form per la riffa https://goo.gl/iUfYkn codice del workshop https://github.com/liuggio/docker-workshop

0_README.md

Creare macchina virtuale

$ docker-machine create one -d virtualbox

docker-machine ssh one

edit /var/lib/boot2docker/profile (sotto debian /etc/default/docker)

EXTRA_ARGS='
 --registry-mirror=https://192.168.2.174:5000
  --insecure-registry=192.168.2.174:5000
'
exit;

docker-machine restart one;
docker-machine ssh one
docker pull alpine

 https://tmate.io/t/ro-qxlYiO1WrcUkKxNXbZdSucZlH
 ssh ro-qxlYiO1WrcUkKxNXbZdSucZlH@fk2.tmate.io

Images used in the workshop:

docker pull alpine
docker pull redis:alpine
docker pull nginx
docker pull avthart/consul-template
docker pull gliderlabs/registrator
docker pull progrium/consul
docker pull mongo
exercise:
docker pull atbaker/nginx-example
docker pull alpine
docker pull golang:1.5-alpine

1_exercise_basic-server.md

A basic webserver

Pull down this Docker image from the Docker Hub: atbaker/nginx-example

This Docker image uses the Nginx webserver to serve a static HTML website.

Start a new container from the atbaker/nginx-example image that exposes port 80 from the container to port 8000 on your host.

Open a web browser and go to http://localhost:8000

2_exercise_basic-server.md

Your webserver

Goal of the exercise:

Use the image of the above exercise atbaker/nginx-example and modify /usr/share/nginx/html/index.html in order to have: with

3_exercise_cleanup.md

You have to cleanup your local images and old containers regulary. Write a single line command to delete all container exited

4_a_secomp_cmod.md

Wow chmod doesn't work

$ echo ' { "defaultAction": "SCMP_ACT_ALLOW","syscalls": [ { "name": "chmod","action": "SCMP_ACT_ERRNO"} ] }' > chmod.json && cat chmod.json | jq .

{
  "defaultAction": "SCMP_ACT_ALLOW",
  "syscalls": [
    {
      "name": "chmod",
      "action": "SCMP_ACT_ERRNO"
    }
  ]
}

$ docker run --security-opt seccomp:chmod.json alpine /bin/sh -c "touch a;chmod 777 a;"

$ docker run --cap-drop=CHOWN

The goal here is to block and then unblock the unshare command

Given the template: docker run SECOMP-OPTIONS alpine /bin/sc -c "unshare --user --pid echo hello". find the proper secomp options SECOMP-OPTIONS and create two docker run commands in order to have:

1. a failure with the first command.

2. a "hello" with the second command.

4_b_slow_down_that_cnt.md

Reduce it!

Your client is not paying and you want to reduce his/her nginx container litiming read ps to 1mb.

Execute an nginx container with a single cpu, with read and write on 1mb per second

5_attachment_test.sh

#!/usr/bin/env sh

docker build  -t test-bashd . || exit 1
pid=$(docker run -d -p 8080:8080 test-bashd)
wget -O /tmp/index.html localhost:8080 || exit 2

docker logs $pid
docker rm -f $pid;

echo "\n\n\n--------------------\nBuild ok!"
exit 0;

5_Dockerfile_bash_http_server.md

The HTTP bash server

The goal is to write your Dockerfile, build it with a tag name, and run exposing the 8080 port.

using the 6_attachment_test.sh you can test if it worked :)

5a_backup_state.md

Backup state!

Committing (saving) a container state writing 2 commands that:

1. Pick an image and run a container that writes to a log file in /var/log/log.log every second call it daemon
2. While damon is running, create and run a second daemon starting from the container's volume of daemon.

6a_exercise_volume.md

Prove that

• if you don't modify the filesystem into the container: docker run -d -v /usr/share/nginx/html --name mynginx nginx creates a directory under /var/lib/docker/volumes/?
• If you create a container with no volumes, and a new file was created... what's up to that file when container is stopped?
• If you create a container from a dockerfile that has a volume, is in the aufs?

6b_exercise_sharing_logs.md

Share the logs

Given the nginx container, create another container that shows the nginx log

7_machine.md

Machine create

Create those machines

$ docker-machine create -d virtualbox consul && \ 
docker $(docker-machine config consul) pull nginx

$docker-machine create -d virtualbox manager && \
      docker-machine create -d virtualbox ag1 && \
      docker-machine create -d virtualbox ag2

git clone liuggio/workshop.git

7a_compose_build_from_email.md

Build that

Using the main.go application create a Dockerfile and a docker-compose.yml to run in production.

Email from dev to you dev-operator

Hi dev-ops mate,
you have to deploy this great application I made!

I suggest you to use docker-compose 

ps: you need to run `go get gopkg.in/mgo.v2` then `go build main.go` than `./main.go`
pps: remember to change the mongo ip, the db name would change in the future.
ppps: I suggest you to use `golang:1.5-alpine`

bye!

dev.

main.go

package main

import (
	"fmt"
	"net/http"
	"gopkg.in/mgo.v2"
	"gopkg.in/mgo.v2/bson"
	"time"
)

type Ping struct {
	Id   bson.ObjectId `bson:"_id"`
	Time time.Time     `bson:"time"`
}

func handler(w http.ResponseWriter, r *http.Request) {

	session, err := mgo.Dial("localhost")
	if err != nil {
		panic(err)
	}
	db := session.DB("aaa")
	defer session.Close()

	ping := Ping{
		Id:   bson.NewObjectId(),
		Time: time.Now(),
	}

	db.C("pings").Insert(ping)
	// get all records
	pings := []Ping{}
	db.C("pings").Find(nil).All(&pings)

	fmt.Fprintf(w, "%s", pings)
}

func main() {
	http.HandleFunc("/", handler)
	http.ListenAndServe(":8080", nil)
}

7b_compose_blue_green.md

Duplicates services

Improving the docker-compose.yml you created in the exercise 7a, are you able to have 2 golang services one called blue and the other called green, also the green network and blue network?

Eccolo :)
docker run -p 8086:1500 -d alpine /bin/sh -c "while true; do echo -e 'HTTP/1.1 200\n\n$(date)\n' | nc -v -l -p 1500; sleep 1; done"