LINUX AND VMWARE STUFF

This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Thursday, January 18, 2018

Working with Docker Container - Returning low level information about a container

Thursday, January 18, 2018 0

Returning low-level information about a container

While doing the debugging, automation, and so on, we will need the container configuration details. Docker provides the inspect command to get those easily.

 To inspect a container/image, run the following command:
Syntax:
docker inspect [-f|--format="" CONTAINER|IMAGE [CONTAINER|IMAGE...]
We'll start a container and then inspect it:

 root@Docker:~# docker run -id centos /bin/bash
c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256

 root@Docker:~# docker inspect c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256

 [
    {
        "Id": "c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256",
        "Created": "2018-01-02T12:18:18.232317934Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,

     .........
    .........
}]

 Docker will look into the metadata and configuration for the given image or container and present it.

 With the -f | --format option we can use the Go (programming language) template to get the specific information. The following command will give us an IP address of the container:

 root@Docker:~# docker inspect --format='{{.NetworkSettings.IPAddress}}' c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256
172.17.0.4

 The following command will give us an Hostname Path of the container:

 root@Docker:~# docker inspect --format='{{.HostnamePath}}' c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256
/var/lib/docker/containers/c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256/hostname

 For help with the docker inspect use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Tuesday, January 16, 2018

Working with Docker Container - Getting privileged access inside a container

Tuesday, January 16, 2018 0

Getting privileged access inside a container

Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities (run man capabilities on a Linux-based system), which can be independently enabled and disabled. For example, the net_bind_service capability allows nonuser processes to bind the port below 1,024. By default, Docker starts containers with limited capabilities. With privileged access inside the container, we give more capabilities to perform operations normally done by root. For example, let's try to create a loopback device while mounting a disk image.

 Syntax : docker run --privileged [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...] 

 root@Docker:~# docker run --privileged -i -t centos /bin/bash
[root@89f516205250 /]#
[root@89f516205250 /]# dd if=/dev/zero of=disk.img bs=1M count=10 &> /dev/null
[root@89f516205250 /]# mkfs -t minix disk.img &> /dev/null
[root@89f516205250 /]# mount disk.img /mnt/
[root@89f516205250 /]# mount | grep -i disk
/var/lib/docker/aufs/diff/72bebd0aff7bf4dbbd74495a41884d3113f2dedbfcffa3c82256abced73b0b21/disk.img on /mnt type minix (rw,relatime)
[root@89f516205250 /]# df -hP | grep -i /mnt
/dev/loop0                   9.9M  1.0K  9.9M   1% /mnt
[root@89f516205250 /]# cd /mnt/
[root@89f516205250 mnt]# echo "This is docker test" > test
[root@89f516205250 mnt]# cat test
This is docker test

 This mode causes security risks as containers can get root-level access on the Docker host. With Docker 1.2 or new, two new flags --cap-add and --cap-del have been added to give fine-grained control inside a container. For example, to prevent any chown inside the container, use the following command:

  docker run --cap-drop=CHOWN [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...]
root@Docker:~# docker run --cap-drop=CHOWN  -i -t centos /bin/bash
[root@5c536ea0d181 /]# chown root:adm mnt
chown: changing ownership of 'mnt': Operation not permitted

 For help with the docker run use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Monday, January 15, 2018

Working with Docker Container - Deleting a container

Monday, January 15, 2018 0

Deleting a container

We can delete a container permanently, but before that we have to stop the container or use the force option. In this recipe, we'll start, stop, and delete a container.
Syntax : docker rm [ OPTIONS ] CONTAINER [ CONTAINER ]

 Let's first start a container, stop it, and then delete it using the following commands:

 root@Docker:~# id=`docker run -d -i centos /bin/bash`
root@Docker:~# docker stop $id
e62286794466459f2dd08d5f1cec0749187247ffabb5224d6b6b3aae334d4bf8
root@Docker:~# docker rm $id
e62286794466459f2dd08d5f1cec0749187247ffabb5224d6b6b3aae334d4bf8

 To forcefully delete a container without an intermediate stop, use the -f option.

 To delete all the containers, we first need to stop all the running containers and then remove them. Be careful before running the commands as these will delete both the running and the stopped containers:

 root@Docker:~# docker stop `docker ps -q`
root@Docker:~# docker rm `docker ps -q`

 For help with the docker rm use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Sunday, January 14, 2018

Basics of YAML - Ansible

Sunday, January 14, 2018 0

YAML

YAML, like many other data serialization languages (such as JSON), has very few, basic concepts:

 Declarations
Lists
Associative arrays

 A declaration is very similar to a variable in any other language, that is:
name: 'This is the name' 

 To create a list, we will have to use '-':
- 'item1' 
- 'item2' 
- 'item3' 
YAML uses indentation to logically divide parents from children. So if we want to create associative arrays (also known as objects), we would just need to add an indentation:

 item: 
  name: TheName 
  location: TheLocation 
Obviously, we can mix those together, that is:

 people: 
  - name: Jhon
    number: +91123456
    country: India
  - name: Cena
    number: +44763520 
    country: UK 
Those are the basics of YAML. YAML can do much more, but for now this will be enough.
Tags # Ansible Continue Reading
By v�o l�c No comments:
Labels:

Working with Docker Container - Stopping a container

Sunday, January 14, 2018 0

Stopping a container

We can stop one or more containers at once. In this recipe, we will first start a container and then stop it.
Syntax : docker stop [-t|--time[=10]] CONTAINER [CONTAINER...]

root@Docker:~# docker stop fb83a04222c7
fb83a04222c7

This will save the state of the container and stop it. It can be started again, if needed.

 To stop a container after waiting for some time, use the --time/-t option.

 To stop all the running containers run the following command:

 root@Docker:~# docker stop `docker ps -q`
5d950a3835d6
32238eabfac4

 For help with the docker stop use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Friday, January 12, 2018

Which command is used to run sudo commands without password

Friday, January 12, 2018 0
Command used to run sudo commands without password

 NAME
     sudo - execute a command as another user

sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

 But here option s is used to run the privileged commands without password.

 [nsk@testserver ~]$ sudo -s /etc/init.d/nslcd restart
Stopping nslcd:                                            [  OK  ]
Starting nslcd:                                              [  OK  ]
[nsk@testserver ~]$

 Here,
-s [command] The -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in the password database.  If a command is specified, it is passed to the shell for execution via the shell’s -c option.  If no command is specified, an interactive shell is executed.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Thursday, January 11, 2018

Working with Docker Container - Listing containers

Thursday, January 11, 2018 0

Listing containers

We can list both running and stopped containers.

 Syntax: docker ps [ OPTIONS ]
The Docker daemon can look at the metadata associated with the containers and list them down. By default, the command returns:

 The container ID
The image from which it got created
The command that was run after starting the container
The details about when it got created
The current status
The ports that are exposed from the container
The name of the container

 root@Docker:~# docker ps -a


To return just the container IDs of all the containers, use the -aq option as follows:
root@Docker:~# docker ps -aq
b613fbc39be2
e3bfe67aa175
8813d555d0dc
6d65e303381c
5d950a3835d6
32238eabfac4
d38d94f8b88c
ce065a026516
13b10b8f321d
40f35204ce70
1b6ecbd6a091
d1c871755f38

 To show the last created container, including the non-running container, run the following command:
root@Docker:~# docker ps -l
CONTAINER ID   IMAGE   COMMAND    CREATED       STATUS       PORTS  NAMES
b613fbc39be2      centos    "/bin/bash"     8 minutes ago  Up 8 minutes             sad_shannon

 For help with the docker ps use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels: