Tag Archives: docker

JavaOne – Docker 101 Workshop

Posted on by
Reply

“Docker 101 Workshop”

Speaker: Eric Smalling

For more blog posts from JavaOne, see the table of contents

Used docker in the cloud on play-with-docker.com. The one used in class won’t be available after JavaOne, but they also have a training site that looks open.

VM vs Container

  • Not a VM – creates a binary artifact, underlying architecture is different
  • A VM is like a house – protection from outsiders (door/lock), own infrastructure (plumbing, foundation), minimum features (bedroom, bathroom). If want new VM, duplicate resources because like getting a new house.
  • Containers like Docker are like an apartment. They have protection (doorman), shared infrastructure (plumbing), come in different sizes within same building (studio, 1 bedroom, penthouse), can be very small (studio), isolate apps from each other (apartment door lock)
  • Containers come with base image, standardized packaging.
  • All containers share same OS Kernel; available for all major Linux distributions, Windows 2016 server and IBM mainframes

Docker

  • Build – dev env, Ship – create and store images, run – deploy/manage/scale
  • Can develop on exactly same container. No differences between Dev/QA/Prod
  • Immutable deployed artifact
  • Store artifacts in registry – repo for Docker images
  • Docker offers a trusted registry for Enterprise customers.

Terms

  • Docker Trusted Registry – store and distribute images
  • Docker Universal Control Plane – Web based management CaaS (containers as a service) – Swarm connects multiple Docker instances. Adds security/access control. Integrates with LDAP.
  • Docker Image – contains everything needed to run
  • Docker Container – standard unit in which app services resides
  • Docker Engine – Creates/ships/runs Docker containers
  • Service – an app or part of an app that provides a specific function
  • Stack – Represents multi-service applications. Made up of one or more services

Basic commands

These are the verbose commands for clarity

  • docker image pull account/dockerName:latest – pull latest dockerName from account – gets from docker web by default
  • docker image ls – list what pulled/built
  • docker container run -d -p portX:portY –name dockerName account/dockerName:latest – run detached (-d) run on port x and send to port y
  • docker container ps – the container running
  • docker container stop dockerName (or container id) – stop from running
  • docker container rm dockerName (or container id) – so don’t pile up
  • docker image rm account/dockerName:latest (or image id) – remove from local system to save space in cache
  • docker build -t account/dockerName:version . – build an image from your machine and tag
  • docker image push account/dockerName:version – push to docker hub

Dockerfile

  • Instructions on how to build a docker image
  • Looks similar to “native” commands
  • Important to optimize
  • Common for run commands to span lines. Can use \ to continue on new line for readability and ; to run multiple commands together
  • Each line in dockerfile adds a new layer. By combining run commands you minimize layers. This makes the image smaller and cleaner.
  • Commands
    • First line is “FROM dockerName:version” – this is the starting point for your image. Like a parent
    • RUN … – run a shell command in image building
    • COPY x y – copy from your machine (or where running the docker file) to VM location
    • EXPOSE port – tell container to expose port
    • CMD [a, b] – run the application

Lab 1

In GitHub, did task 1 together and then task 2 on our own.

Interesting facts

  • Using alpine Linux as base because small
  • If image doesn’t have account name (ex alpine vs joe:alpine), means it is a trusted/official image. Ex: mySql, Jenkins.
  • The Docker store has certified images which is a higher level of validation. Certified means supported/commercial.
  • Important to do all setup in Dockerfile so can recreate image on demand
  • Great learning moment about the dangers of using “latest” – need to use mysql 5.5 instead of latest because “latest” has a bug where mysql doesn’t start

Commands (this lab shows how to run a container for a single command, interactively and for a long running task)

  • docker container run alpine hostname – run hostname command in alpine vm
  • docker container ls – currently running containers
  • docker container ls -a – all containers; not just those running
  • docker container ps – works same as “ls” but only applies to containers. “ls” allows command to be equivalent for images and other types
  • docker container run –interactive –tty –rm ubuntu bash – opens root bash shell in image and remove the container when the container stops
  • docker container run \
    –detach \
    –name mydb \
    -e MYSQL_ROOT_PASSWORD=my-secret-pw \
    mysql:5.5 – run a container in detached mode with an easy to type name and an environment variable [remember to not to use this approach for a real password]
  • docker container logs mydb – see logs
  • docker container top mydb – shows processes
  • docker exec -it mydb \
    mysql \
    –user=root \
    –password=$MYSQL_ROOT_PASSWORD \
    –version – execute command inside the running container in an interactive shell to find out the running version

Lab 2

This lab builds an image from what we pulled from github, run it and delete it.

