diff --git a/Docker/Dockerfile b/Docker/Dockerfile index a191143..9bfdacc 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -7,7 +7,7 @@ MAINTAINER myself@mydomain.org # if already downloaded you can use COPY instead COPY owncloud-7.0.15.tar.bz2 /var/www/html/ RUN cd /var/www/html/ && tar xfj owncloud-7.0.15.tar.bz2 && rm -f owncloud-7.0.15.tar.bz2 -COPY config.php /var/www/html/owncloud/config/ +#COPY config.php /var/www/html/owncloud/config/ RUN mkdir -p /data/owncloud RUN chown -R apache:apache /var/www/html/owncloud /data/owncloud RUN yum install -y php-mysql diff --git a/Docker/README.md b/Docker/README.md index e3e5789..72f1085 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -1,16 +1,20 @@ # Docker Lab Contents -The goal of this lab is to install and use Docker to become familiar with Linux based containers and handle some of the common use cases around it. By the end of this lab you will have created a Web application comprised of a number of micro-services. +The goal of this lab is to install and use Docker to become familiar with Linux based containers and handle some of the common use cases around it. -## Lab Writers and Trainers +## Lab Writers - Bruno.Cornec@hpe.com - - Rene.Ribaud@hpe.com + - Rene.Ribaud@cgi.com + +## Lab Trainer + - Rene.Ribaud@cgi.com + - Abdelmajid.Laachachi@cgi.com Table of Contents ================= - * [Docker Lab Contents](#docker-lab-contents) - * [Lab Writers and Trainers](#lab-writers-and-trainers) + * [Lab Writers](#lab-writers-and-trainers) + * [Lab Trainers](#lab-writers-and-trainers) * [Objectives of the Docker Lab](#objectives-of-the-docker-lab) * [Reference documents](#reference-documents) * [Note on Linux commands](#note-on-linux-commands) @@ -33,7 +37,7 @@ Table of Contents * [Installing Docker Swarm](#installing-docker-swarm) * [Installing on CentOS 7](#installing-on-centos-7) * [Installing the engine in the Cloud](#installing-the-engine-in-the-cloud) - * [Using Docker Swarm to make our configuration available and scalable](#using-docker-swarm-to-make-our-configuration-available-and-scalable) + * [Using Docker Swarm to make our configuration available and scalable](#using-docswarm-to-make-our-configuration-available-and-scalable) * [CentOS 7](#centos-7) * [Ubuntu](#ubuntu) * [Deploy a cloud native application.](#deploy-a-cloud-native-application) @@ -44,7 +48,7 @@ At the end of the Lab students should be able to install Docker, use the CLI to This Lab is intended to be trial and error so that during the session students should understand really what is behind the tool. Blindly following instructions is not an effective way to learn IMHO. You've been warned ;-) -Expected duration : 120 minutes +Expected duration : 90 minutes ## Reference documents When dealing with the installation and configuration of Docker, the first step is to check the reference Web site http://docker.io/: @@ -68,10 +72,12 @@ This command will create the text file `fileToCreate` and populate it with the l You can display the content of the created file with the command `cat fileToCreate`. -In order to append text to the file, the first `>` can be replaced with `>>`. +In order to append text to the file, the first `>` can be replaced with `>>`. If you prefer, you can edit the files using **vim** or **nano** text editors. + + ## Docker installation Docker is available externally from http://docs.docker.com/linux/step_one/ or using your distribution packages, or from github at https://github.com/docker/docker -Version 17.03 is the current stable release. This lab requires at least version 1.7. +Version 18.03 is the current stable release. This lab requires at least version 1.7. Ask to your instructor which Linux distribution will be used for the Lab (Ubuntu or CentOS). Then refer to the corresponding instructions below. @@ -121,62 +128,77 @@ Other distributions should be as easy to deal with once the same packages have b ### Ubuntu installation If you work on an Ubuntu environment for the Lab, you may want to use apt to do the installation of Docker with all its dependencies. As Ubuntu provides an old version of Docker, we will use a PPA providing a more up to date version: -#### 17.04 +#### 16.04 -`#` **`sudo apt-get update`** +`#` **`sudo apt update`** -`#` **`sudo apt-get install apt-transport-https ca-certificates curl software-properties-common`** +`#` **`sudo apt install apt-transport-https ca-certificates curl software-properties-common`** `#` **`curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -`** -`#` **`sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu zesty stable"`** - -Note: (instead of 17.04 use $(lsb_release -cs) for another version - -`#` **`sudo apt-get update`** - -`#` **` sudo apt-get install docker-ce`** +`#` `sudo add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable"` -#### 14.04 +`#` **`sudo apt update`** -`#` **`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9`** +`#` **` sudo apt install docker-ce`** -`#` **`echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/Docker.list`** - -`#` **`apt-get update`** - -`#` **`apt-get install lxc-docker`** ``` Reading package lists... Done -Building dependency tree +Building dependency tree Reading state information... Done -The following extra packages will be installed: - aufs-tools cgroup-lite git git-man liberror-perl patch +The following package was automatically installed and is no longer required: + grub-pc-bin +Use 'sudo apt autoremove' to remove it. +The following additional packages will be installed: + aufs-tools cgroupfs-mount libltdl7 pigz Suggested packages: - btrfs-tools debootstrap lxc rinse git-daemon-run git-daemon-sysvinit git-doc - git-el git-email git-gui gitk gitweb git-arch git-bzr git-cvs git-mediawiki - git-svn diffutils-doc + mountall The following NEW packages will be installed: - aufs-tools cgroup-lite lxc-docker git git-man liberror-perl patch -0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded. -Need to get 7,640 kB of archives. -After this operation, 46.9 MB of additional disk space will be used. + aufs-tools cgroupfs-mount docker-ce libltdl7 pigz +0 upgraded, 5 newly installed, 0 to remove and 32 not upgraded. +Need to get 34.2 MB of archives. +After this operation, 182 MB of additional disk space will be used. Do you want to continue? [Y/n] y -Get:1 http://fr.archive.ubuntu.com/ubuntu/ trusty/universe aufs-tools amd64 1:3.2+20130722-1.1 [92.3 kB] -Get:2 https://get.docker.io/ubuntu/ docker/main lxc-docker-1.7.0 amd64 1.7.0 [4,962 kB] -[...] -Fetched 7,640 kB in 8s (884 kB/s) +Get:1 http://lon1.mirrors.digitalocean.com/ubuntu xenial/universe amd64 pigz amd64 2.3.1-2 [61.1 kB] +Get:2 http://lon1.mirrors.digitalocean.com/ubuntu xenial/universe amd64 aufs-tools amd64 1:3.2+20130722-1.1ubuntu1 [92.9 kB] +Get:3 https://download.docker.com/linux/ubuntu xenial/stable amd64 docker-ce amd64 18.03.1~ce-0~ubuntu [34.0 MB] +Get:4 http://lon1.mirrors.digitalocean.com/ubuntu xenial/universe amd64 cgroupfs-mount all 1.2 [4,970 B] +Get:5 http://lon1.mirrors.digitalocean.com/ubuntu xenial/main amd64 libltdl7 amd64 2.4.6-0.1 [38.3 kB] +Fetched 34.2 MB in 1s (31.9 MB/s) +Selecting previously unselected package pigz. +(Reading database ... 