Introduction to Docker usage

English version | Version Française

Abstract

In addition to the virtual machine (VM) we will use Docker to separate the different applications. The goal of this exercice is to install 3 containers:

  • a mysql Docker that will serve as the database;
  • a phpmyadmin Docker to drive this database;
  • a Docker nginx which will be the basic web server and will also serve as a as a reverse proxy by ensuring the distribution of requests in the different containers;

Objectives

  • Learn how to manipulate Docker containers;
  • Know how to configure Dockers via the launch options ;
  • Know how to configure Dockers by sharing some configuration files with the host machine;
  • Manage the internal networks of Dockers.

Notation

We will grade this TP based on the work done. To do so, you must report the IP address of your VM in Tomuss: IP_TP_Docker.

Before starting

You must destroy your VMs created last time (except in special cases).

  • Create one VM per student
  • based on the Ubuntu 22.04.1 LTS - Docker Ready image
  • with the m1.xsmall flavor
  • once the VM is started add the teacher's SSH public key to it by applying the following command.
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4fp5+2v2t5LjEckY6V3lNPPf8qIXEsZIVZvL0bnqY+f+zyPHhdyMS/r5qH8lpeB8CHjKwQRp3ttF1zZ5v7A4cel/2uXccun/gwf96s5Kpm5j8KzKwQbkigb/5Q69GC4pNA0b6u7QQ3kXTghaSFkuVlmqueoaw9sO9udYRXSVk9FX48F8OxkkwYMlUIacAU69udhvrpcUGBDn+t2Q696OUGl/4CZtHP4me3otOCFp6v3dGbY0ccu5at1aRaOmLH0XTtxRNSny3d1vpsgguAIT/PJJAjeuGCAWApNvJIYiQi4z0f6MSsjaIPwWtBakkNWPMkxP5Gph3x6qkkzyHMsoD jp@h2g2" >> /home/ubuntu/.ssh/authorized_keys

I. Installing a first Docker : mysql

As for many known servers, there are several images that allow the installation of mysql very simply.

  • Search the list of Dockers providing mysql, (command docker search) you will see that they are ranked by default thanks to a recommendation system via stars. What are the 3 best rated ?
  • Search in the same way on the Docker Store. This site gives more details including the different versions for an image, the Dockerfile,...

You have to know how to recognize quickly the quality of an image, in the example, you have several possibilities (we exclude mariadb, a fork of mysql which appeared after the purchase of the company by the Oracle firm, it is very close to mysql and we won't use it here):

The documentation for this one is much more extensive and seems to offer a lot of configuration options, this is the one you will choose.

  • What are the proposed versions and how do you recognize the latest one?
  • Download the image of the version 5.7.27 (docker pull ...)
  • Check that the image is downloaded, its name and its tag.
  • Launch a first Docker based on this image whose :
    • name is docktest;
    • hostname is test;
    • with a random root password.

Note the administrator's password.

At runtime a lot of information is displayed. In fact, by default the launch blocks the terminal and displays all the results of the command. Among these you can note the line GENERATED ROOT PASSWORD: ... which contains the administrator password of the database. In the following, you will probably use the -d option to run the Docker in a detached, the information will no longer be displayed, but kept and available via the command docker logs ....

  • With the command docker inspect ... find the address assigned to the Docker.
  • Can you connect to the mysql server with the telnet command (the default port is 3306).
  • Can you do it via the mysql command?

It is always possible to install the mysql client on your VM, but here, we will use the one that is in the Docker. Indeed, you can always add a process to the container via the command docker exec ...

  • Using the command docker exec -it YOURDOCKERNAME mysql -u root -pPASSWORD connect to the mysql server.
  • Run a Bash shell in the Docker (command docker exec -it ...) and create a /toto.txt file containing the string coucou at the root of the Docker.
  • Exit the Docker and try to find the file on the VM. To do this, you can use docker inspect ... especially the Data part. What do the MergedDir and UpperDir directories and the LowerDir directory represent? (it is better to be root for this question: sudo su -)

Sharing volumes

mysql is a database that stores its data in the /var/lib/mysql directory. In the current configuration, this directory is internal to the Docker and difficult to access. This can cause problems if you want to change the Docker without losing the stored data. To avoid this, you recreate the Docker by sharing the storage directory with the host machine. To do this you need to use the -v option of docker run.

  • Destroy the docktest Docker.

  • Recreate a Docker based on mysql 5.7.27 whose :

    • name is dockmysql;
    • hostname is mysql;
    • root password is passroot;
    • which shares the /var/lib/mysql directory of the Docker with the /home/ubuntu/docker/datatest/ directory of the VM.

