Install the Docker Engine and run your first container.
You will be working in groups. Use your AWS instance “groupX-server” unless told otherwise by your instructors.
Make a console connection to your AWS instance, so you have a prompt similar to this:
ubuntu@ip-10-30-0-74:~$ Get a root shell, by typing sudo -s. The prompt should
change so that it ends with a ‘#’:
root@ip-10-30-0-74:/home/ubuntu#In the following commands, the prompt is shown as ‘#’. Don’t copy the ‘#’ itself.
You are now going to use the “convenience script” to install docker engine, Community Edition:
# curl -fsSL https://get.docker.com -o get-docker.sh
# sh get-docker.shIf successful, it should report the versions of the client and server, and give some security warnings about rootless docker and non-root access.
You are now going to fetch a container image and run your first container.
Run the following command and check if it outputs like this:
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
e6590344b1a5: Pull complete
Digest: sha256:ec153840d1e635ac434fab5e377081f17e0e15afab27beb3f726c3265039cfff
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
...Look at your running containers. There should be none, because this container stops as soon as it has run:
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# Look at all containers, including stopped ones:
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bdfcf93f9eb3 hello-world "/hello" About a minute ago Exited (0) About a minute ago great_pikeYours will have a different ID and name, as these are generated randomly.
Remove the container, using either its ID or its name - remember to replace “great_pike” with whatever name was generated for your container:
# docker rm great_pike
great_pike
# Have a look at the container images that are now stored locally on your machine:
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 4 weeks ago 13.3kBThis is a very small test image (look at the size) - but since we won’t be using this image again, you can be tidy and remove it.
# docker rmi hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:37a0b92b08d4919615c3ee023f7ddb068d12b8387475d64c622ac30f45c29c51
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Deleted: sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359If you ever needed it again, it would be automatically re-downloaded.
It’s possible to allow non-root users to talk to the docker daemon,
by adding them to the docker group.
However we do not recommend this.
The docker daemon runs as root and is known to be insecure. If you give anyone access to docker, you are in effect giving them root access to your entire system!
There is a fairly recent rootless mode for docker, but it’s more work to set up.