At times if you dont want to always pull the image from image registry which takes time to pull if the image’s are heavy, it makes sense to save the image and use it offline. This avoids to always pull the image from the registry.

Save the image once into tar file and reuse the images.

To Save image use follwoing command

First pull the image from repository

docker pull httpd

docker image save httpd -o httpdimage.tar

Get the image from the tar file instead pulling it from the registry

docker image load -i httpdimage.tar

Docker Security

April 28, 2022 / sandeeppote / 0 Comments

Docker engine consists of Docker Daemon, Rest API and Docker CLI

To access the containers through Docker CLI the request is sent to Rest API and then to Docker Daemon to serve the request.

Docker Daemon service is accessible from within the host using unix socket which located in /var/run/docker.sock file

Applications can access the Docker daemon service from outside the host.

For accessing the docker daemon from outside the host securely configure /etc/docker/daemon.json when it is absolutely necessary

Setup the following in daemon.json file

{
   "hosts": ["tcp://hostip:2376"],
   "tls": "true",
   "tlscert": "/var/docker/server.pem",
   "tlskey": "/var/docker/serverkey.pem"
}

The above configuration help to connect to the Docker Daemon securely and in encrypted manner. On client run the docker command with tls set to true

docker --tls=true
OR 
export DOCKER_TLS=true
export DOCKER_HOST="tcp://hostip:2376"

Port 2376 allows to connect securely to Docker Daemon service.

But the above can be connected without authentication.

Access Docker Daemon using Certificate based Authentication

To access the Docker Daemon with certificate based authentication use following configuration-

{
   "hosts": ["tcp://hostip:2376"],
   "tls": "true",
   "tlscert": "/var/docker/server.pem",
   "tlskey": "/var/docker/serverkey.pem"
   "tlsverify": true,
   "tlscacert": "/var/docker/caserver.pem"
}

Here the tls_verify option enables certificate authentication based connection.

–tls will enable the connection with encryption

Clients with signed certificate will be able to access the host.

Client need to connect using following-

docker --tlsverify --tlscert=<<client.pem>> --tlskey=<<clientkey.pem>> --tlscacert=<<cacert.pem>>

Above can be also configured in ~/.docker file

Docker Restart Policies

February 15, 2022 / sandeeppote / 1 Comment

To setup restart policy to the container, use following command-

docker run --restart=<<policy option>> <<container>>

Following are the options for the container restart-

no (default)
on-failure
always
unless-specified

Following is the matrix for the restart policies-

* – this will start when the Docker daemon is started

Above is applicable if the container starts successfully

Live Restore

If you want to keep container running if the Docker daemon crashes or stops use the live restore option. This reeduces the container downtime due to daemon crashes or planned outages or upgrades.

Update the /etc/docker/daemon.json in Ubuntu system and add option live-restore:true

Docker storage for Ubuntu

January 19, 2022 / sandeeppote

Docker uses storage drivers to store the read-only images and writable containers

It basically has 6 layers

Read-only/Image Layers

Base Image e.g. Ubuntu OS
Packages/Repositories e.g. apt etc
Dependencies e.g. pip etc
Custom Code e.g. python code etc
Enrtypoint or command i.e. excutes the program

Writable Layer

6. Container Layer

Layers of a container based on the Ubuntu image

Data and files related to images and containers are store in /var/lib/docker folder in Ubuntu

To check the storage driver used by the docker, use following command-

docker info | more

Im my case it is overlay2

You can also use this command to get the storage driver

docker info | grep "Storage Driver"

How to change the storage driver

Stop the Docker service

systemctl stop docker.socket
systemctl stop docker

Check the docker service status

service docker status

Backup the docker folder

cp -au /var/lib/dovker /var/lib/docker.bk

Change the storage driver

echo '{ "storage-driver": "aufs" }' | sudo tee /etc/docker/dameon.json

service docker start

Image credit and reference links –

https://docs.docker.com/storage/storagedriver/

https://docs.docker.com/storage/storagedriver/overlayfs-driver/

Create a file in Linux

December 7, 2021 / sandeeppote

Create a file with touch command

To create a new file, use touch command followed by the name of the file-

This should create a empty file.

touch thirdfile.txt

To create multiple files using touch command-

touch thirdfile-1.txt thirdfile-2.txt

Create a file with cat command

To create a new file with cat command use redirection operator followd by file name.

This will allow to add content to the file

cat > fourthfile.txt

Cratea a file using echo command

To create a new file using echo command use redirection operator followed by file name will create empty file or add content before redirection operator to add content while creating a file.

echo "This is fifth file." > fifthfile.txt

Create a empty file with echo command

echo > sixthfile.txt

Ubuntu – Package Management

December 6, 2021 / sandeeppote

DPKG – Debian Package Manager used to install, uninstall, list and check the status of the package

It comes with .deb file.

DPKG does not honour dependecies hence we need to use APT for Ubuntu

APT stands for Advanced Packaging Tool and relies on DPKG

Use apt update command to refresh the repository-

sudo apt update

Use apt upgrade to upgrade exisitng package-

sudo apt upgrade

To install a package-

sudo apt install <package name>

To uninstall or remove package-

sudo apt remove <package name>

To search package e.g:- python-dev

sudo apt search python-dev

To list all the packages in repository-

sudo apt list

Linux File Types

December 5, 2021 / sandeeppote

Everything in Linux is file

There are following type of files-

Regular files – Images/scripts/configuration and Data files

Directory – Type of files which saves other files and directories

Special files – have other types

Character Files – Represent devices – like Mouse and keyboards
Block Files – Represent block devices that writes data in chunk to the devices like HDD and RAM
Links – Hard links and Soft Links
Socket Files – enables the commnuication between 2 process
Named Pipes – passes data from one process to another

Use file command to get the file type-

file <<filename>>

Use ls -ld command to get the file type-

ls -ld firstfile.txt

First character represents the file type

Identifier	File Type
d	Directory
–	Regular File
c	Character Device
l	Lin
s	Socket File
p	Pipe
b	Block Device

Filesystem Hierarchy

/- Root Partition

/opt – any third party program should be put in this directory

/mnt- mounts the file system from external network temporary to this folder

/tmp- copy any temporary files to this location

/media – copy any media files in this folder

/dev – contains the file character device file like external devices like mouse and keyboard

/bin – basic programs and binaries are located in this directory

/etc – configuration files

/lib and /lib64 – contains shared libraries

/usr – user related data reside in this folder

/var – system writes data such as logs

Linux Runlevels

December 5, 2021 / sandeeppote

A runlevel is a categorization number that determines what services are started and
what services are stopped

Runlevel #	Name	Description
0	Halt	All services are shut down and the server is stopped
1	Single User Mode	The root account is automatically logged in to the server and other users cannot log in to the server
2	Multiuser Mode	Users can log in to the server through CLI and network service are not started
3	Extended Multiuser Mode	Users can log in to the server through CLI and network service are started
4	User Defined	User can cusomize the runlevel
5	Graphical Mode	User can log in through CLI and GUI with network services started
6	Reboot	The server is rebooted