  • After the Docker has finished booting (which takes some time) list the contents of of the /home/ubuntu/docker/datatest/ directory

  • Create a database by running the command mysql -u root -ppassroot -e 'CREATE DATABASE BASE_A;' in the Docker
  • Relist the same directory, what is the difference?

II. Address management and installation of an interface to mysql : phpMyAdmin

mysql is only a database server, you can only use it via SQL commands. To simplify its use, we usually add an interface like the software phpMyAdmin. It is a web interface allowing to to do most of the operations on the server. It is based on a code in php and thus a server able to interpret it.

  • Can we add phpMyAdmin to the mysql Docker to form a Docker with the server and the interface. If so why you should not?

You will use the Docker phpMyAdmin to set up the the interface. In the documentation do not follow the Usage with linked server which is deprecated. Use the method with an external server.

  • Create a Docker based on the latest version of phpMyAdmin :
    • whose name is dockMyAdm;
    • which shares the 8080 port of your VM with the 80 port of the Docker;
    • which uses the dockmysql Docker address as a database.
  • Log in to the web interface. Enter the login and password of the mysql administrator and create a new database : BASE_B. Note the changes in the shared directory.

Network management and Docker linking

This configuration system is not usable, because it requires to enter in the Docker or its configuration files to find an address that is managed by Docker. This means for example that if you program a web service to use the database, it will have to be modified if by chance the Docker is recreated with a different address. To remedy this you will use the ability to create networks and choose the addresses of the Docker containers.

Indeed, it is possible to choose the IP addresses of the Dockers, to choose the value of their environment variables. You can also set up their /etc/hosts file and give them a name in this network.

  • You must first create a user network via the command docker network create .... Be careful, you must use the subnet option to define the network.
  • Create a network with the name internal using the address range 172.18.100.0/24.
  • Shut down the dockmysql Docker Do not delete it.
  • then recreate a new mysql docker using the internal network (option --net), by assigning an address (option --ip) and associating a network alias (option --network-alias):
    • the name is dockbase ;
    • the hostname is basededonnee (in french) ;
    • the root password is passroot ;
    • which shares the /var/lib/mysql directory of the Docker with the /home/ubuntu/docker/datatest/ directory of the VM.
    • Using the address 172.18.100.10.
    • Using the base network alias

You may notice that as the new Docker shares the same data directory, the previously created databases and the administrator's password are already configured at launch.

  • Delete the Docker dockMyAdm and recreate it by modifying the server it administers. To do this create a Docker based on phpmyadmin/phpmyadmin :

    • whose name is dockMyAdm ;
    • which shares the 8080 port of your VM with the 80 port of the Docker ;
    • which uses dockbase as database;

  • After starting it, add dockMyAdm to the internal network (command docker network connect ...) by giving it the address: 172.18.100.11 and the alias pma.

  • Verify that dockMyAdm is in the same network as the Docker dockbase (with a docker inspect ...).

  • Can the VM contact these Dockers? Can another VM do it also ?

  • Reconnect to the web interface, everything should work and the previously created databases should should still be functional. This means that the mysql Docker is able to keep the existing data.

  • Create another database BASE_C and check its appearance in the the data share.

III. Dockers configuration

In general, to configure a service, it is required to modify files. But these files are internal to the Docker and therefore difficult to access. In addition, the most common edition tools (nano, vim, emacs ...) are not part of a classic container which makes this modification even more complicated. To solve the problem, we can :

  • Pre-configure the Docker via the Dockerfile or creation tools (see later);
  • Copy files between the VM and the Docker;
  • Use directory and/or file sharing between the VM and the Docker.

We will use the last method to configure a nginx reverse proxy.

The main configuration file for nginx is /etc/nginx/nginx.conf. We will start with a file copied from a working nginx Docker.

  • Create a Docker based on the last nginx image such that :

    • its name is dockFront ;
    • it is in the internal network with the address 172.18.100.15 ;
    • port 80 of the host is sent to port 80 of the Docker;
    • the file nginx.conf is linked to the Docker's /etc/nginx/nginx.conf file, the container must not be able to write to the file;
    • the /home/ubuntu/docker/nginx/ directory be linked to the Docker /www/ directory.

  • Check that the nginx server is working properly by going to http://IPDEVOTREVM/

  • Change the server configuration so that the root of the website is the shared directory /www/.

  • Change the server configuration so that the url http://IPDEVOTREVM/phpMyAdmin/ is returned to the Docker dockMyAdm. To do this you need to

    • use the configuration of nginx as reverse proxy
    • rebuild the Docker dockMyAdm
    • placing it directly in the internal network with the alias pma and the address 172.18.100.11 ;
    • by giving it the url by which it will be contacted via the PMA_ABSOLUTE_URI variable;
    • by removing the port forwarding (8080 to 80) because it is now useless.