Hi there!

This is yet another note from me ^^

This is for my notes about Docker. I’ve been dealing with container technologies for years, it’s a good habit to dump all of my notes here.

I hope you find this useful as well.

Build Docker Image

Method 1: Docker build

Using dockerfile is the formal way to build a docker image.

We can define the base image to pull from, copy files inside it, run configuration, specify what process to start with.

You know I like using Django for projects, here comes a dockerfile from Cookiecutter:

# define an alias for the specific python version used in this file.
FROM python:3.11.6-slim-bullseye as python

# Python build stage
FROM python as python-build-stage

ARG BUILD_ENVIRONMENT=local

# Install apt packages
RUN apt-get update && apt-get install --no-install-recommends -y \
  # dependencies for building Python packages
  build-essential \
  # psycopg2 dependencies
  libpq-dev

# Requirements are installed here to ensure they will be cached.
COPY ./requirements .

# Create Python Dependency and Sub-Dependency Wheels.
RUN pip wheel --wheel-dir /usr/src/app/wheels  \
  -r ${BUILD_ENVIRONMENT}.txt


# Python 'run' stage
FROM python as python-run-stage

ARG BUILD_ENVIRONMENT=local
ARG APP_HOME=/app

ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
ENV BUILD_ENV ${BUILD_ENVIRONMENT}

WORKDIR ${APP_HOME}


# devcontainer dependencies and utils
RUN apt-get update && apt-get install --no-install-recommends -y \
  sudo git bash-completion ssh vim
RUN echo "alias ls='ls -G --color=auto" >> ~/.bashrc
RUN echo "alias ll='ls -lh --color=auto" >> ~/.bashrc

# Create devcontainer user and add it to sudoers
RUN groupadd --gid 1000 dev-user \
  && useradd --uid 1000 --gid dev-user --shell /bin/bash --create-home dev-user \
  && echo dev-user ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/dev-user \
  && chmod 0440 /etc/sudoers.d/dev-user


# Install required system dependencies
RUN apt-get update && apt-get install --no-install-recommends -y \
  # psycopg2 dependencies
  libpq-dev \
  # Translations dependencies
  gettext \
  # cleaning up unused files
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  && rm -rf /var/lib/apt/lists/*

# All absolute dir copies ignore workdir instruction. All relative dir copies are wrt to the workdir instruction
# copy python dependency wheels from python-build-stage
COPY --from=python-build-stage /usr/src/app/wheels  /wheels/

# use wheels to install python dependencies
RUN pip install --no-cache-dir --no-index --find-links=/wheels/ /wheels/* \
  && rm -rf /wheels/

COPY ./compose/production/django/entrypoint /entrypoint
RUN sed -i 's/\r$//g' /entrypoint
RUN chmod +x /entrypoint

COPY ./compose/local/django/start /start
RUN sed -i 's/\r$//g' /start
RUN chmod +x /start


COPY ./compose/local/django/celery/worker/start /start-celeryworker
RUN sed -i 's/\r$//g' /start-celeryworker
RUN chmod +x /start-celeryworker

COPY ./compose/local/django/celery/beat/start /start-celerybeat
RUN sed -i 's/\r$//g' /start-celerybeat
RUN chmod +x /start-celerybeat

COPY ./compose/local/django/celery/flower/start /start-flower
RUN sed -i 's/\r$//g' /start-flower
RUN chmod +x /start-flower


# copy application code to WORKDIR
COPY . ${APP_HOME}

ENTRYPOINT ["/entrypoint"]

Method 2: Docker commit

Another way is to use docker commit <container_id> <new_image_name>, it will create a new image based on your existing image in you docker local storage.

Export/Import

After we have docker images, we usually want to share it with other or transfer to another places, that’s where export/import are used:

docker save <image_name:version> > exported_file.tar
docker load < exported_file.tar

Docker Registry

Environment: CentOS 7.2

Setup Docker repository

sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

Install and enable docker-registry

yum install docker-registry
systemctl enable docker-registry.service
service docker-registry start

Verify docker-registry service

1. Using curl to checkcurl localhost:5000 You should get results: "\"docker-registry server\""
2. systemctl status docker-registry

Configure storage_path

Update local storage path to your specific location in /etc/docker-registry.yml:

local: &local
     <<: *common
     storage: local
     storage_path: _env:STORAGE_PATH:/data/docker/docker-registry

Then restart: systemctl restart docker-registry.service

Setup client to use the registry

Update /etc/sysconfig/docker to add --insecure-registry your_ip_or_hostname:5000 as below:

# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--insecure-registry your_ip_or_hostname:5000 --selinux-enabled --log-driver=journald'
DOCKER_CERT_PATH=/etc/docker

Push to the registry

In order to have some images to push to the registry, let’s pull from docker.io firstly: docker pull centos

Please write down the IMAGE ID for the centos image

If you push it to your own registry now, you will get error as blow:

# docker push your_ip_or_hostname:5000/ci
The push refers to a repository [your_ip_or_hostname:5000/ci]
An image does not exist locally with the tag: your_ip_or_hostname:5000/ci

So you need to create a repo on your private registry then try to push again.

To do that, you can tag a repo on your private registry and push:

# docker tag the_centos_image_id_you_wrote_down your_ip_or_hostname:5000/centos
[root@geekcoding101 ~]# docker push your_ip_or_hostname:5000/centos
The push refers to a repository [your_ip_or_hostname:5000/centos]
97ca462ad9cc: Image successfully pushed
Pushing tag for rev [the_centos_image_id_you_wrote_down] on {http://your_ip_or_hostname:5000/v1/repositories/centos/tags/latest}
[root@geekcoding101 ~]#

Docker Storage

Where does docker store images?

Usually is /var/lib/docker/.

But vary depending on the driver Docker is using for storage.

You can manually set the storage driver with the -s or –storage-driver= option to the Docker daemon.

• /var/lib/docker/{driver-name} will contain the driver specific storage for contents of the images.
• /var/lib/docker/graph/<id> now only contains metadata about the image, in the json and layersize files.

In the case of aufs:

• /var/lib/docker/aufs/diff/<id> has the file contents of the images.
• /var/lib/docker/repositories-aufs is a JSON file containing local image information. This can be viewed with the command docker images

Cheat Sheet

Okay, that’s all from me. Thank you for reading!