54428 files and directories currently installed.) +Preparing to unpack .../pigz_2.3.1-2_amd64.deb ... +Unpacking pigz (2.3.1-2) ... Selecting previously unselected package aufs-tools. -(Reading database ... 54255 files and directories currently installed.) -Preparing to unpack .../aufs-tools_1%3a3.2+20130722-1.1_amd64.deb ... -Unpacking aufs-tools (1:3.2+20130722-1.1) ... -[...] -Setting up lxc-docker (1.7.0) ... -Adding group docker' (GID 111) ... -Done. -[...] +Preparing to unpack .../aufs-tools_1%3a3.2+20130722-1.1ubuntu1_amd64.deb ... +Unpacking aufs-tools (1:3.2+20130722-1.1ubuntu1) ... +Selecting previously unselected package cgroupfs-mount. +Preparing to unpack .../cgroupfs-mount_1.2_all.deb ... +Unpacking cgroupfs-mount (1.2) ... +Selecting previously unselected package libltdl7:amd64. +Preparing to unpack .../libltdl7_2.4.6-0.1_amd64.deb ... +Unpacking libltdl7:amd64 (2.4.6-0.1) ... +Selecting previously unselected package docker-ce. +Preparing to unpack .../docker-ce_18.03.1~ce-0~ubuntu_amd64.deb ... +Unpacking docker-ce (18.03.1~ce-0~ubuntu) ... +Processing triggers for man-db (2.7.5-1) ... +Processing triggers for libc-bin (2.23-0ubuntu10) ... +Processing triggers for ureadahead (0.100.0-19) ... +Processing triggers for systemd (229-4ubuntu21.2) ... +Setting up pigz (2.3.1-2) ... +Setting up aufs-tools (1:3.2+20130722-1.1ubuntu1) ... +Setting up cgroupfs-mount (1.2) ... +Setting up libltdl7:amd64 (2.4.6-0.1) ... +Setting up docker-ce (18.03.1~ce-0~ubuntu) ... +Processing triggers for libc-bin (2.23-0ubuntu10) ... +Processing triggers for systemd (229-4ubuntu21.2) ... +Processing triggers for ureadahead (0.100.0-19) ... ``` + ### CentOS installation If you work on a CentOS 7 environment for the Lab, you may want to use yum to do the installation of Docker with all its dependencies. Add the repo provided by the Docker project (which is requiring 7.2 at least, but not by CentOS if you use that variant): @@ -207,91 +229,166 @@ EOF ``` `#` **`yum install docker-engine`** -```none -Loaded plugins: product-id, search-disabled-repos, subscription-manager -This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. +``` +Loaded plugins: fastestmirror +Determining fastest mirrors + * base: mirror.denit.net + * extras: centos.mirror.triple-it.nl + * updates: mirrors.supportex.net +base | 3.6 kB 00:00:00 +dockerrepo | 2.9 kB 00:00:00 +extras | 3.4 kB 00:00:00 +updates | 3.4 kB 00:00:00 +(1/5): base/7/x86_64/group_gz | 166 kB 00:00:00 +(2/5): extras/7/x86_64/primary_db | 149 kB 00:00:00 +(3/5): dockerrepo/primary_db | 34 kB 00:00:00 +(4/5): updates/7/x86_64/primary_db | 2.7 MB 00:00:00 +(5/5): base/7/x86_64/primary_db | 5.9 MB 00:00:00 Resolving Dependencies --> Running transaction check ----> Package docker-engine.x86_64 0:1.11.2-1.el7.centos will be installed ---> Processing Dependency: docker-engine-selinux >= 1.11.2-1.el7.centos for package: docker-engine-1.11.2-1.el7.centos.x86_64 ---> Processing Dependency: libcgroup for package: docker-engine-1.11.2-1.el7.centos.x86_64 ---> Processing Dependency: libltdl.so.7()(64bit) for package: docker-engine-1.11.2-1.el7.centos.x86_64 -[...] +---> Package docker-engine.x86_64 0:17.05.0.ce-1.el7.centos will be installed +--> Processing Dependency: docker-engine-selinux >= 17.05.0.ce-1.el7.centos for package: docker-engine-17.05.0.ce-1.el7.centos.x86_64 +--> Processing Dependency: libltdl.so.7()(64bit) for package: docker-engine-17.05.0.ce-1.el7.centos.x86_64 +--> Running transaction check +---> Package docker-engine-selinux.noarch 0:17.05.0.ce-1.el7.centos will be installed +---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed +--> Finished Dependency Resolution + +Dependencies Resolved -============================================================================================================ - Package Arch Version Repository Size -============================================================================================================ +========================================================================================================= + Package Arch Version Repository Size +========================================================================================================= Installing: - docker-engine x86_64 1.11.2-1.el7.centos dockerrepo 13 M + docker-engine x86_64 17.05.0.ce-1.el7.centos dockerrepo 19 M Installing for dependencies: - audit-libs-python x86_64 2.4.1-5.el7 base 69 k - checkpolicy x86_64 2.1.12-6.el7 base 247 k - docker-engine-selinux noarch 1.11.2-1.el7.centos dockerrepo 28 k - libcgroup x86_64 0.41-8.el7 base 64 k - libsemanage-python x86_64 2.1.10-18.el7 base 94 k - libtool-ltdl x86_64 2.4.2-20.el7 base 49 k - policycoreutils-python x86_64 2.2.5-20.el7 base 435 k - python-IPy noarch 0.75-6.el7 base 32 k - setools-libs x86_64 3.3.7-46.el7 base 485 k + docker-engine-selinux noarch 17.05.0.ce-1.el7.centos dockerrepo 28 k + libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k Transaction Summary -============================================================================================================ -Install 1 Package (+9 Dependent packages) +========================================================================================================= +Install 1 Package (+2 Dependent packages) -Total download size: 15 M -Installed size: 59 M +Total download size: 20 M +Installed size: 70 M Is this ok [y/d/N]: y -Downloading packages:. -[...] +Downloading packages: +warning: /var/cache/yum/x86_64/7/base/packages/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY +Public key for libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm is not installed +(1/3): libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm | 49 kB 00:00:00 +warning: /var/cache/yum/x86_64/7/dockerrepo/packages/docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 2c52609d: NOKEY +Public key for docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch.rpm is not installed +(2/3): docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch.rpm | 28 kB 00:00:00 +(3/3): docker-engine-17.05.0.ce-1.el7.centos.x86_64.rpm | 19 MB 00:00:00 +--------------------------------------------------------------------------------------------------------- +Total 23 MB/s | 20 MB 00:00:00 +Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +Importing GPG key 0xF4A80EB5: + Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) " + Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 + Package : centos-release-7-5.1804.el7.centos.x86_64 (installed) + From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +Is this ok [y/N]: y +Retrieving key from https://yum.dockerproject.org/gpg +Importing GPG key 0x2C52609D: + Userid : "Docker Release Tool (releasedocker) " + Fingerprint: 5811 8e89 f3a9 1289 7c07 0adb f762 2157 2c52 609d + From : https://yum.dockerproject.org/gpg +Is this ok [y/N]: y +Running transaction check +Running transaction test +Transaction test succeeded +Running transaction + Installing : docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch 1/3 +Re-declaration of type docker_t +Failed to create node +Bad type declaration at /etc/selinux/targeted/tmp/modules/400/docker/cil:1 +/usr/sbin/semodule: Failed! +restorecon: lstat(/var/lib/docker) failed: No such file or directory +warning: %post(docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch) scriptlet failed, exit status 255 +Non-fatal POSTIN scriptlet failure in rpm package docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch + Installing : libtool-ltdl-2.4.2-22.el7_3.x86_64 2/3 + Installing : docker-engine-17.05.0.ce-1.el7.centos.x86_64 3/3 + Verifying : libtool-ltdl-2.4.2-22.el7_3.x86_64 1/3 + Verifying : docker-engine-17.05.0.ce-1.el7.centos.x86_64 2/3 + Verifying : docker-engine-selinux-17.05.0.ce-1.el7.centos.noarch 3/3 + +Installed: + docker-engine.x86_64 0:17.05.0.ce-1.el7.centos + +Dependency Installed: + docker-engine-selinux.noarch 0:17.05.0.ce-1.el7.centos libtool-ltdl.x86_64 0:2.4.2-22.el7_3 + +Complete! ``` -`#` **`systemctl start docker`** ### Check installation +`#` **`systemctl start docker`** + +`#` **`systemctl status docker`** Check that the correct version is installed and operational: `#` **`docker --version`** ``` -Docker version 1.11.2, build b9f10c9 +Docker version 18.05.0-ce, build f150324 ``` +Note : The version could be different on your system. + + `#` **`docker info`** ``` +Docker version 18.03.1-ce, build 9ee9f40 +root@ubuntu-s-1vcpu-1gb-ams3-01:~# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 -Server Version: 1.11.2 -Storage Driver: devicemapper - Pool Name: docker-253:2-130978-pool - Pool Blocksize: 65.54 kB - Base Device Size: 10.74 GB - Backing Filesystem: xfs - Data file: /dev/loop0 - Metadata file: /dev/loop1 - Data Space Used: 11.8 MB - Data Space Total: 107.4 GB -[...] +Server Version: 18.03.1-ce +Storage Driver: overlay2 + Backing Filesystem: extfs + Supports d_type: true + Native Overlay Diff: true +Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: null host bridge -Kernel Version: 3.10.0-327.el7.x86_64 -Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) + Network: bridge host macvlan null overlay + Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog +Swarm: inactive +Runtimes: runc +Default Runtime: runc +Init Binary: docker-init +containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88 +runc version: 4fc53a81fb7c994640722ac585fa9ca548971871 +init version: 949e6fa +Security Options: + apparmor + seccomp + Profile: default +Kernel Version: 4.4.0-127-generic +Operating System: Ubuntu 16.04.4 LTS OSType: linux Architecture: x86_64 -CPUs: 6 -Total Memory: 15.39 GiB -Name: lab3.labossi.hpintelco.org -ID: JFU6:LTUL:UOB2:4NEE:IZFC:FZK7:INUC:7ABM:JRVG:NQOS:VSXH:4XMG +CPUs: 1 +Total Memory: 992.2MiB +Name: ubuntu-s-1vcpu-1gb-ams3-01 +ID: S4G4:D455:RMO3:2ZWS:5YIU:YUBE:HJFY:WEX2:CVUX:C6ZB:T3HS:X4M2 Docker Root Dir: /var/lib/docker -Debug mode (client): false -Debug mode (server): false +Debug Mode (client): false +Debug Mode (server): false Registry: https://index.docker.io/v1/ -WARNING: bridge-nf-call-iptables is disabled -WARNING: bridge-nf-call-ip6tables is disabled +Labels: +Experimental: false +Insecure Registries: + 127.0.0.0/8 +Live Restore Enabled: false + +WARNING: No swap limit support ``` + `#` **`docker `** [Display online help] @@ -330,16 +427,18 @@ For more examples and ideas, visit: http://docs.docker.com/userguide/ ``` -So we've got a success! Of course, we do not really go far, but what can you expect from an hello-world example ;-) +So we've got a success! Of course, we do not really go far, but what can you expect from an hello-world example ;-) However, we can get some info on our modified Docker environment: -`#` **`docker images`** +`#` **`docker images`** or `docker image ls` + +Note : Command line has been refined in order to be more conscistant, the first command is the legacy one. The second command is the new behavior. ``` REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE hello-world latest 91c95931e552 10 weeks ago 910 B ``` -`#` **`docker ps -a`** +`#` **`docker ps -a`** or `docker container ls -a` ``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4dba332aec93d hello-world "/hello" 14 minutes ago Exited (0) 14 minutes ago cocky_hopper @@ -364,18 +463,17 @@ In order to have a more interesting environment, we'll now look for existing con `#` **`docker search fedora`** ``` -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -fedora Official Fedora 22 base image 175 [OK] -tutum/fedora Fedora image with SSH access. 7 [OK] +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +fedora Official Docker builds of Fedora 665 [OK] +mattdm/fedora A basic Fedora image corresponding roughly t… 49 [...] ``` `#` **`docker pull fedora`** ``` -latest: Pulling from fedora -48ecf305d2cf: Pull complete -ded7cd95e059: Already exists -fedora:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security. -Digest: sha256:10ba981a70632d7764c21deae25c6521db6d39730e1dd8caff90719013858a7b +Using default tag: latest +latest: Pulling from library/fedora +e71c36a80ba9: Pull complete +Digest: sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39 Status: Downloaded newer image for fedora:latest ``` @@ -383,62 +481,53 @@ Once the container image has been downloaded we can view it in our catalog of im `#` **`docker images`** ``` -REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE -fedora latest ded7cd95e059 4 weeks ago 186.5 MB -hello-world latest 91c95931e552 10 weeks ago 910 B +root@ubuntu-s-1vcpu-1gb-ams3-01:~# docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +fedora latest cc510acfcd70 6 weeks ago 253MB +hello-world latest e38bc07ac18e 2 months ago 1.85kB ``` This content is called an image and will serve as the base to create the operational container (here based on Fedora) in which we will process data: -`#` **`docker run -ti ded7cd95e059 /bin/bash`** +`#` **`docker run -ti cc510acfcd70 /bin/bash`** `[root@ad9b474525d0 /]#` **`cat /etc/fedora-release`** ``` -Fedora release 22 (Twenty Two) +Fedora release 28 (Twenty Eight) ``` -`[root@ad9b474525d0 /]#` **`yum install -y wget`** +`[root@ad9b474525d0 /]#` **`dnf install -y wget`** ``` -Yum command has been deprecated, redirecting to '/usr/bin/dnf install wget'. -[...] -Fedora 22 - x86_64 3.7 MB/s | 41 MB 00:11 -Fedora 22 - x86_64 - Updates 1.7 MB/s | 9.7 MB 00:05 -Last metadata expiration check performed 0:00:04 ago on Tue Jun 30 10:38:14 2015. +Last metadata expiration check: 0:00:55 ago on Sun Jun 17 20:16:57 2018. Dependencies resolved. -========================================================================== - Package Arch Version Repository Size -========================================================================== +========================================================================================================= + Package Arch Version Repository Size +========================================================================================================= Installing: - libicu x86_64 54.1-1.fc22 fedora 8.4 M - libpsl x86_64 0.7.0-3.fc22 fedora 50 k - wget x86_64 1.16.3-1.fc22 fedora 577 k + wget x86_64 1.19.5-1.fc28 updates 719 k Transaction Summary -========================================================================== -Install 3 Packages +========================================================================================================= +Install 1 Package -Total download size: 9.0 M -Installed size: 31 M +Total download size: 719 k +Installed size: 2.8 M Downloading Packages: -(1/3): libpsl-0.7.0-3.fc22.x86_64.rpm 16 kB/s | 50 kB 00:03 -(2/3): wget-1.16.3-1.fc22.x86_64.rpm 176 kB/s | 577 kB 00:03 -(3/3): libicu-54.1-1.fc22.x86_64.rpm 1.8 MB/s | 8.4 MB 00:04 --------------------------------------------------------------------------- -Total 1.4 MB/s | 9.0 MB 00:06 +wget-1.19.5-1.fc28.x86_64.rpm 8.7 MB/s | 719 kB 00:00 +--------------------------------------------------------------------------------------------------------- +Total 700 kB/s | 719 kB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction - Installing : libicu-54.1-1.fc22.x86_64 1/3 -warning: Unable to get systemd shutdown inhibition lock - Installing : libpsl-0.7.0-3.fc22.x86_64 2/3 - Installing : wget-1.16.3-1.fc22.x86_64 3/3 - Verifying : wget-1.16.3-1.fc22.x86_64 1/3 - Verifying : libpsl-0.7.0-3.fc22.x86_64 2/3 - Verifying : libicu-54.1-1.fc22.x86_64 3/3 + Preparing : 1/1 + Installing : wget-1.19.5-1.fc28.x86_64 1/1 + Running scriptlet: wget-1.19.5-1.fc28.x86_64 1/1 +install-info: No such file or directory for /usr/share/info/wget.info.gz + Verifying : wget-1.19.5-1.fc28.x86_64 1/1 Installed: - libicu.x86_64 54.1-1.fc22 libpsl.x86_64 0.7.0-3.fc22 wget.x86_64 1.16.3-1.fc22 + wget.x86_64 1.19.5-1.fc28 Complete! @@ -449,11 +538,13 @@ Linux ad9b474525d0 3.16.0-41-generic #57~14.04.1-Ubuntu SMP Thu Jun 18 18:01:13 ``` If you're on a CentOS distribution it will rather be: ``` -Linux ad9b474525d0 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux +Linux centos-s-1vcpu-1gb-ams3-01 3.10.0-862.2.3.el7.x86_64 #1 SMP Wed May 9 18:05:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux ``` -So you checked that your container behaves like a Fedora 22 distribution. Only the kernel is shared between the Docker host and the Docker container. Open another console to view how this container has been created ans is seen: +So you checked that your container behaves like a Fedora 28 distribution. Only the kernel is shared between the Docker host and the Docker container. + +Open another console to view how this container has been created and is seen: `#` **`docker ps`** ``` @@ -506,6 +597,9 @@ FROM centos:6 RUN yum install -y httpd EOF ``` + +Note : `cat Dockerfile` to see file content + `#` **`docker build .`** ``` Sending build context to Docker daemon 12.8 kB @@ -672,6 +766,9 @@ MAINTAINER myself@mydomain.org CMD httpd EOF ``` + +Note : `cat Dockerfile` to see file content + `#` **`docker build .`** ``` Sending build context to Docker daemon 12.8 kB @@ -719,6 +816,8 @@ EXPOSE 80 EOF ``` +Note : This is not mandatory, as this is only metadata for the image. However it will help people to know the exposed port of your image. + `#` **`docker build .`** ``` [...] @@ -740,15 +839,15 @@ Modify again the Dockerfile to add owncloud to our image: `#` **`cat >> Dockerfile << EOF`** ``` RUN yum install -y tar bzip2 -ADD http://labossi.hpintelco.net/owncloud-7.0.15.tar.bz2 /var/www/html/ -# Add this only if before docker engone 17.03 -# RUN cd /var/www/html/ && tar xvfj owncloud-7.0.15.tar.bz2 && rm -f owncloud-7.0.15.tar.bz2 +ADD https://download.owncloud.org/community/7.0/owncloud-7.0.15.tar.bz2 /var/www/html/ +RUN cd /var/www/html/ && tar xvfj owncloud-7.0.15.tar.bz2 && rm -f owncloud-7.0.15.tar.bz2 EOF ``` We can directly point to a URL, Docker will download the content and extract it in place. -Try now to connect to your owncloud instance. The URL is http://10.3.222.X/owncloud if we host the lab or http://localhost/owncloud if you run it locally. +Try now to connect to your owncloud instance. The URL is http://your_ip/owncloud from remote location or http://localhost/owncloud if you run it locally. -![Owncloud failed](/Docker/img/owncloud_without_dep.png) + +![Owncloud failed](img/owncloud_without_dep.png) 1. What happens? 2. What should you do next to solve the issue ? **Discuss with your trainer if you're stuck !** @@ -757,7 +856,11 @@ Hint, you probably need to add the owncloud dependencies to be able to launch it **`RUN yum install -y php php-dom php-mbstring php-pdo php-gd`** -With that you should be able to use owncloud ! (Note that you need to use that version with CentOS 6 for a PHP dependency management) But we're not done yet !!! +With that you should be able to use owncloud ! (Note that you need to use that version with CentOS 6 for a PHP dependency management) + +![Owncloud setup](/Docker/img/owncloud_setup.png) + +But we're not done yet !!! If you log on to your owncloud instance, and start customizing it (login/passwd for admin, storage path), you'll have errors first, that we'll fix later on and then if you `Docker stop` and `Docker rm` the container to relaunch it again, of course, none of this customization will be kept as it's not part of your container content. So we now have to deal with storage management for our Docker container. First we need to solve the error generated when you tried to configure your owncloud instance. We had rights issues. Use the following command to help solve the issue: @@ -766,14 +869,15 @@ So we now have to deal with storage management for our Docker container. First w `#` **`docker exec b42f9f6f1034 ps auxww | grep httpd`** -The principle is that the owner of the httpd process should have the rights on the owncloud directory to read and store files there. So modify you Dockerfile accordingly and retest. +The principle is that the owner of the httpd process should have the rights on the owncloud directory to read and store files there. ** So modify you Dockerfile accordingly and retest **. Now you should be able to customize your owncloud instance and start using it. + By now you have probably remarked that the ADD order is done each time, without any benefit from the cache management of Docker. Also you have to each time deal with IDs for containers and images, which is not that convenient. Let's fix that. Download the owncloud tar file in your directory and modify the ADD line: -`#` **`wget http://labossi.hpintelco.net/owncloud-7.0.15.tar.bz2`** +`#` **`wget https://download.owncloud.org/community/7.0/owncloud-7.0.15.tar.bz2`** -`#` **`perl -pi -e 's|ADD http://labossi.hpintelco.net/owncloud-7.0.15.tar.bz2|COPY owncloud-7.0.15.tar.bz2|' Dockerfile`** +`#` **`perl -pi -e 's|ADD https://download.owncloud.org/community/7.0/owncloud-7.0.15.tar.bz2|COPY owncloud-7.0.15.tar.bz2|' Dockerfile`** `#` **`docker build -t owncloud .