Install the Docker Engine on your host and run your first container.
ssh into your group’s host server, and switch to the “root” user:
$ sudo -s
#If your instructor says that docker has already been installed, jump straight to the section headed “Test docker”
Run each of the following commands one by one. There are some long ones, so just copy-paste them (without the leading # of course).
They are based on the steps from the docker installation instructions and are explained in more detail there, with a slight modification required to use our local apt package cache.
# apt-get remove docker docker-engine docker.io containerd runc
<<< it doesn't matter if it says none of these are installed >>>
# apt-get update
# apt-get install ca-certificates curl gnupg lsb-release
<<< it doesn't matter if it says these are already installed >>>
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
<<< if you get a warning about "unsafe ownership on homedir '/home/mnnog/.gnupg'" you can ignore it >>>
# echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] http://HTTPS///download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >/etc/apt/sources.list.d/docker.list
# apt-get update
# apt-get install docker-ce docker-ce-cli containerd.io
<< confirm with "y" to continue >>>We don’t want everyone in the class to fetch container images directly over the Internet from docker hub - this would be very slow.
There is a local registry cache running on s1.ws.nsrc.org, so now we’ll configure your host to fetch images via that.
Create a file /etc/docker/daemon.json using your preferred editor, and paste in the following contents exactly:
{
"registry-mirrors": ["http://s1.ws.nsrc.org:5000"]
}Restart the docker daemon, and check that it’s running:
# systemctl restart docker
# systemctl status dockerYou are now going to fetch a container image and run your first container.
Run the following command and read the output:
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:37a0b92b08d4919615c3ee023f7ddb068d12b8387475d64c622ac30f45c29c51
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
...Look at your running containers. There should be none, because this container stops as soon as it has run:
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# Look at all containers, including stopped ones:
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bdfcf93f9eb3 hello-world "/hello" About a minute ago Exited (0) About a minute ago great_pikeYours will have a different ID and name, as these are generated randomly.
Remove the container, using either its ID or its name:
# docker rm great_pike
great_pikeHave a look at the container images that are now stored locally on your machine:
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 4 weeks ago 13.3kBThis is a very small test image (look at the size) - but since we won’t be using this image again, you can be tidy and remove it.
# docker rmi hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:37a0b92b08d4919615c3ee023f7ddb068d12b8387475d64c622ac30f45c29c51
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Deleted: sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359If you ever needed it again, it would be automatically re-downloaded.
It’s possible to allow non-root users to talk to the docker daemon, by adding them to the docker group.
However we do not recommend this.
The docker daemon runs as root and is known to be insecure. If you give anyone access to docker, you are in effect giving them root access to your entire system!
There is a fairly recent rootless mode for docker, but it’s more work to set up.