Docker

Please enable Javascript to see TOC.

Setup Docker with Password Store

After you installed docker, normally your credentials are stored unencrypted on disk:
$ docker login docker.mycompany.net
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /home/krach/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
$
If you check your configuration file, you can simply read the password:
$ cat .docker/config.json
{
        "auths": {
                "docker.mycompany.net": {
                        "auth": "VGhpc0lzTXlTZWNyZXRQYXNzd29yZAo="
                }
        }
}
$ echo VGhpc0lzTXlTZWNyZXRQYXNzd29yZAo= | base64 -d
krach:ThisIsMySecretPassword
$

Setting up GnuPG

Setting up GnuPG and pass according this guide.

Install docker-credential-pass

$ sudo apt install golang-docker-credential-helpers
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  golang-docker-credential-helpers
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
[...]
$ docker-credential-pass list
{}
$

Configure docker-credential-pass

Set the pass password manager to your .docker/config.json:
{
  "credsStore":"pass"
}
Then login to docker:
$ docker login docker.mycompany.net
Username: krach
Password:
Login Succeeded
$
$
$ pass list
Password Store
└── docker-credential-helpers
    ├── ZG9ja2VyLm15Y29tcGFueS5uZXQK
    │   └── krach
$
$
$ docker-credential-pass list
{"docker.mycompany.net":"krach"}
$

Tidy Up

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
4ea1fd16c747        axos-test:test1     "/bin/bash"         16 hours ago        Exited (2) 6 minutes ago                        amazing_mclean
96713c6b63cf        axos-test:test1     "/bin/bash"         16 hours ago        Exited (130) 16 hours ago                       hungry_chaum
39e762ac4954        debian:stretch      "/bin/bash"         16 hours ago        Exited (0) 16 hours ago                         axos-test
5a5ee60e15fa        debian:stretch      "/bin/bash"         16 hours ago        Exited (0) 2 seconds ago                        admiring_snyder
c255b556f3d3        debian:stretch      "/bin/bash"         16 hours ago        Exited (0) 2 seconds ago                        happy_pike
$
$ docker container rm c255b556f3d3 5a5ee60e15fa 96713c6b63cf
c255b556f3d3
5a5ee60e15fa
96713c6b63cf
kkr@host137:~$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
4ea1fd16c747        axos-test:test1     "/bin/bash"         16 hours ago        Exited (2) 7 minutes ago                       amazing_mclean
39e762ac4954        debian:stretch      "/bin/bash"         16 hours ago        Exited (0) 16 hours ago                        axos-test
$
When a container is running by accident, you can stop it by docker stop [CONTAINER ID].

To remove all (unused) images - images without running container - type in:

$ docker image prune -a -f
Deleted Images:
[...]
deleted: sha256:8f81bb0664a1cb46d3e10fac077537a901f65288c7ce878182162465f64e59d8
deleted: sha256:06c7a857c13a25adc77b72794d3f32f3b2755292faf569096673a70d9fa91b7e
deleted: sha256:95129a5fe07e89c1898dc40a027b291d5fe33a67b35a88f0f0eaf51ea691f0b5

Total reclaimed space: 43.09GB
$ 

To remove images explicitly type in:

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
axos-test           test2               2ce200c69dcf        7 minutes ago       1.27GB
axos-test           test1               c98cd4a31a03        16 hours ago        218MB
axos-test           latest              8c7d9cf203ed        16 hours ago        218MB
debian              stretch             5a6d49d5e833        2 weeks ago         101MB
ubuntu              latest              47b19964fb50        5 months ago        88.1MB
hello-world         latest              fce289e99eb9        6 months ago        1.84kB
$
$ docker image rm 5a6d49d5e833 8c7d9cf203ed
Untagged: axos-test:latest
Deleted: sha256:8c7d9cf203edefb79fc2784e12c6e2c8beb3597142da184e6ae9014607299e8c
Error response from daemon: conflict: unable to delete 5a6d49d5e833 (cannot be forced) - image has dependent child images
$
Volumes occupy disk space as well:
$ docker volume ls
DRIVER    VOLUME NAME
local     misc_persistence_across_containers
local     mrt.base.fsw-ccache
local     mrt.base.fsw-home-cache
local     vscode
$ docker volume prune
WARNING! This will remove anonymous local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
$ docker volume rm misc_persistence_across_containers mrt.base.fsw-ccache mrt.base.fsw-home-cache vscode
misc_persistence_across_containers
mrt.base.fsw-ccache
mrt.base.fsw-home-cache
vscode
$ docker volume ls
DRIVER    VOLUME NAME
$ 