I learned

  • Our docker hub account id is just used for a namespace here since we aren’t pushing it. Like maven install vs maven deploy. Or like git commit vs git push.
  • Tab autocomplete works for container names!
  • Can run Linux VM on Windows host
  • Can’t run Windows VM on Linux host

Commands in lab 2

  • docker image build –tag boyarsky/linux_tweet_app:1.0 .
  • docker container run –detach –publish 80:80 –name linux_tweet_app boyarsky/linux_tweet_app:1.0
  • docker container rm –force linux_tweet_app

Layers

  • Example layers – kernel, OS, install, upgrade
  • An image is a giant tarball made up of layers
  • When create an image, there is a thin read/write layer on top. It is for things changed while running container.
  • Looks for a file from top to bottom so finds first matching one.
  • This is why layers remove extra files as last command to run. That way don’t have things don’t need. Saves space and search time.
  • When start a container, a writeable layer added on top.
  • When update image, Docker sees that it has all layers but new one so doesn’t need to re-download everything.

Volumes

  • For persisted data like logs or sharing data between containers.
  • Persists after container deleted unless explicitly delete.
  • Ex: Jenkins work directory
  • Can create in Dockerfile or via CLI
  • docker volume create volName – create volume
  • docker run -d -v volName:/path name ls /path – run container and list contents of volume
  • Use volumes to mount local code in running container – docker container run -v $(pwd):/path
  • Improves performance because avoids copy on write

Lab 3

Playing with volumes. (Lab 3 also has pushing to dockerhub but we didn’t get that far)

Commands in lab 3

  • docker container run \
    –detach \
    –publish 80:80 \
    –name linux_tweet_app \
    –mount type=bind,source=”$(pwd)”,target=/usr/share/nginx/html \
    boyarsky/linux_tweet_app:1.0 – use a bind mount which allows container to see directory on the underlying machine
  • cp index-new.html index.html – update file in underlying directory
  • docker rm –force linux_tweet_app – start over
  • docker container run \
    –detach \
    –publish 80:80 \
    –name linux_tweet_app \
    boyarsky/linux_tweet_app:1.0 – start without volume
  • docker rm –force linux_tweet_app – start over again
  • docker image build –tag boyarsky/linux_tweet_app:2.0 . – increment version since last time
  • docker image ls – see both versions 1.0 and 2.0
  • docker container run \
    –detach \
    –publish 80:80 \
    –name linux_tweet_app \
    boyarsky/linux_tweet_app:2.0
  • docker container run \
    –detach \
    –publish 8080:80 \
    –name old_linux_tweet_app \
    boyarsky/linux_tweet_app:1.0 – run with different name and port
  • docker image ls -f reference=”boyarsky/*” – list all with this account
  • docker login
  • docker image push boyarsky/linux_tweet_app:1.0 – push/publish
  • docker image push boyarsky/linux_tweet_app:2.0 – push/publish other version

My take: I was (just barely) able to complete the lab. I feel like I learned the basics and have a good kick off point when ready to acquire more hands on knowledge.

using docker on mac to run java 9

Posted on by
Reply

Last week, I was trying to install Java 9 when I messed up my Mac and had to recover using Time Machine. I didn’t have difficulty using the Java 8 preview. Anyway, I realized I should be using a VM for Java 9 so this doesn’t happen again.

Conveniently, I was reading a book about Docker on the plane when I was traveling right after that. Which meant I had a use case for installing Docker on my home machine. It was easy and I went from not having Docker installed to being able to use it for Java 9 in under 30 minutes.

