book

Troubleshooting Docker

Name: Troubleshooting Docker
ISBN: 9781783552344

by Vaibhav Kohli, Rajdeep Dua, John Wooten

March 2017

Intermediate to advanced

290 pages

5h 35m

English

Packt Publishing

Read now

Unlock full access

Troubleshooting Docker
Troubleshooting Docker
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Understanding Container Scenarios and an Overview of Docker
Decoding containersOS containersApplication containersDiving into DockerAdvantages of Docker containersDocker lifecycleDocker design patternsBase image sharingShared volumeDevelopment tools containerTest environment containersThe build containerThe installation containerThe service-in-a-box containerInfrastructure containers
Unikernels
Summary
2. Docker Installation
Installing Docker on UbuntuPrerequisitesUpdating package informationAdding a new GPG keyTroubleshootingAdding a new package source for DockerUpdating Ubuntu packagesInstall linux-image-extraOptional - installing AppArmorDocker installation
Installing Docker on Red Hat Linux
Checking kernel versionUpdating the YUM packagesAdding the YUM repositoryInstalling the Docker packageStarting the Docker serviceTesting the Docker installationChecking the installation parametersTroubleshooting tips
Deploy CentOS VM on AWS to run Docker containers
Checking kernel versionUpdating the YUM packagesAdding the YUM repositoryInstalling the Docker packageStarting the Docker serviceTesting the Docker installationChecking the installation parameters
Installing Docker on CoreOS
Installation channels of CoreOSTroubleshooting
Installing Docker on Fedora
Checking Linux kernel VersionInstalling with DNFAdding to the YUM repositoryInstalling the Docker package
Installing Docker with script
Running the Docker installation script
Installing Docker on SUSE Linux
Launching the SUSE Linux VM on AWSChecking Linux kernel versionAdding Containers-ModuleInstalling DockerStarting Docker serviceChecking the Docker installationTroubleshooting
Summary
3. Building Base and Layered Images
Building container imagesOfficial images from the Docker RegistryUser repositoriesBuilding our own base imagesBuilding images using the scratch repositoryBuilding layered imagesBuilding layered images using DockerfilesDockerfile constructionDockerfile commands and syntax
Image testing and debugging
Docker details for troubleshootingDocker versionDocker infoA troubleshooting note for Debian/UbuntuListing installed Docker imagesManually crank your Docker imageExamining the filesystem state from cacheImage layer IDs as debug containersAdditional exampleChecking failed container processesOther potentially useful resourcesUsing sysdig to debugSingle step installationAdvanced installationWhat are chisels?Troubleshooting - an open community awaits you
Automated image building
Unit tested deploymentsAutomating tested deployments
Summary
4. Devising Microservices and N-Tier Applications
Hype or hubris
Monolithic architecture
N-tier application architecture
Building a three-tier web application
Microservices architecture
The path to modernityMicroservices architectural patternCommon characteristics of microservicesAdvantages of microservicesMicroservices at scalabilityDisadvantages of microservicesConsiderations for devising microservicesMitigating the disadvantagesManaging microservicesReal-world exampleAutomated tests and deploymentsAutomated testingDesigning for failureDockunit for unit testsAutomated deploymentsDecoupling N-tier applications into multiple imagesBuilding an N-tier web applicationMaking different tiers of applications work
Summary
5. Moving Around Containerized Applications
Redistributing via Docker registryDocker public repository (Docker Hub)Private Docker registry
Pushing images to Docker Hub
Installing a private local Docker registryMoving images in between hostsEnsuring integrity of images - signed images
Docker Trusted Registry (DTR)
Docker Universal Control Plane
Summary
6. Making Containers Work
Privileged containersTroubleshooting tips
Super-privileged container
Troubleshooting - Docker containers at scale
Puppet
ImagesContainersNetworkingDocker composeTroubleshooting tips
Ansible
Automating Docker with AnsibleAnsible ContainerTroubleshooting tips
Chef
Summary
7. Managing the Networking Stack of a Docker Container
Docker networking
docker0 bridge
Troubleshooting Docker bridge configurationConnecting containers to the external worldReaching containers from the outside world
Configuring DNS
Troubleshooting communication between containers and the external network
Restricting SSH access from one container to anotherLinking containers
libnetwork and the Container Network Model
CNM objectsSandboxEndpointNetworkNetwork controllerCNM attributesCNM life cycle
Docker networking tools based on overlay and underlay networks
FlannelWeaveProject Calico
Configuring an overlay network with the Docker Engine swarm node
Comparison of all multi-host Docker networking solutions
Configuring OpenvSwitch (OVS) to work with Docker
Troubleshooting OVS single host setupTroubleshooting OVS multiple host setups
Summary
8. Managing Docker Containers with Kubernetes
Deploying Kubernetes on Bare Metal machine
Troubleshooting the Kubernetes Fedora manual setup
Deploying Kubernetes using Minikube
Deploying Kubernetes on AWS
Deploying Kubernetes on vSphere
Kubernetes setup troubleshooting
Kubernetes pod deployment
Deploying Kubernetes in a production environment
Debugging Kubernetes issues
Summary
9. Hooking Volume Baggage
Avoiding troubleshooting by understanding Docker volumes
Default case storing data inside the Docker container
Data-only container
Creating a data-only containerSharing data between the host and the Docker container
Host mapped volume backed up by shared storage
FlockerIn the Flocker client nodeConvoy Docker volume plugin
Docker storage driver performance
UFS basicsUFS - terminologyUFS - issuesAuFSDevice MapperHow device-mapper is used by DockerBTRFS
Summary
10. Docker Deployment in a Public Cloud - AWS and Azure
Architecture of Amazon ECS
Troubleshooting - AWS ECS deployment
Updating Docker containers in the ECS cluster
Microsoft Azure container service architecture
Troubleshooting - The Microsoft Azure Container Service
Docker Beta for AWS and Azure
Summary

Content preview from Troubleshooting Docker

Super-privileged container

This concept is introduced in one of the Project Atomic blogs, by Redhat. It provides the capability to use a special/privileged container as an agent to control the underlying host. If we ship only the application code, we risk turning the container into a black box. There are many benefits to the host of packaging up an agent as a Docker container with the right access. We can bind in devices via -v /dev:/dev, which will help to mount devices inside the container without needing super-privileged access.

Using nsenter trick, allows you to run commands in another namespace, that is, if Docker has its own private mount namespace, with nsenter and the right mode we can reach out to the host and mount things in its namespace. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781783552344

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Troubleshooting Docker

by Vaibhav Kohli, Rajdeep Dua, John Wooten

Super-privileged container

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.