`** @@ -812,9 +916,12 @@ CONTAINER ID IMAGE COMMAND CREATED Now reload the owncloud configuration page in your browser, but this time configure the data folder as in the following screen shot: -![Owncloud Setup](/Docker/img/owncloud.png) + +![Owncloud Setup](img/owncloud.png) + +** If you encounter issues you need to adapt your environment so that the apache user is allowed to write on to the /data directory. ** -If you encounter issues you need to adapt your environment so that the apache user is allowed to write on to the /data directory. Your current Dockerfile should look like this at that point: +Your current Dockerfile should look like this at that point: `#` **`cat Dockerfile`** ``` @@ -833,7 +940,7 @@ EXPOSE 80 ``` Move the example text file you created earlier to your ownClould Documents folder so you can see the file and view the file in ownCloud. -`#` **`mv /data/myfile.txt /data/bruno/files/Documents`** +`#` **`mv /data/myfile.txt /data/bruno/files/documents`** Open the Documents folder in the ownCloud Web UI. Confirm that the myfile.txt example file is present and then view the contents to check that they match what you created earlier. @@ -859,6 +966,7 @@ cca4a1776ef12b256616e69a29753202efe0b1af5dd64fecfb638d2a797b234e 2. Knowing that the owncloud configuration data are located under `/var/www/html/owncloud/config/config.php` try to adapt the Dockerfile to solve that last issue. **Discuss with your trainer if you're stuck !** Note : there is more than one way to solve this. + # Using Docker compose Docker compose is a tool part of the Docker ecosystem. @@ -867,6 +975,7 @@ This is mainly due to the Docker philosophy to use one container per service. Another benefit is to define the container running parameters within a YAML configuration file. + -## Our first docker-compose.yml file -Now we have a working docker-compose, we need to create an application environment and our first **docker-compose.yml** configuration file. +## Quickly setup a new clean environment -Create the build environment by moving all our previous stuffs into a folder: +1. Deploy a Docker Ubuntu 18.04 droplet using the lab interface. +2. Create a new folder called owncloud and jump to it. +``` +mkdir owncloud && cd owncloud +``` +3. Get the Dockerfile from the project and owncloud sources. You can use on your droplet. +``` +wget https://raw.githubusercontent.com/uggla/Labs/master/Docker/Dockerfile` +wget https://download.owncloud.org/community/7.0/owncloud-7.0.15.tar.bz2 +``` +4. Build the image +``` +docker build -t owncloud . +``` +5. Run a container with this image +``` +docker run -d -p 80:80 --name owncloud owncloud +``` +6. Allow port 80 on the firewall +``` +ufw allow 80 +``` +7. Connect with a browser the owncloud instance (http:///owncloud), you should see the owncloud setup page. -`#` **`mkdir owncloud`** +8. Destroy the created container to release port 80 and continue on with the lab. -`#` **`mv Dockerfile owncloud-7.0.15.tar.bz2 config.php owncloud`** +**Call your trainer if you're stuck !** -`#` **`cd owncloud`** +## Our first docker-compose.yml file +Now we have a working Dockerfile, we need to create an application environment and our first **docker-compose.yml** configuration file. -Now we can create our configuration file. We will use the new v2.0 format instead of the legacy one. The v2.0 was created to extend functionalities and can be activated by specifying the release at the top of the file. +In order to create our configuration file. We will use the new v3.0 format instead of the legacy one. The v3.0 was created to extend functionalities and can be activated by specifying the release at the top of the file. -Note : Of course old docker-compose binaries don't manage v2.0. +Note : Of course old docker-compose binaries don't manage v3.0, you can support information [here](https://docs.docker.com/compose/compose-file/#compose-and-docker-compatibility-matrix) `#` **`cat > docker-compose.yml << EOF`** ``` -version: '2' +version: '3' services: web: build: . @@ -914,7 +1046,7 @@ services: EOF ``` -The above file asks to docker-compose to define a web service that will be built from our Dockerfile, to expose port 80 and to map /data on the host to /data in the container. +The above file asks docker-compose to define a web service that will be built from our Dockerfile, then expose port 80 and map /data on the host to /data in the container. We can now start our application using: @@ -930,7 +1062,7 @@ CONTAINER ID IMAGE COMMAND CREATED 2573be6f1401 owncloud_web "/bin/sh -c '/usr/sbi" 35 seconds ago Up 34 seconds 0.0.0.0:80->80/tcp owncloud_web_1 ``` -Our application starts and should work the same way as previously. However it is much simpler because we don't need to define ports and storage mapping, also the YAML file can be held in and this information can be managed in Configuration Management System. +Our application starts and should work the same way as previously. However it is much simpler because we don't need to define ports and storage mapping from the command line, also the YAML file can be held in and this information can be managed in Configuration Management System. You can also note that the container name is defined as `application_service_number` (owncloud_web_1) @@ -945,7 +1077,7 @@ Removing network owncloud_default Check what happens to the container. -Ok that's cool, but it is not really a big change. +Ok that's cool, but it is not really a big change so far. ## Going further with docker-compose.yml @@ -955,11 +1087,9 @@ As mentioned during the setup (below), this is convenient for a limited installa ![Owncloud sqlite setup](/Docker/img/owncloud_setup.png) -In order to install owncloud on another database: +In order to install owncloud on a mysql/mariadb database: - 1. Wipe `config.php` to have the setup page proposed again by the application. - 2. Add the `php-mysql` package to your Dockerfile in the relevant part. - 3. Start the application but use `docker-compose up -d --build` to force the rebuild of the Dockerfile. + 1. `php-mysql` package has been added to the Dockerfile. ![Owncloud sqlite setup](/Docker/img/owncloud_setup_db.png) @@ -969,7 +1099,7 @@ Of course it requires some information about the compose-file format. Documentat 1. Try to modify `docker-compose.yml` to add a db service based on the mariadb official images. 2. We need to provide the database parameters fields (user, password etc...). Hint: Look at the mariadb container environment variables. **Discuss with your trainer if you're stuck !