Installing

Since Mac isn’t Linux, the first step is to install the Docker Toolbox for OS X. This uses half a gig of disk space. Which is fair since it is running a VM.  Overall, the Docker getting started docs for Mac are excellent. It took a few minutes the first time I ran the Docker Quickstart Client as I saw:

Creating CA: /Users/nyjeanne/.docker/machine/certs/ca.pem
Creating client certificate: /Users/nyjeanne/.docker/machine/certs/cert.pem
Running pre-create checks...
Creating machine...
(default) Copying /Users/nyjeanne/.docker/machine/cache/boot2docker.iso to /Users/nyjeanne/.docker/machine/machines/default/boot2docker.iso...
(default) Creating VirtualBox VM...
(default) Creating SSH key...
(default) Starting the VM...
(default) Check network to re-create if needed...
(default) Found a new host-only adapter: "vboxnet1"
(default) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: /usr/local/bin/docker-machine env default
##         .
## ## ##        ==
## ## ## ## ##    ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
\______ o           __/
\    \         __/
\____\_______/
docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com

Initial test

I ran:

docker run hello-world

It worked as expected. Pretty easy.

Java 9 beta container

Finding the relevant library on DockerHub was pretty easy. There is an official Java library.

First I accidentally ran docker with only the tag:

docker run openjdk-9

It probably isn’t a surprise that I got an error. It just wasn’t the error I expected:

docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.

Luckily, a github issue helped. I needed to set the environment variables. The issue said to run:

eval $(docker-machine env default)

I ran the docker-machine command first so I knew what I was evaluating. It was harmless

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/Users/nyjeanne/.docker/machine/machines/default"
export DOCKER_MACHINE_NAME="default"
# Run this command to configure your shell:
# eval $(docker-machine env default)

Then I got the message I was expecting:

Unable to find image 'openjdk-9:latest' locally
Pulling repository docker.io/library/openjdk-9
docker: Error: image library/openjdk-9 not found.
See 'docker run --help'.

Running the command correctly was far more productive:

docker run java:openjdk-9

It started downloading the container. While it was downloading, it looked like:

52e20300f877: Downloading 20.54 MB/52.71 MB
a3ed95caeb02: Download complete
fb4c7723b752: Download complete
45c1fd7a2514: Download complete
d12ad3d1f060: Download complete
80f5aeb42fe5: Download complete
a6fac263fca7: Download complete
8cb87a5d8c56: Downloading 15.12 MB/215.8 MB

And when it was done, I had:

Unable to find image 'java:openjdk-9' locally
openjdk-9: Pulling from library/java
52e20300f877: Pull complete
a3ed95caeb02: Pull complete
fb4c7723b752: Pull complete
45c1fd7a2514: Pull complete
d12ad3d1f060: Pull complete
80f5aeb42fe5: Pull complete
a6fac263fca7: Pull complete
8cb87a5d8c56: Pull complete
Digest: sha256:49a691b3e64950a45a45dbac6fde08636bded81acf4a36807d12208d3d3af293
Status: Downloaded newer image for java:openjdk-9

Then I ran it interactive mode so I could test jshell:

docker run -i java:openjdk-9

By default, there is no prompt, but you can type unix commands. I typed

jshell

To get out of jshell, you type /exit and to get of the container, you type exit.

End to end success

This is pretty easy when you aren’t doing it wrong:

nyjeanne$ docker run -i java:openjdk-9
javac -version
javac 9-internal
jshell
May 02, 2016 12:17:02 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
|  Welcome to JShell -- Version 9-internal
|  For an introduction type: /help intro
jshell> 1+2
1+2
$1 ==> 3
jshell> new File("abc")
new File("abc")
$2 ==> abc
 
jshell> java.util.stream.Stream.of(11, 2, 16).sorted().findFirst()
java.util.stream.Stream.of(11, 2, 16).sorted().findFirst()
$3 ==> Optional[2]
 
jshell> /exit
/exit
|  Goodbye
exit

Initial impressions of JShell

Granted it isn’t released yet, but I’m not more impressed with JShell than I was with Nashorn’s jjs. There’s still no tab autocompleted or up arrow support. And while there are a couple imports included by default, NIO and Streams packages are not in that list.