Docker

Install Docker Official

1
https://docs.docker.com/engine/install/ubuntu/

Uninstall old versions:

1
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

Install from apt repo:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update

Install Docker Packages:

1
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Setup Docker

Enable running docker commands without the use of sudo:

Check Groups for docker group:

1
cat /etc/group | grep docker

Add if not found:

1
sudo groupadd docker

Add user to docker group:

1
sudo usermod -aG docker $USER

Configure to start on boot with systemd:

1
2
sudo systemctl enable docker.service
sudo systemctl enable containerd.service

Docker Commands

Docker commands reference can be found here: docker command ref

Stop docker container

1
docker stop 

remove container

1
docker rm 

run container

1
docker run --name 

Stop all the containers

1
docker stop $(docker ps -a -q)

Remove all the containers

1
docker rm $(docker ps -a -q)

Enter shell of container

1
docker exec -it  bash

Show images already pulled by docker and stored locally

1
docker images

Start a shell session inside a new ubuntu container -t means terminal -i means interactive:

1
docker run -ti ubuntu bash

Enter a shell inside a running container:

1
docker exec -ti  bash

Find out which docker compose files created the running container:

1
docker inspect my-container --format '{{index .Config.Labels "com.docker.compose.project.working_dir"}}'

Look at docker logs:

1
docker logs 

Pull down docker container

1
docker pull 

Run docker container -d runs in detached mode so can use terminal after running -P forwards ports to the container from docker host

1
2
3
docker run -d -P  # run container
docker run -d -p 80:80  # run container specfiying what ports to expose on the host to the container
docker run -d -P  

inspect the container

1
docker container inspect 

Remove container image from host

1
docker rmi ubuntu

When running docker containers the run command will require extra options for containers with specific uses. Environment vairables can be added to a document container on startup using a .env file and the switch “–env-file=” in the run command

Docker High CPU usage

See what containers are using system resources:

1
2
docker stats --all
docker stats --all --format "table {{`{{.ID}}`}}\t{{`{{.Name}}`}}\t{{`{{.CPUPerc}}`}}\t{{`{{.MemUsage}}`}}"

Check specific container for process:

1
docker ps | grep 

Check the logs for high cpu use container:

1
docker logs --tail 100 

Follow live logs:

1
docker logs --follow 

restart docker container:

1
docker restart 

Template docker-compose file Docs

Also see some other templates:awesome-compose github

Inspect Container by namespace

get process id of container:

1
2
CONTAINER_PID=$(pgrep  | sort | head -n 1) #gets PID of container
sudo lsns -p ${CONTAINER_PID} #gets all namespaces for the process

Info about the namespaces:

mnt (Mount) - the container has an isolated mount table.
uts (UNIX Time-Sharing) - the container is able to have its own hostname and domain name.
ipc (Interprocess Communication) - processes inside the container can communicate via system-level IPC only to processes inside the same container.
pid (Process ID) - processes inside the container are only able to see other processes inside the same container or inside the same pid namespace.
net (Network) - the container gets its own set of network devices, IP protocol stacks, port numbers, etc.
cgroup (Cgroup) - the container has its own virtualized view of cgroups (not to be confused with cgroups themselves).

Copy Files into container

To copy files into/outof a running container use the docker cp command:

1
2
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH

Export file system of container

1
2
3
4
CONT_ID=$(docker create nginx:latest) #get container id
docker export ${CONT_ID} -o nginx.tar.gz # export container to tarball

docker export $(docker create nginx:latest) | tar -xC  # oneliner to extract to destinatin folder

Enable Remote control for docker

Configure the Docker daemon on the remote server to listen on a TCP port. Edit the Docker service file (usually located at /lib/systemd/system/docker.service) to include the following:

1
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375

Clean Up Overlay files

Check used space:

1
2
3
4
docker system df

# for a detailed view 
docker system df -v 

Clear Unused docker objects:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#WARNING! This will remove:
#        - all stopped containers
#        - all networks not used by at least one container
#        - all dangling images
#        - all build cache
docker system prune -a -f

#Prune docker containers
docker container prune

#Prune docker volumes
docker volume prune

Check disk usage:

1
2
3
df -h 

du -sch /var/lib/docker/overlay2

Modify Log management config files:

1
2
3
4
5
6
7
8
# Edit the daemon.json file 
vi /etc/docker/daemon.json 

# Add the following entries 
{ "log-driver":"json-file", "log-opts": {"max-size":"3m", "max-file":"1"} } 

# Restart the Docker daemon 
systemctl daemon-reload systemctl restart docker

Completely rebuild docker state:

1
2
3
4
5
# You are entering the danger zone - this will delete data
sudo -s
systemctl stop docker
rm -rf /var/lib/docker
systemctl start docker

Linux Linux Administration