Setting up docker on debian 11.2
Introduction
Docker is the only container virtualization system that I have not yet encountered, so after studying this topic, I decided to write this publication. This publication will discuss building your own image (using dockerfile) based on official debian system images, mounting various file systems (nfs, btrfs, ext4), as well as various dockerfile parameters and docker container management commands.
Creating an image
Before creating the image, you need to install some dependencies to correctly add the official Docker GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg lsb-release
Add Keys and Repositories
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install Docker Engine
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
After these manipulations, you can start building your own image by creating a Dockerfile (this file can be created, for example, in the user’s directory), the image creation command must be executed from under sudo. Figure 1 shows an example Dockerfile
FROM debian – indicates from which image from the repository it is necessary to create a container image, you can search for available images for download using the sudo docker search debian command
Official images are marked OK
MAINTAINER nemets – indicate the author of the image
RUN apt-get update – update list of available packages
RUN apt-get install -y apache2 mc htop net-tools nfs-common && apt-get clean – install apache2 and additional packages as needed
VOLUME /etc/apach2 – create a mount point
#WORKDIR /home – indicates the current directory for work (for example, if you use the COPY test.txt user/test.txt directive, the file will be copied to the /home/user directory)
COPY –chown=www-data:www-data test.txt /home/ – copy the test.txt file from the directory from which the image was built to the /home directory, with www-data permissions, if the specified user does not exist, then in this case an error will appear (you can specify the uid and gid of the user)
ADD –chown=www-data:www-data test.txt /home – the command is similar to the copy command
ENV MY_NAME=”nemets” – create a permanent environment variable for the image
ARG NAME=”nemets” – create a temporary variable, this variable will only be available during image creation
EXPOSE 80/tcp – indicate that tcp port 80 is used in the image (only informational option, when starting the container, you must explicitly specify ports in any case)
EXPOSE 443/tcp – specify that the image uses tcp port 443
#EXPOSE 80/udp – specify that the image uses 80 udp port
#EXPOSE 443/udp – indicate that 443 udp port is used in the image
#USER root – specify from which user it is necessary to execute commands, in this example, apache is started by default as the root user, for this reason this directive is not required, if, for example, the container is used to run postgresql, then postgres must be used in the user directive, since postgresql run as postgres user
ENTRYPOINT [“/usr/sbin/apache2ctl”, “-D”, “FOREGROUND”] – this line will tell the image to run apache with the given parameters when starting the container. In the official documentation, this launch method (exec) is preferred, since docker assumes that the process will be one and with pid 1, and also in this case the process will correctly receive unix signals, but keep in mind that with this launch method they will not be available environment variables, and for this reason it is necessary to specify the full sweat before apachectl
#ENTRYPOINT apachectl -D FOREGROUND – this way of starting apache happens through the shell, for this reason at least two processes (/bin/bash and httpd) will be launched in the container, and environment variables will also be available
#CMD echo “Hello world” – this command will complement the ENTRYPOINT command, but only if ENTRYPOINT is executed in exec mode, if ENTRYPOINT is executed in shell mode, then the CMD directive will be ignored (you can also specify the launch of apache in the directive, as in the ENTRYPOINT directive)
After the Dockerfile has been created, you can start building the image, for this you need to run the command
sudo docker build -t local/debian .
