Lab setup data from the Pluralsight course on:
Managing Docker Images
Looking for more courses on IT security, cloud admin, and containers? Check out:
Set up the basic Docker environment
sudo nano /etc/group [add your username to the "docker" group line] sudo systemctl status docker docker images sudo su cd /var/lib/docker/aufs/layers
Building and pushing images
docker images docker search ubuntu/golang docker pull alpine:latest docker images docker history alpine docker history ubuntu less dockerfile ######### # Dockerfile contents: FROM ubuntu:16.04 RUN apt-get update RUN apt-get install -y apache2 ADD index.html /var/www/html/ CMD /usr/sbin/apache2ctl -D FOREGROUND EXPOSE 80 ######### nano index.html Welcome to my website docker build -t webserver . docker images docker run -d webserver docker network inspect bridge curl 172.17.0.2 docker ps docker stop [container-name] docker ps docker login docker images docker tag webserver dbclinton/webserver docker push dbclinton/newerserver Image best practices docker run -dit ubuntu docker ps docker commit [4ae439cb5601] myimage docker images docker pull centos:6.6 mkdir experiment cd experiment nano dockerfile docker build -t manylines . nano dockerfile docker build -t oneline . docker images docker rmi manylines oneline ######### # dockerfile manyline: FROM ubuntu:16.04 RUN apt-get update && apt-get install -y curl RUN mkdir -p /opt/jboss/wildfly RUN cd /tmp RUN curl -O https://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final.tar.gz RUN tar xf wildfly-10.1.0.Final.tar.gz RUN mv wildfly-10.1.0.Final /opt/jboss/wildfly RUN rm wildfly-10.1.0.Final.tar.gz ######### ######### # dockerfile oneline: FROM ubuntu:16.04 RUN apt-get update && apt-get install -y curl RUN mkdir -p /opt/jboss/wildfly && cd /tmp && curl -O https://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final.tar.gz && tar xf wildfly-10.1.0.Final.tar.gz && mv wildfly-10.1.0.Final /opt/jboss/wildfly && rm wildfly-10.1.0.Final.tar.gz #########
Open a CentOS firewall
firewall-cmd --zone=public --add-port=5000/tcp firewall-cmd --zone=public --add-port=5000/tcp --permanent
Install and run Docker Registry
apt update apt install docker-registry systemctl start docker-registry systemctl status docker-registry docker-register --version ls sudo su dpkg -i docker-registry_2.4.1~ds1-2_amd64.deb systemctl start docker-registry systemctl status docker-registry docker-registry --version systemctl enable docker-registry docker run hello-world docker images docker tag hello-world localhost:5000/hello-world:latest docker images docker push localhost:5000/hello-world:latest docker rmi -f hello-world localhost:5000/hello-world:latest docker images docker pull localhost:5000/hello-world:latest docker images curl localhost:5000/v2/_catalog [from a different machine:] curl 192.168.1.17:5000/v2/_catalog
Docker Registry storage
sudo su cd /var/lib/docker/docker-registry cd docker/registry/v2/repositories docker volume create myvolume docker volume ls
Configure CA certificates
curl 192.168.1.17:5000/v2/_catalog docker pull 192.168.1.17:5000/hello-world:latest # if you received an intermediate certificate: cat stuff.crt intermediate-stuff.pem > certs/stuff.crt ----------- docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/stuff.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/stuff.key \ registry ########### # Dockerfile: FROM registry ADD /certs/ /home/ ENV REGISTRY_HTTP_TLS_CERTIFICATE=/certs/stuff.crt REGISTRY_HTTP_TLS_KEY=/certs/stuff.key EXPOSE 5000 ########### cd /etc/docker ls cd registry ls sudo nano config.yml [Enter this in the http section after addr:] tls: certificate: /home/ubuntu/certs/stuff.crt key: /home/ubuntu/certs/stuff.key ----------- docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/config.yml:/etc/docker/registry/config.yml \ registry
Configure self-signed certificates
[To change the command line prompt on client machine: run PS1='docker-client:\w\$ '] sudo nano /etc/hosts add 192.168.1.17 stuff.com [on server machine; run PS1='docker-server:\w\$ '] mkdir certs openssl req -newkey rsa:4096 -nodes \ -sha256 -keyout certs/stuff.key \ -x509 -days 365 -out certs/stuff.crt [enter values; CN as stuff.com is the most important] less /etc/docker/registry/config.yml sudo systemctl restart docker-registry cd certs [if necessary] scp stuff.crt ubuntu@192.168.1.19:/home/ubuntu/ [From client] mv stuff.crt ca.crt sudo su mkdir -p /etc/docker/certs.d/stuff.com:5000/ cp ca.crt /etc/docker/certs.d/stuff.com:5000/ systemctl restart docker docker pull stuff.com:5000/hello-world:latest curl stuff.com:5000/v2/_catalog curl https:stuff.com:5000/v2/_catalog curl --insecure https://192.168.1.16:5000/v2/_catalog
Configure login authentication
[server] mkdir auth docker run --entrypoint htpasswd registry -Bbn newuser mypassword >> auth/htpasswd sudo nano /etc/docker/registry/config.yml auth: htpasswd: realm: basic-realm path: /home/ubuntu/auth/htpasswd sudo systemctl restart docker-registry [client] [from client - make sure that alpine has been pulled] docker images docker tag alpine stuff.com:5000/alpine-local docker push stuff.com:5000/alpine-local docker login stuff.com:5000 docker push stuff.com:5000/alpine-local
Configure Docker Content Trust
sudo nano /etc/profile export DOCKER_CONTENT_TRUST=1 echo $DOCKER_CONTENT_TRUST export DOCKER_CONTENT_TRUST=1 echo $DOCKER_CONTENT_TRUST [browse to: https://hub.docker.com/r/xataz/redis/] docker pull xataz/redis export echo DOCKER_CONTENT_TRUST=0 docker pull xataz/redis [make sure busybox image has been pulled] [make sure root key has been saved to ~/docker/trust/private/root_keys/] docker login docker tag swarm dbclinton/swarm:latest docker push dbclinton/swarm:latest sudo apt install notary notary -s https://notary.docker.io -d ~/.docker/trust list docker.io/library/alpine notary --help
Use the Docker Cloud CLI
docker login sudo apt install python-pip pip install --upgrade pip pip install docker-cloud docker-cloud --help docker-cloud repository inspect dbclinton/myrepo docker tag busybox dbclinton/myrepo:latest docker push dbclinton/myrepo:latest docker-cloud repository inspect dbclinton/myrepo docker-cloud stack create -f docker-cloud.yml
Docker Cloud Stack .yml example:
image: dockercloud/haproxy links: - web ports: - "80:80" roles: - global web: image: dockercloud/quickstart-python links: - redis target_num_containers: 4 redis: image: redis