 
    to make sure the bridged connected has an adapter either p2p1 or eth0
    e.g.
        # brctl show
        bridge name     bridge id               STP enabled     interfaces
        gsbr01          8000.080027595649       no              eth0
        virbr0          8000.5254004c1564       yes             virbr0-nic

    now before starting docker we have to use our bridge and not docker0 to do that 

    run docker as
        docker -d -b=gsbr01

    $ echo 'DOCKER_OPTS="-b=gsbr01"' >> /etc/sysconfig/docker
    $ sudo service docker start


    # brctl show
    bridge name     bridge id               STP enabled     interfaces
    gsbr01          8000.080027595649       no              eth0
                                                            veth5806f27
                                                            vethb3e33da
    virbr0          8000.5254004c1564       yes             virbr0-nic

docker -d -b=gsbr01
Posted by at 1 comment:
Labels:

How to change docker0 net interface using bridge

https://docs.docker.com/articles/networking/#building-your-own-bridge

Building your own bridge

If you want to take Docker out of the business of creating its own Ethernet bridge entirely, you can set up your own bridge before starting Docker and use -b BRIDGEor --bridge=BRIDGE to tell Docker to use your bridge instead. If you already have Docker up and running with its old docker0 still configured, you will probably want to begin by stopping the service and removing the interface:
# Stopping Docker and removing docker0

$ sudo service docker stop
$ sudo ip link set dev docker0 down
$ sudo brctl delbr docker0
$ sudo iptables -t nat -F POSTROUTING
Then, before starting the Docker service, create your own bridge and give it whatever configuration you want. Here we will create a simple enough bridge that we really could just have used the options in the previous section to customize docker0, but it will be enough to illustrate the technique.
# Create our own bridge

$ sudo brctl addbr bridge0
$ sudo ip addr add 192.168.5.1/24 dev bridge0
$ sudo ip link set dev bridge0 up

# Confirming that our bridge is up and running

$ ip addr show bridge0
4: bridge0:  mtu 1500 qdisc noop state UP group default
    link/ether 66:38:d0:0d:76:18 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.1/24 scope global bridge0
       valid_lft forever preferred_lft forever

# Tell Docker about it and restart (on Ubuntu)

$ echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/default/docker
$ sudo service docker start

# Confirming new outgoing NAT masquerade is set up

$ sudo iptables -t nat -L -n
...
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.5.0/24      0.0.0.0/0
The result should be that the Docker server starts successfully and is now prepared to bind containers to the new bridge. After pausing to verify the bridge’s configuration, try creating a container — you will see that its IP address is in your new IP address range, which Docker will have auto-detected.
Just as we learned in the previous section, you can use the brctl show command to see Docker add and remove interfaces from the bridge as you start and stop containers, and can run ip addr and ip route inside a container to see that it has been given an address in the bridge’s IP address range and has been told to use the Docker host’s IP address on the bridge as its default gateway to the rest of the Internet.
Posted by at No comments:
Labels:

Tuesday, July 14, 2015

How to create file between container and host in Docker

https://medium.com/@gchudnov/copying-data-between-docker-containers-26890935da3f


Copying data between Docker containers


When running docker there are use-cases when you need to copy files and folders into the container or between containers.

There is a `docker cp` command available since the Docker 1.0 that allows you to copy files and folders out of the container. However, if you need to copy from the host to a container or between containers you’re out of luck now. At least, `docker cp` doesn't support that.

One could create a new image each time or mount a data volume, but it is much faster to copy a bunch of files to the running container.

Docker 1.7.0 should have an extended `docker cp` command to support copying data to containers. Until that, you can use one of the alternative solutions.
In this article, I present you a workaround that relies solely on `docker cp` and `docker exec` to partially fill-in the feature we’re missing.
We consider three file copy scenarios:
  • from a container’s filesystem to the host path (available, Docker 1.0)
  • from the host path to a container’s filesystem (upcoming, Docker 1.7)
  • from one container to the other (upcoming, Docker 1.7)
You can skip the implementation details below and get the source code at the bottom of the article.

http://stackoverflow.com/questions/22907231/copying-files-from-host-to-docker-container

The cleanest way is to mount a host dir on the container before running your command.

{host} docker run -v /path/to/hostdir:/mnt $container
{host} docker exec -it $container bash
{container} cp /mnt/sourcefile /path/to/destfile

- or -

$ cd /tmp/somefiles
$ tar -cv * | docker exec -i elated_hodgkin tar x -C /var/www
 
- or -
 
tar -cf - foo.sh | docker exec -i theDockerContainer /bin/tar -C /tmp -xf -
Copies the file foo.sh into /tmp of the container.


 
 
Posted by at No comments:
Labels:

Saturday, July 11, 2015

Where are docker images stored locally ?

http://blog.thoward37.me/articles/where-are-docker-images-stored/

Local Storage on the Docker Host

So far I've been explaining the intricacies of remote storage, and how that relates to the confusing vocabulary, but running docker images shows you only what is local to your machine.
Where is this stuff? The first place to look is in /var/lib/docker/.

Open up the file repositories to find a JSON list of the repositories on your host:
$ sudo cat /var/lib/docker/repositories | python -mjson.tool
{
    "Repositories": {
        "ubuntu": {
            "12.04": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
            "12.10": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
            "latest": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
            "precise": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
            "quantal": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc"
        }
    }
}
 
Hey, that matches the output from docker images!
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              12.04               8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)
ubuntu              latest              8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)
ubuntu              precise             8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)
ubuntu              12.10               b750fe79269d        8 months ago        24.65 kB (virtual 179.7 MB)
ubuntu              quantal             b750fe79269d        8 months ago        24.65 kB (virtual 179.7 MB)
Posted by at No comments:
Labels:

How to enter a Docker

https://blog.codecentric.de/en/2014/07/enter-docker-container/

nsenter
The nsenter tool is part of the util-linux package since version 2.23. It provides access to the namespace of another process. nsenter requires root privileges to work properly. Unfortunately, util-linux is still at version 2.20 in Ubuntu 14.04.

To install the latest version (2.24) proceed as follows:
cd /tmp
curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf-
cd util-linux-2.24
./configure --without-ncurses
make nsenter
cp nsenter /usr/local/bin
 
In order to connect to a container, you have to find out the PID of the first process in the container.
docker inspect --format "{{ .State.Pid }}" <container-id>
With that PID you can connect to the container:
nsenter --target $PID --mount --uts --ipc --net --pid
Posted by at No comments:
Labels:

Docker nsenter

https://blog.docker.com/tag/nsenter/

Introducing nsenter

nsenter is a small tool allowing to enter into namespaces. Technically, it can enter existingnamespaces, or spawn a process into a new set of namespaces. “What are those namespaces you’re blabbering about?” They are one of the essential constituants of containers. The short version is: with nsenter, you can get a shell into an existing container, even if that container doesn’t run SSH or any kind of special-purpose daemon.

Where do I get nsenter?

Check jpetazzo/nsenter on GitHub. The short version is that if you run:
docker run -v /usr/local/bin:/target jpetazzo/nsenter
This will install nsenter in /usr/local/bin and you will be able to use it immediately. nsenter might also be available in your distro (in the util-linux package).

How do I use it?

First, figure out the PID of the container you want to enter:
PID=$(docker inspect --format {{.State.Pid}} )
Then enter the container:
nsenter --target $PID --mount --uts --ipc --net --pid
You will get a shell inside the container. That’s it. If you want to run a specific script or program in an automated manner, add it as argument tonsenter. It works a bit like chroot, except that it works with containers instead of plain directories.



Reference:

Backup data, check logs, restart service ... use volume
https://docs.docker.com/userguide/dockervolumes/


Posted by at No comments:
Labels:

Saturday, May 2, 2015

Java String

http://javaconceptoftheday.com/tutorial-examples-strings-in-java/

Time taken by String class : 429 ms
Time taken by StringBuffer class : 2 ms
Time taken by StringBuilder class : 0 ms

Therefore, when you are performing lots of string concatenation in your application, it is better to use StringBuffer class (if you need thread safety) or StringBuilder class (If you don’t need thread safety).
Time taken by String class : 429 ms
Time taken by StringBuffer class : 2 ms
Time taken by StringBuilder class : 0 ms
Therefore, when you are performing lots of string concatenation in your application, it is better to use StringBuffer class (if you need thread safety) or StringBuilder class (If you don’t need thread safety).
- See more at: http://javaconceptoftheday.com/stringbuffer-stringbuilder-string-class/#sthash.jQ0l5vUm.dpuf
Time taken by String class : 429 ms
Time taken by StringBuffer class : 2 ms
Time taken by StringBuilder class : 0 ms
Therefore, when you are performing lots of string concatenation in your application, it is better to use StringBuffer class (if you need thread safety) or StringBuilder class (If you don’t need thread safety).
- See more at: http://javaconceptoftheday.com/stringbuffer-stringbuilder-string-class/#sthash.jQ0l5vUm.dpuf
Time taken by String class : 429 ms
Time taken by StringBuffer class : 2 ms
Time taken by StringBuilder class : 0 ms
Therefore, when you are performing lots of string concatenation in your application, it is better to use StringBuffer class (if you need thread safety) or StringBuilder class (If you don’t need thread safety).
- See more at: http://javaconceptoftheday.com/stringbuffer-stringbuilder-string-class/#sthash.jQ0l5vUm.dpuf
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)