Install and Launch Debian

Creation and launch of a debian image (see Debian Tags):
$ docker pull debian:stretch
stretch: Pulling from library/debian
a4d8138d0f6b: Pull complete 
Digest: sha256:397b2157a9ea8d7f16c613aded70284292106e8b813fb1ed5de8a8785310a26a
Status: Downloaded newer image for debian:stretch
docker.io/library/debian:stretch
$
$ docker run --name axos-test -it debian:stretch /bin/bash
root@8cf2b0299b0f:/# ls
bin   dev  home  lib64	mnt  proc  run	 srv  tmp  var
boot  etc  lib	 media	opt  root  sbin  sys  usr
root@8cf2b0299b0f:/# exit
$
$ docker start axos-test
$ docker attach axos-test
root@8cf2b0299b0f:/#
The launch can be parameterized with the following flags:
#
# Now the compilation can be started with
#     $ docker run -it --rm --user $(id -u):$(id -g) --mount type=bind,src=$(pwd)/..,target=/docker/doos --mount type=bind,src=$HOME/.ssh,target=/home/test/.ssh,readonly doos/build:1.3.3 /usr/bin/make -C /docker/doos
# or
#     $ docker run -it --rm --user $(id -u):$(id -g) -v $(pwd)/..:/docker/doos -v $HOME/.ssh:/home/test/.ssh:ro doos/build:1.3.3 /usr/bin/make -C /docker/doos
#

Copy Files into Container

With the command docker cp we can copy any file into a running docker container:
$ docker container ls
CONTAINER ID   IMAGE       COMMAND       CREATED          STATUS          PORTS     NAMES
c9841492ea83   yocto:1.1   "/bin/bash"   24 minutes ago   Up 24 minutes             mystifying_wilson
$ docker cp myfile c9841492ea83:/home/root/
$ 

Dockerfile

With a Dockerfile you can script commands in a docker image - and e.g. also create new containers:
# Dockerfile to create build-environment image
#
# To be executed with 'docker build --tag doos/build:1.3.3 .'
#
# Errata:
#   * does not work with host user-ID other than 1000 (check with `id -u`)
#
FROM debian:jessie
RUN dpkg --add-architecture i386
RUN apt-get --yes update
RUN apt-get --yes install apt-utils
RUN apt-get --yes upgrade
RUN apt-get --yes install git make g++ cmake bison flex gettext texinfo bzip2 wget cpio python unzip whois lib32z1 openssh-server libncurses5-dev lua5.1 curl libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386 bc u-boot-tools kmod subversion vim-tiny
RUN apt-get --yes clean
RUN adduser --disabled-password --gecos '' worker
RUN echo "test:test" | chpasswd
RUN /etc/init.d/ssh start

Saving Changes

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
39e762ac4954        debian:stretch      "/bin/bash"         2 minutes ago       Exited (0) 3 seconds ago                        axos-test
8cf2b0299b0f        debian:stretch      "/bin/bash"         21 minutes ago      Exited (0) 2 minutes ago                        happy_proskuriakova
5a5ee60e15fa        debian:stretch      "/bin/bash"         23 minutes ago      Up 23 minutes                                   admiring_snyder
c255b556f3d3        debian:stretch      "/bin/bash"         24 minutes ago      Up 24 minutes                                   happy_pike
a99f5345f004        debian:stretch      "bash"              25 minutes ago      Exited (0) 25 minutes ago                       trusting_fermat
$
$ docker commit 39e762ac4954 axos-test:test1
$
$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
axos-test           test1               c98cd4a31a03        6 seconds ago       218MB
axos-test           latest              8c7d9cf203ed        20 seconds ago      218MB
debian              stretch             5a6d49d5e833        2 weeks ago         101MB
$
$ docker run -it axos-test:test1 /bin/bash
$