LINUX AND VMWARE STUFF

This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Saturday, January 20, 2018

Working with Docker Container - Accessing the host device inside the container

Saturday, January 20, 2018 0

Accessing the host device inside the container

 we can give access of the host device to a container with the --device option to the run command. Earlier, one has bind mount it with the -v option and that had to be done with the --privileged option.

Syntax :
     docker run --device=<Host Device>:<Container Device Mapping>:<Permissions>   [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...]

#docker run --device=/dev/sdc:/dev/xvdc -i -t centos /bin/bash

The preceding command will access /dev/sdc inside the container.

For help with the docker run use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Friday, January 19, 2018

Working with Docker Container - Exposing a port while starting a container

Friday, January 19, 2018 0

Exposing a port while starting a container

There are a number of ways by which ports on the container can be exposed. One of them is through the run command, which we will cover in this chapter. The other ways are through the Docker file and the --link command.

 Syntax:  docker run --expose=PORT [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...]

 to expose port 22 while starting a container, run the following command:

 root@Docker:~# docker run --expose=22 -i -t centos /bin/bash
[root@88a0e1ab48df /]#
root@Docker:~# docker ps
CONTAINER ID  IMAGE   COMMAND  CREATED          STATUS            PORTS       NAMES
88a0e1ab48df    centos     "/bin/bash"   27 seconds ago  Up 26 seconds   22/tcp  amazing_bohr

 For help with the docker run use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Thursday, January 18, 2018

Working with Docker Container - Looking at the logs of containers

Thursday, January 18, 2018 0

Looking at the logs of containers

If the container emits logs or output on STDOUT/STDERR, then we can get them without logging into the container.

 Syntax : docker logs  CONTAINER

 root@Docker:~# docker logs centos
[root@6d65e303381c /]# uptime
 04:07:13 up  1:02,  0 users,  load average: 0.02, 0.01, 0.00
[root@6d65e303381c /]# hostname
6d65e303381c
[root@6d65e303381c /]# exit
root@Docker:~#

 Docker will look at the container's specific log file from /var/lib/docker/containers/<Container ID> and show the result.

 For help with the docker logs use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Working with Docker Container - Returning low level information about a container

Thursday, January 18, 2018 0

Returning low-level information about a container

While doing the debugging, automation, and so on, we will need the container configuration details. Docker provides the inspect command to get those easily.

 To inspect a container/image, run the following command:
Syntax:
docker inspect [-f|--format="" CONTAINER|IMAGE [CONTAINER|IMAGE...]
We'll start a container and then inspect it:

 root@Docker:~# docker run -id centos /bin/bash
c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256

 root@Docker:~# docker inspect c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256

 [
    {
        "Id": "c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256",
        "Created": "2018-01-02T12:18:18.232317934Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,

     .........
    .........
}]

 Docker will look into the metadata and configuration for the given image or container and present it.

 With the -f | --format option we can use the Go (programming language) template to get the specific information. The following command will give us an IP address of the container:

 root@Docker:~# docker inspect --format='{{.NetworkSettings.IPAddress}}' c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256
172.17.0.4

 The following command will give us an Hostname Path of the container:

 root@Docker:~# docker inspect --format='{{.HostnamePath}}' c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256
/var/lib/docker/containers/c5f6ce3b5d2f82bb7a2bbc82b0b71bc2130ceb4caf163afbf5883cfbb150f256/hostname

 For help with the docker inspect use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Tuesday, January 16, 2018

Working with Docker Container - Getting privileged access inside a container

Tuesday, January 16, 2018 0

Getting privileged access inside a container

Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities (run man capabilities on a Linux-based system), which can be independently enabled and disabled. For example, the net_bind_service capability allows nonuser processes to bind the port below 1,024. By default, Docker starts containers with limited capabilities. With privileged access inside the container, we give more capabilities to perform operations normally done by root. For example, let's try to create a loopback device while mounting a disk image.

 Syntax : docker run --privileged [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...] 

 root@Docker:~# docker run --privileged -i -t centos /bin/bash
[root@89f516205250 /]#
[root@89f516205250 /]# dd if=/dev/zero of=disk.img bs=1M count=10 &> /dev/null
[root@89f516205250 /]# mkfs -t minix disk.img &> /dev/null
[root@89f516205250 /]# mount disk.img /mnt/
[root@89f516205250 /]# mount | grep -i disk
/var/lib/docker/aufs/diff/72bebd0aff7bf4dbbd74495a41884d3113f2dedbfcffa3c82256abced73b0b21/disk.img on /mnt type minix (rw,relatime)
[root@89f516205250 /]# df -hP | grep -i /mnt
/dev/loop0                   9.9M  1.0K  9.9M   1% /mnt
[root@89f516205250 /]# cd /mnt/
[root@89f516205250 mnt]# echo "This is docker test" > test
[root@89f516205250 mnt]# cat test
This is docker test

 This mode causes security risks as containers can get root-level access on the Docker host. With Docker 1.2 or new, two new flags --cap-add and --cap-del have been added to give fine-grained control inside a container. For example, to prevent any chown inside the container, use the following command:

  docker run --cap-drop=CHOWN [ OPTIONS ]  IMAGE[:TAG]  [COMMAND]  [ARG...]
root@Docker:~# docker run --cap-drop=CHOWN  -i -t centos /bin/bash
[root@5c536ea0d181 /]# chown root:adm mnt
chown: changing ownership of 'mnt': Operation not permitted

 For help with the docker run use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Monday, January 15, 2018

Working with Docker Container - Deleting a container

Monday, January 15, 2018 0

Deleting a container

We can delete a container permanently, but before that we have to stop the container or use the force option. In this recipe, we'll start, stop, and delete a container.
Syntax : docker rm [ OPTIONS ] CONTAINER [ CONTAINER ]

 Let's first start a container, stop it, and then delete it using the following commands:

 root@Docker:~# id=`docker run -d -i centos /bin/bash`
root@Docker:~# docker stop $id
e62286794466459f2dd08d5f1cec0749187247ffabb5224d6b6b3aae334d4bf8
root@Docker:~# docker rm $id
e62286794466459f2dd08d5f1cec0749187247ffabb5224d6b6b3aae334d4bf8

 To forcefully delete a container without an intermediate stop, use the -f option.

 To delete all the containers, we first need to stop all the running containers and then remove them. Be careful before running the commands as these will delete both the running and the stopped containers:

 root@Docker:~# docker stop `docker ps -q`
root@Docker:~# docker rm `docker ps -q`

 For help with the docker rm use --help
Tags # Docker Continue Reading
By v�o l�c No comments:
Labels:

Sunday, January 14, 2018

Basics of YAML - Ansible

Sunday, January 14, 2018 0

YAML

YAML, like many other data serialization languages (such as JSON), has very few, basic concepts:

 Declarations
Lists
Associative arrays

 A declaration is very similar to a variable in any other language, that is:
name: 'This is the name' 

 To create a list, we will have to use '-':
- 'item1' 
- 'item2' 
- 'item3' 
YAML uses indentation to logically divide parents from children. So if we want to create associative arrays (also known as objects), we would just need to add an indentation:

 item: 
  name: TheName 
  location: TheLocation 
Obviously, we can mix those together, that is:

 people: 
  - name: Jhon
    number: +91123456
    country: India
  - name: Cena
    number: +44763520 
    country: UK 
Those are the basics of YAML. YAML can do much more, but for now this will be enough.
Tags # Ansible Continue Reading
By v�o l�c No comments:
Labels: