Docker

Distributing software should not be hard. Docker tries to achieve that goal.

A Docker image defines what software is included and how it will be run.

A Docker container is a running instance of an image.

A container is not installed.

A claim of Docker is that an application that runs on Docker runs on every Docker installation, everywhere.

Dockerfiles

Dockerfiles usually are small files, perhaps 5 to 30 lines.

A Dockerfile is used to create a Docker image.

Unable to login to docker, TLS-enabled daemon without TLS?

Problem was: user was not added to the docker group.

Docker image

Docker images are, by default, located under /var/lib/docker.

Remove 'old' containers

docker ps -a
docker rm ......

Check if installation is working

$ docker run hello-world
…
Hello from Docker!
This message shows that your installation appears to be working correctly.
…

Error message: Got permission denied while trying to connect to the Docker daemon socket …

A possible reason for the error message Got permission denied while trying to connect to the Docker daemon socket at unix:////var/run/docker.sock is that the user trying to execute a docker command is not in the docker group.

In this case, adding the current user ($USER) to this group will solve the issue:

sudo Linux/shell/commands/usermod -aG docker $USER

When the user logs in again (or changes to the docker group with newgrp - docker), the docker commands should now be executable.

quay.io

quay.io is like a github for Docker images.

Installing

Apparently, docker can be installed with

curl -sSL https://get.docker.com | sh

wget -qO- https://get.docker.com | sh

On Ubuntu:

sudo apt-get install docker.io

TODO

A user should be in the docker group:

sudo usermod -aG docker

Apparently, there's a docker service that should/must/could be started:

sudo service docker start

How does Docker relate to Snap?

scratch

$ docker pull scratch
Using default tag: latest
Error response from daemon: 'scratch' is a reserved name

Processes

Start a container with a couple of processes:

Run a new docker container (with the first process /bin/sh):

$ docker run --rm -it --name alpine-ps-test alpine /bin/sh

Start a second process (in the background so that …

/ # sleep 101 &

… the third process can be started in parallel):

/ # sleep 102
/ #

Find processes in the host

In a shell on the host: find the processes that contain sleep 10\d in their arguments, and print their parent process id:

$ ps a -o pid,ppid,tty,args | grep -P 'sleep 10\d'
  13804   13697 pts/0    sleep 101
  13805   13697 pts/0    sleep 102

The parent process is /bin/sh that started the sleep commands. Its parent process is 13678:

$ ps p 13697 -o pid,ppid,tty,args
    PID    PPID TT       COMMAND
  13697   13678 pts/0    /bin/sh

Find the parent process again:

$ ps p 13678 -o pid,ppid,tty,args
    PID    PPID TT       COMMAND
  13678       1 ?        /usr/bin/containerd-shim-runc-v2 -namespace moby -id f2789b4f06090dc6a4cbea3d3d9ca1c70a2700bf4ca23c02bbc64843a690a9b8 -address /run/containerd/containerd.sock

The mapping between of the «host» PID and the container PID is found in

$ cat /proc/13804/status | grep NSpid