the -t switch will add a name and a “tag” (name/tag format) for the created container
if necessary, you can upload the created image in the repository (registration required)
docker push yourname/newimage
Commands for working with images and containers
To view the created image, use the command
sudo docker images
To delete the created image, use the command
sudo docker rmi local/debian
You can start launching the container, after it is launched, the container will be given a name and a CONTAINER ID, by which you can access the container
sudo docker run -d --restart=always --cpuset-cpus="0" --cpus=".5" --memory="1g" --memory-swap="1g" -p 80:80 -p 443:443 -v /home/user:/user --add-host=docker:10.180.0.1 local/debian
-d – run the container in the background
–restart-always – put the container on autostart
–cpuset-cpus=”0″ – allow to use only the first processor core (you can specify cores separated by commas 0,3,5, or dashes 0-2)
–cpus=”.5″ – use the processor for a maximum of 50%
–memory=”1g” – limit RAM usage to 1 GB
–memory-swap=”1g” – limit swap usage to 1 GB
-p 80:80 -p 443:443 – forward ports 80 and 443 to the container
-v /home/user:/user – mount the /home/user directory to the /user folder of the container
–add-host=docker:10.180.0.1 – add an entry to the /etc/hosts file
local/debian – the name of the image on the basis of which the container will be created and launched
The list of running containers can be viewed with the command
sudo docker ps
A list of all containers, including those that are not running, can be viewed with the command
sudo docker ps -a
In this example, the name of the created container is vibrant_pascal, and the CONTAINER ID is 174fdcafd234, it is by these parameters that you can access the container
sudo docker stop vibrant_pascal #остановить выполнение контейнера
sudo docker start 174fdcafd234 #запустить контейнер
sudo docker pause 174fdcafd234 #поставить контейнер на паузу
sudo docker unpause 174fdcafd234 #запустить контейнер поставленный на паузу
sudo docker stats 174fdcafd234 #посмотреть использование ресурсов контейнером
sudo docker rm 174fdcafd234 #удалить контейнер
In order to enter the container, you must run the command
sudo docker exec -it vibrant_pascal bash
Sometimes, after any changes in the container, it is necessary to save these changes to the original image, for this you should use the command
docker commit -m "added updates" -a "nemets" 174fdcafd234 local/debian
-m – comment with information about changes in the image
-a – the name of the author of the changes
You can also specify a different image name (for example, local/debian1) if, for example, you need to keep the original image
In order to create another container from the image, just run the command again
sudo docker run -d --restart=always --cpuset-cpus="0" --cpus=".5" --memory="1g" --memory-swap="1g" -p 8080:80 -p 4443:443 -v /home/user:/user --add-host=docker:10.180.0.1 local/debian
but you need to specify a different port
Mounting nfs “balls”
First of all, you need to raise the nfs server, for this you need to install the following packages
sudo apt install nfs-kernel-server nfs-common portmap
Let’s make changes to the /etc/exports file, namely, add the line
/mnt 192.168.1.0/24(rw,no_root_squash)
this line will allow access to the /mnt directory to all hosts from the network 192.168.1.0/24
Activate and start the nfs server
sudo systemctl enable nfs-server
sudo systemctl start nfs-server
After the nfs server is running, you can start creating the volume service for docker (in this example, the nfs server is running on 192.168.1.103)
sudo docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.103,rw --opt device=:/mnt shara
After executing this command, a volume named shara will be created in docker, which can be mounted in newly created containers. In order to mount the created “ball” into the container, add –mount source=shara,target=/mnt to the run command
sudo docker run -d --restart=always --cpuset-cpus="0" --cpus=".5" --memory="1g" --memory-swap="1g" -p 8080:80 -p 8443:443 --mount source=shara,target=/mnt -v /home/user:/user --add-host=docker:10.180.0.1 local/debian
When creating a volume for the –opt type parameter, it is possible to use the following options:
–opt type=cifs – mount smb “share”
–opt type=btrfs – mount btrfs partition
–opt type=ext4 – mount ext4 partition
you must also specify a device with the specified file system
–opt device=/dev/sda2
The command to create an ext4 volume will look like this
sudo docker volume create --driver local --opt type=ext4 --opt device=/dev/sda2 shara
Conclusion
As you can see from this publication, creating your own image is not a complicated process, in my opinion it is better to use your own image than to use already created non-official ones, which may contain malicious software.
List of sources that helped me in writing this publication
Install Docker Engine on Debian | Docker Documentation
docker build | Docker Documentation
Dockerfile reference | Docker Documentation