** - 3. What is the hostname of our container ? Hint: Look at the link directive. + 3. What is the hostname of our container ? Hint: Look at the links or preferred network directive to allow db container connection from the web container. If you didn't manage to configure the mariadb container and use it with owncloud, then the additional content for your docker-compose.yml could be useful: ``` @@ -988,9 +1118,9 @@ We are now using a mariadb container, but the database content is inside the con 1. Use a Docker volume to use them from the host. 2. Modify docker-compose.yml to do that. Hint: separate owncloud and db data under /data to avoid user rights conflicts. -If you manage to configure the mariadb container with persistant data your docker-compose.yml should look like this: +If you manage to configure the mariadb container with persistent data your docker-compose.yml should look like this: ``` -version: '2' +version: '3' services: web: build: . @@ -998,8 +1128,10 @@ services: - /data/owncloud:/data/owncloud ports: - "80:80" - links: - - db:mariadb + networks: + - oclan + depends_on: + - db db: image: mariadb environment: @@ -1007,8 +1139,13 @@ services: - MYSQL_DATABASE=owncloud - MYSQL_USER=owncloud - MYSQL_PASSWORD=owncloudpwd + networks: + - oclan volumes: - /data/db:/var/lib/mysql +networks: + oclan: + driver: bridge ``` `#` **`docker-compose ps`** @@ -1019,6 +1156,11 @@ owncloud_db_1 docker-entrypoint.sh mysqld Up 3306/tcp owncloud_web_1 /bin/sh -c /usr/sbin/apach ... Up 0.0.0.0:80->80/tcp ``` +Try to change the listening port inside your docker-compose.yml file and perform a `docker-compose -up -d` + +You can notice that only the services that need to be modified are recreated. + + You would like to try to allow scalability for your application by scaling the web service @@ -1027,7 +1169,9 @@ web service Detect whether this is working or not and why. If not, we'll find another way to solve this. +Bonus, you can try to update the docker-compose.yml file to add an ha-proxy instance in front of the web services. + # Using Docker Swarm Docker Swarm is, since version 1.12, part of Docker Engine. It is used to provide high availability for Docker containers. -A really complete and excellent workshop is available for Swarm at https://jpetazzo.github.io/orchestration-workshop -We extracted lots of ideas from it to lead you towards a first understanding of Swarm. +## Extend our environment with more nodes + +We will deploy a 5 nodes (3 X master + 2 X workers) cluster. -## Installing Docker Swarm +Note : If you are late on this lab, you can just use 1 X master and 2 workers, but do not stop the master in further steps. -If you have a version prior to 1.13, then you'll need to install Docker Engine 1.13+ as the rest of this lab requires that version. +Note : In order to simplify the management of the cluster you could use an ssh-agent and `pdsh` to run commands on all the nodes at the same time. Configuring these tools is outside of this lab but if you are really interested to do it call your nice trainer that will give you the direction to do it. -## Installing on CentOS 7 -On CentOS 7 just add the repo file mentioned earlier in this Lab to get it. +1. Deploy 4 X new Docker Ubuntu 18.04 droplets using the lab interface. + +2. Disable the firewall on all of them +``` +ufw disable +``` - -## Installing the engine in the Cloud - -If you followed docker-machine part, you can now use these machines to configure a Swarm cluster as you have the latest version available in them. - ## Using Docker Swarm to make our configuration available and scalable So now that we can orchestrate the creation of our 2 containers hosting our @@ -1129,6 +1275,7 @@ d8dfb2e8qd3h703pw43o5r88f c10.labossi.hpintelco.org Ready Active Check what you can see on each node. Also look at the output of the `docker info` command. + Swarm has the notion of worker (hosting containers), manager (able to be also a worker and being a backup leader) and Leader (manager being in charge of the Swarm cluster). @@ -1172,7 +1319,9 @@ of managers. Here we can promote 2 of our workers as managers. For that, we need to get another token, the manager one, instead of the worker one we used previously. -`#` **`docker swarm join-token -q manager`** +Note : If you deployed only 3 nodes, you can not add managers, so skip this part. + +`#` **`docker swarm join-token manager`** ``` SWMTKN-1-444fdgnkvchgol08ck8rexwhxg8hbvwncyqs61mvcu0b3978qs-cw10maud95375a2t35p7m5kox ``` @@ -1203,20 +1352,23 @@ let's create a simple service to test our cluster: `#` **`docker service create alpine ping 8.8.8.8`** ``` -ag12vg6ts417gj4r2y2w57j5q +v12wk2jruwhltftgv5xalaped +overall progress: 1 out of 1 tasks +1/1: running [==================================================>] +verify: Service converged ``` `#` **`docker service ls`** ``` -ID NAME REPLICAS IMAGE COMMAND -ag12vg6ts417 tiny_curran 1/1 alpine ping 8.8.8.8 +ID NAME MODE REPLICAS IMAGE PORTS +v12wk2jruwhl relaxed_morse replicated 1/1 alpine:latest ``` -`#` **`docker service ps ag1`** +`#` **`docker service ps v12`** ``` -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR -9aq9iq25ayhp1nk11ems7tsly tiny_curran.1 alpine c6.labossi.hpintelco.org Running Running 35 seconds ago +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +qu030vhwrii4 relaxed_morse.1 alpine:latest unrecognized-komodo-dragon Running Running about a minute ago ``` Use the Docker commands to check how the container is behaving in your @@ -1225,39 +1377,51 @@ cluster behaviour. You can scale that service: -`#` **`docker service update ag1 --replicas 10`** +`#` **`docker service update v12 --replicas 10`** ``` -ag1 +v12 +overall progress: 10 out of 10 tasks +1/10: running [==================================================>] +2/10: running [==================================================>] +3/10: running [==================================================>] +4/10: running [==================================================>] +5/10: running [==================================================>] +6/10: running [==================================================>] +7/10: running [==================================================>] +8/10: running [==================================================>] +9/10: running [==================================================>] +10/10: running [==================================================>] +verify: Service converged ``` Check what happens. You can use docker ps on the current node, and on another node. In order to help visualize the state of the Swarm cluster you can use the visualizer companion of Swarm. On the master node run the following: -`#` **`docker run -it -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock manomarks/visualizer`** +`#` **`docker service create --name=viz --publish=8080:8080/tcp --constraint=node.role==manager --mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock dockersamples/visualizer`** And then connect your browser to it on port 8080. You should see something similar to the below image: ![Swarm Visualizer](/Docker/img/visualizer.png) -Now let's put on our cluster our application. With recent versions of docker-compose, there is the new notion of stack to orchestrate services. Adapt your docker-compose to use it following the below model: +Here you can experiment on meshing, connecting to any node, should send you to the required application. + + +Now let's deploy on our cluster, our application. With recent versions of docker, there is the new notion of stack to orchestrate services. Adapt your docker-compose to use it following the below model: ``` version: '3' services: web: - build: . + image: owncloud_web <-- use previously generated image volumes: - /data/owncloud:/data/owncloud - - /data/config:/var/www/html/owncloud/config ports: - - "8000:80" - links: - - db:mariadb + - "80:80" networks: - oclan: + - oclan + depends_on: + - db db: image: mariadb - ports: - - "3306:3306" environment: - MYSQL_ROOT_PASSWORD=password - MYSQL_DATABASE=owncloud @@ -1266,39 +1430,46 @@ services: volumes: - /data/db:/var/lib/mysql networks: - oclan: - aliases: - - db + - oclan networks: - oclan: - driver: overlay + oclan: + driver: overlay <-- use overlay network ``` -Compared to the v2 file, the main change is that you're now defining in it your network to allow communication between containers +Note : the overlay network. This is a network that will use VXLAN technology to create an overlay network between hosts. So it creates an internal network on systems that could be not in the same subnets. + +Note 2 : behind the scene the init phase of swarm did a lot of complex things, VXLAN, security (everything is on top of TLS), meshing, load balancing. Also note that load balancing on physical nodes must be achieved by an external mechanism. Really nice to my mind. Now start your stack: -`#` **`docker stack deploy -c docker-compose-v3.yml oc`** +`#` **`docker stack deploy -c docker-compose.yml oc`** ``` -Ignoring unsupported options: build, links - Creating service oc_web -Creating service oc_db +Updating service oc_db (id: dm2j7n185u53jxwkcrvsgrxu9) +``` + +`#` **`docker service ls`** +``` +ID NAME MODE REPLICAS IMAGE PORTS +dm2j7n185u53 oc_db replicated 1/1 mariadb:latest +g26e0mhakd6x oc_web replicated 1/1 owncloud_web:latest *:80->80/tcp +v12wk2jruwhl relaxed_morse replicated 10/10 alpine:latest + ``` You may have some problems with this. Try to understand what happens and solve your issues. How many replicas are working ? Where are the images to use ? Which node can use them ? Hint: use the command `docker stack services oc` to help diagnose. And as usual talk to your instructor ! So you will need to use a private registry here to help solving that issue. -We have deployed a Docker registry for you, available from a URL that will be provided by the instructor. -(If you use the internal HPE Lab, then try lab7-2.labossi.hpintelco.org:5500 - If you want to create your own, use our scripts at https://github.com/bcornec/Labs/tree/master/Docker/registry) +We have deployed a Docker registry for you, available from an URL that will be provided by the instructor. +(If you want to create your own to replay this lab, use our scripts at https://github.com/uggla/Labs/tree/master/Docker/registry) You need to add the CA public certificate made on the registry to trust it. Download the CA from the registry web site: ### CentOS 7 -`#` **`curl -L http://lab7-2.labossi.hpintelco.org/ca.crt > /etc/pki/ca-trust/source/anchors/ca-registry.crt`** +`#` **`curl -L http://${REGISTRY_FQDN}:81/ca.crt > /etc/pki/ca-trust/source/anchors/ca-registry.crt`** `#` **`update-ca-trust`** @@ -1306,14 +1477,14 @@ Download the CA from the registry web site: ### Ubuntu/Debian -`#` **`curl -L http://lab7-2.labossi.hpintelco.org/ca.crt > /usr/local/share/ca-certificates/ca-registry.crt`** +`#` **`curl -L http://${REGISTRY_FQDN}:81/ca.crt > /usr/local/share/ca-certificates/ca-registry.crt`** `#` **`update-ca-certificates`** `#` **`service docker restart`** Check that the registry runs as expected: -`#` **`curl -L https://:5500/v2`** +`#` **`curl -L https://${REGISTRY_FQDN}/v2`** `{}` Of course, each node needs to be configured identically. @@ -1321,11 +1492,11 @@ Of course, each node needs to be configured identically. In order to share the image between the nodes, you need to push it to this new registry, by using the appropriate tag. For example, you may use a command similar to -`#` **`docker tag owncloud_web:latest ${DOMAIN_NAME}:5500/owncloud_web`** +`#` **`docker tag owncloud_web:latest ${REGISTRY_FQDN}/owncloud_web`** And then you can push that image into our registry so it's available to other engines to use. -`#` **`docker push ${DOMAIN_NAME}:5500/owncloud_web`** +`#` **`docker push ${REGISTRY_FQDN}/owncloud_web`** Do the same with the mariadb service that you create afterwards following the same approach. Look at your stack status. Is everything working fine or not ? What happens if you kill the httpd process ? the mysql process ? Explain what is happening. @@ -1337,21 +1508,31 @@ Let's configure NFS on the first machine (10.11.51.136 in my case): or -`#` **`apt-get install -y nfs-server`** # Ubuntu +`#` **`apt-get install -y nfs-kernel-server`** # Ubuntu 18.04 Edit the exports file so it looks like: `#` **`cat /etc/exports`** ``` -/data/db *.labossi.hpintelco.org(rw,no_root_squash,async,insecure,no_subtree_check) -/data/owncloud *.labossi.hpintelco.org(rw,no_root_squash,async,insecure,no_subtree_check) -/data/config *.labossi.hpintelco.org(rw,no_root_squash,async,insecure,no_subtree_check) +/data/db *(rw,no_root_squash,async,insecure,no_subtree_check) <-- do not do that (world export) in production +/data/owncloud *(rw,no_root_squash,async,insecure,no_subtree_check) +/data/config *(rw,no_root_squash,async,insecure,no_subtree_check) ``` `#` **`exportfs -a`** -`#` **`systemctl start nfs`** +`#` **`systemctl start nfs-kernel-server`** -Check on another node that your NFS setup is correct. +Install on other nodes nfs client and check that your NFS setup is correct. + +`#` **`yum install -y nfs-utils`** + +`#` **`systemctl start rpc-statd`** # CentOS7 + +or + +`#` **`apt-get install -y nfs-common`** + +`#` **`service rpc.statd start`** # Ubuntu Now you can create a Docker volume that will be used by the containers launched with a service, by amending your docker-compose file which should now look like this: @@ -1360,20 +1541,18 @@ version: '3' services: web: build: . - image: lab7-2.labossi.hpintelco.org:5500/owncloud_web + image: registry.uggla.fr/owncloud_web volumes: - /data/owncloud:/data/owncloud - /data/config:/var/www/html/owncloud/config ports: - - "8000:80" - links: - - db:mariadb + - "80:80" networks: - oclan: + - oclan db: image: mariadb ports: - - "3306:3306" + - "3306:3306" <-- note that this port is exposed for the following part environment: - MYSQL_ROOT_PASSWORD=password - MYSQL_DATABASE=owncloud @@ -1382,9 +1561,7 @@ services: volumes: - dbvol:/var/lib/mysql networks: - oclan: - aliases: - - db + - oclan networks: oclan: driver: overlay @@ -1394,14 +1571,14 @@ volumes: driver: local driver_opts: type: nfs - o: addr=10.11.51.136,rw + o: addr=188.166.10.159,rw,nfsvers=4.1 <-- this is required to have locks as nfs V3 does not support lock required by mariadb device: ":/data/db" ``` Restart your stack: `#` **`docker stack rm oc`** -`#` **`docker stack deploy -c docker-compose-v3.yml oc`** +`#` **`docker stack deploy -c docker-compose.yml oc`** Check they have now been created with: `#` **`docker volume ls`** @@ -1414,20 +1591,11 @@ Is that now working as expected ? If you use Docker 17.03+ you should have the d Can you have access to the database with the mysql command from your host (install the command if you need it) ? Check that the volume is mounted correctly in the container. Check that you can reach the mysql daemon from any host in the cluster. For mysql to work correctly using an NFS exported directory for its files, you will need to have the rpc.statd