Gabri/dockerCommands.md

## dockerCommands.md

      
    Raw
  

              dockerCommands.md
            
          
    Docker

Command utility tools

ctop lazydocker
Rimuovere immagini non più usate

docker image prune -f
Pulizia di dati non più utilizzati (images, container, networks)

docker system prune --all --force
Note (don't create a container every times!)

ogni volta che si lancia il comando si creano nuovi container di quell'immagine
Creare un container (oracle)

docker run -d -p 49161:1521 -v mdist-dev-local:/opt/oracle/oradata wnameless/oracle-xe-11g-r2

--name altrimenti creato un nome random:
docker run --name oracle-ee -p 1521:1521 ...

docker ps -ALTER
Starting services of docker compose

docker-compose up -d

To start a specific service of a docker-compose
docker-compose up -d mysql-server

Rebuild service of docker-compose

docker-compose up --build --force-recreate --no-deps -d <servicename>

Starting a container (already created)

docker start -ai 11cc47339ee1

(docker start -ai e17d58165b78)
Stop services of docker compose

docker-compose down

Stop a container

docker stop e17d58165b78

Show container images (showing sizes in MB)

docker-compose images

Collegarsi con SQLcl al docker oracle avviato

sql system/oracle@//localhost:49162:xe

dover user:sytstem, pwd:oracle e SID:xe
Run script sql on docker oracle image

sqlplus user/pwd@//localhost:1521/ORCLPDB1 yourpath/yourscript.sql

Copy file from containter to host

docker cp revproxy_webngx_1:/etc/nginx/conf-d.tgz docker/nginx/
Remove container (by name)

docker container rm mdistDevOracle

Remove containers and images from docker-compose

docker-compose down -v --rmi all

Build di un'immagine locale (con Dockerfile)

docker build -t wnameless/oracle-xe-11g-mdistdev .

Utilities

Find UID ad users/gruop of container (ie: www-data)

docker DOCKER_CONTAINER_ID id

Con docker-compose:
docker-compose exec SERVICE_NAME id

Shell on image

As root (you need to specify workdir)
docker-compose exec --workdir /var/www/php --user root php-dei sh

Volumes

Create a Volume

docker volume create my-vol

Possible local volume path: /var/lib/docker/volumes/mysql_mysql-data/_data
TODO Verify:

docker volume create --name=mdist-dev-local --opt device=/home/gabri/Documents/oracle/db/mdist-dev-local/oradata --opt type=none --opt o=bind

List volumes

docker volume ls

Inspect a volume

docker inspect mysql_mysql-data

Remove a Volume

docker volume rm mysqldev_mysql-data

Backups

Database backup on instance

Backup di un db usando mysqldump e utenza root, poi zippando l'sql generato e salvandolo in una cartella dell'host
docker exec mysql_mysql-server_1 sh -c 'exec mysqldump -u root -p"$MYSQL_ROOT_PASSWORD" gabri_nueter' | gzip -c > $HOME/backup/db/nueter/gabri_nueter-`date +\%Y\%m\%d`.sql.gz

Docker Limits

It's possible to limit, on docker compose file, cpu e mem usage
Docker Secrets

Don't store secrets on Env variable (docker inspect [image] show them) and if you copy files and delete theme ..pay attention to docker chache
@see Docker Secrets for docker compose

  
## vps_docker.md

      
    Raw
  

              vps_docker.md
            
          
    Creating ssh to connect to server (avoiding auth root)

ssh-keygen -t rsa -b 4096 -f ~/.ssh/vps-cloud.web-server.key -C "My web-server key"

Where,
-t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
-b 4096 : Specifies the number of bits in the key to create
-f ~/.ssh/vps-cloud.web-server.key : Specifies the filename of the key file.
-C "My web-server key" : Set a new comment.
Connect via ssh with generated key

ssh -i ~/.ssh/vps-hetz.web-server.key root@168.xxx.xx.xx

Installation docker and other stuff

sudo apt-get update

sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo apt-key fingerprint 0EBFCD88

fingerprint should be '9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88'
sudo add-apt-repository \
   "deb [arch=amd64] https://download.
   er.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

sudo apt-get install docker-ce docker-ce-cli containerd.io

Verify installation
sudo docker run hello-world
NB: For alpine, the following dependency packages are needed: py-pip, python-dev, libffi-dev, openssl-dev, gcc, libc-dev, and make
--apt install ctop [non è quello per vedere i processi docker]
sudo wget https://github.com/bcicen/ctop/releases/download/v0.7.5/ctop-0.7.5-linux-amd64 -O /usr/local/bin/ctop
sudo chmod +x /usr/local/bin/ctop

apt install make
--apt install py-pip python-dev libffi-dev openssl-dev gcc libc-dev
sudo apt install libffi-dev gcc libc6-dev

Docker compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Creating sudoers (non root) user [https://community.hetzner.com/tutorials/debian-base-configuration-docker]
adduser --disabled-password gabri

To assign the permissions to the user, we create the file /etc/sudoers.d/90-gabri
vim /etc/sudoers.d/90-gabri

with the following content:
gabri ALL=(ALL) NOPASSWD:ALL

For additional security, we adjust the configuration of the SSH server. To do this we open /etc/ssh/sshd_config, delete the contents of the file and insert the configuration below instead:
Protocol 2
Port 44933
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin no
StrictModes yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers gabri

Depositing the public key
mkdir -p /home/gabri/.ssh
vim /home/gabri/.ssh/authorized_keys [insert the public key]
chmod 600 /home/gabri/.ssh/authorized_keys
chown gabri:gabri /home/gabri/.ssh/authorized_keys

Activating the new configuration
systemctl restart sshd

Try connecting with the new user
ssh -i ~/.ssh/vps-hetz.web-server.key -p 44933 gabri@<your_host>

Access to Docker
By default, Docker can only be used as root. In order use Docker (without sudo) the user 'holu' has to be a member of the 'docker' group.
sudo usermod -aG docker gabri

Note: Users in the 'docker' group effectively have root privileges
Firewall setup and config : [https://community.hetzner.com/tutorials/debian-base-configuration-docker#step-3---firewall-setup]
Copying file to remote
scp -i ~/.ssh/vps-hetz.web-server.key -P 44933 -p gabri_deiverbum-20201107.sql.gz .env Makefile TODO.txt docker-compose.yml gabri@168.119.234.244:/home/gabri/devops/deiverbum

-p preserva le date di modifica
se si vuole copiare ricorsivamente usare -rp
Creating network to bridge all the containers

Creating network to bridge all the containers
docker network create nginx-proxy

From now on, we need to ensure that we’re always adding new containers to the nginx-proxy Docker network
In docker-compose we have /var/run/docker.sock:/tmp/docker.sock line accomplishes. Essentially, this gives any container access to the host’s Docker socket, which contains information about a variety of Docker events, such as creating a new container, or shutting one down.
Every time you add a container, nginx-proxy sees the event through the socket, automatically creates the configuration file needed to route traffic, and restarts nginx to make the changes available immediately. nginx-proxy looks for containers with the VIRTUAL_HOST variable enabled, so that’s critical to our operations moving forward.