daemon running on all nodes of your cluster. Hint: -`#` **`yum install -y nfs-utils`** - -`#` **`systemctl start rpc-statd`** # CentOS7 -or - -`#` **`apt-get install -y nfs-common`** - -`#` **`service rpc.statd start`** # Ubuntu - -Create a temporary table in the owncloud database to check and then relaunch the service to verify the persistency of the DB. +Create a temporary table in the owncloud database to check and then relaunch the service to verify the persistence of the DB. MariaDB hint: -`#` **`mysql -uowncloud -powncloudpwd`** +`#` **`mysql -h -uowncloud -powncloudpwd`** `MariaDB [(none)]>` **`use owncloud;`** @@ -1439,8 +1607,6 @@ MariaDB hint: Once all this is solved, you can try dealing with the web frontend. Adopt a similar approach (NFS volume and service). Check that the communication between owncloud and the DB works fine. -You may be affected as myself by remaining bugs such as https://github.com/docker/docker/issues/20486 or https://github.com/docker/docker/issues/25981, especially mixing tests with docker-compose and swarm. For me, the only way to turn around them was to reboot the full cluster completely. - Observe what happens when you restart a Docker service on a node hosting one of the 2 services. We can scale out such a stateful application (while less interesting than a cloud native one) with many owncloud instances to support many users and spread the load across the Swarm cluster. @@ -1458,7 +1624,7 @@ Let's explain first the application and its goal. ## Objectives In this section, we will create a promotional lottery for an e-commerce site. -All the software components are provided, you'll "just" have to perform a partial containerzation of the service. +All the software components are provided, you'll "just" have to perform a partial containerization of the service. As the setup takes some time, we'll start with the instructions and then you'll have time to read the explanations. @@ -1466,12 +1632,12 @@ First have access to the application we developed for this. `#` **`yum install -y git`** -`#` **`git clone https://github.com/bcornec/openstack_lab.git`** +`#` **`git clone https://github.com/uggla/cloud_native_app.git`** `#` **`cd cloud_native_app`** -As you can see in the openstack_lab directory created, the same application can be used for a Docker or an OpenStack usage (or combining them). -The application is still a WIP, so don't worry with all the additional files and directories for now. Upstream is at https://github.com/uggla/openstack_lab.git alongside its documentation. +As you can see in the cloud_native_app directory created, the same application can be used for a Docker or an OpenStack usage (or combining them). +The application is still a WIP/Demo, so don't worry with all the additional files and directories for now. We need first to run the application locally using the compose file, in order to create all the Docker images and to upload them into the registry. @@ -1514,7 +1680,9 @@ cn81a9a5j8yi w1 1/1 lab7-2.labossi.hpintelco.org:5500/cloudnati e6c6ypgcxdy2 p 1/1 lab7-2.labossi.hpintelco.org:5500/cloudnativeapp_p ``` -In order to use the application you'll now have to connect to your system hosting th web application (in our case http://c6.labossi.hpintelco.org/) +In order to use the application you'll now have to connect to your system hosting the web application (in our case http://c6.labossi.hpintelco.org/) + +![cna](img/cna.png) You should see a message in your browser saying: ``` @@ -1534,3 +1702,4 @@ Scale that micro-service to solve the problem. This is the end of this lab for now, we hope you enjoyed it. Github issues and pull requests to improve this lab are welcome. + diff --git a/Docker/img/cna.png b/Docker/img/cna.png new file mode 100644 index 0000000..f9b93e3 Binary files /dev/null and b/Docker/img/cna.png differ diff --git a/Docker/registry/Dockerfile b/Docker/registry/Dockerfile index 656e070..71f6f1a 100644 --- a/Docker/registry/Dockerfile +++ b/Docker/registry/Dockerfile @@ -1,6 +1,5 @@ -FROM fedora:latest -RUN dnf update -y -RUN dnf install -y httpd mod_ssl +FROM fedora:30 +RUN dnf install -y httpd RUN useradd pki RUN chmod 755 /home/pki RUN rm /etc/httpd/conf.d/welcome.conf diff --git a/Docker/registry/docker-compose.yml b/Docker/registry/docker-compose.yml index cd44642..8435c96 100644 --- a/Docker/registry/docker-compose.yml +++ b/Docker/registry/docker-compose.yml @@ -4,18 +4,20 @@ services: build: context: . ports: - - "80:80" + - "81:80" volumes: - ./certs:/home/pki/srv environment: - PUBFQDN= hostname: $PUBFQDN + restart: always registry: image: registry:2 ports: - - "5500:5000" + - "443:443" environment: + - REGISTRY_HTTP_ADDR=0.0.0.0:443 - REGISTRY_HTTP_TLS_CERTIFICATE=certs/repo.crt - REGISTRY_HTTP_TLS_KEY=certs/repo.key volumes: diff --git a/Docker/registry/run.sh b/Docker/registry/run.sh index 0448d99..4a137fe 100644 --- a/Docker/registry/run.sh +++ b/Docker/registry/run.sh @@ -1,7 +1,7 @@ #!/bin/bash # Modify openssl.cnf to activate extensions (SAN) sed -i -e 's/# req_extensions = v3_req/req_extensions = v3_req/' /etc/pki/tls/openssl.cnf -sed -i -e '/keyUsage = nonRepudiation, digitalSignature, keyEncipherment/ a subjectAltName = @alt_names' /etc/pki/tls/openssl.cnf +sed -i -e '/^keyUsage = nonRepudiation, digitalSignature, keyEncipherment/ a subjectAltName = @alt_names' /etc/pki/tls/openssl.cnf cat << EOF >>/etc/pki/tls/openssl.cnf [alt_names] DNS.1 = $PUBFQDN @@ -9,11 +9,11 @@ EOF # Generate CA key + cert umask 277 && openssl genrsa 2048 > ca/ca.key -umask 007 && openssl req -new -x509 -days 365 -subj "/C=FR/ST=/L=Grenoble/O=HPE/CN=ca" -key ca/ca.key > ca/ca.crt +umask 007 && openssl req -new -x509 -days 365 -subj "/C=FR/ST=Isere/L=Grenoble/O=CGI/CN=ca" -key ca/ca.key > ca/ca.crt # Generate server (registry) key + csr umask 002 && openssl genrsa 2048 > srv/repo.key umask 002 && openssl req -new \ - -subj "/C=FR/ST=/L=Grenoble/O=HPE/CN=$PUBFQDN" \ + -subj "/C=FR/ST=Isere/L=Grenoble/O=CGI/CN=$PUBFQDN" \ -key srv/repo.key \ > srv/repo.csr # Sign the csr with the CA @@ -28,4 +28,4 @@ umask 002 && openssl x509 -req -in srv/repo.csr \ # Put the CA certificate on the web cp /home/pki/ca/ca.crt /var/www/html chown pki:pki /var/www/html/ca.crt && chmod 644 /var/www/html/ca.crt -/usr/sbin/apachectl -DFOREGROUND -k start +httpd -DFOREGROUND diff --git a/Docker/server.py b/Docker/server.py new file mode 100644 index 0000000..7d6d5fb --- /dev/null +++ b/Docker/server.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# test on python 3.4 ,python of lower version has different +# module organization. +import http.server +import socketserver + +PORT = 8000 + +Handler = http.server.SimpleHTTPRequestHandler + +Handler.extensions_map = { + '.manifest': 'text/cache-manifest', + '.html': 'text/html', + '.png': 'image/png', + '.jpg': 'image/jpg', + '.svg': 'image/svg+xml', + '.css': 'text/css', + '.js': 'application/x-javascript', + '.md': 'text/markdown', + '': 'application/octet-stream', # Default + } + +httpd = socketserver.TCPServer(("", PORT), Handler) + +print("serving at port", PORT) +httpd.serve_forever()