Docker : Static Website

Before moving forward make sure, you have up and running Docker instance

1) Run a static website in a container

docker run -d seqvence/static-site

So, what happens when you run this command?Since the image doesn't exist on your Docker host, the Docker daemon first fetches it from the registry and then runs it as a containerThe -d flag enables detached mode, which detaches the running container from the terminal/shell and returns your prompt after the container starts

2) Verify if container in running state

docker ps

CONTAINER ID    IMAGE    COMMAND    CREATED   STATUS    PORTS   NAME

Sb3b30fab0bc2        seqvence/static-site   "/bin/sh -c 'cd /u..."   5 seconds ago       Up 4 seconds        80/tcp, 443/tcp     wizardly_hypatia

3) But running container like in step 1) will not expose ports running in container to host machine. So, we need mention following flags for mapping/publish container ports on Docker Host

• -d will create a container with the process detached from our terminal

• -P will publish all the exposed container ports to random ports on the Docker host

• -e is how you pass environment variables to the container

• --name allows you to specify a container name

• AUTHOR is the environment variable name and Your Name is the value that you can pass

docker run --name static-site -e AUTHOR="Your Name" -d -P seqvence/static-site

4) Now run below command to see how ports are published on docker host

docker port static-site443/tcp -> 0.0.0.0:3276880/tcp -> 0.0.0.0:32769

5) Try running http://docker-host:32768

6) If we need to map/publish custom host port to the container web server. Try running site 2 at the same time with custom port

docker run --name static-site-2 -e AUTHOR="Manoj Kumar" -d -p 8888:80 seqvence/static-site

docker ps

CONTAINER ID    IMAGE     COMMAND    CREATED       STATUS         PORTS          NAMES

c5d9d6bc66d1        seqvence/static-site   "/bin/sh -c 'cd /u..."   3 seconds ago       Up 3 seconds        443/tcp, 0.0.0.0:8888->80/tcp                   static-site-2

7) Try running http://docker-host:8888

NOTE: If you have stopped container and trying to start container again with different environment variable, if will through conflict as container already created and in stopped state. If you want to pass more/updated environment variables, 1st remove container and start again

Docker : failed to get default registry endpoint from daemon, permission denied

If you are getting error while running docker commands by non root user like


Warning: failed to get default registry endpoint from daemon (Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/info: dial unix /var/run/docker.sock: connect: permission denied). Using system default: https://index.docker.io/v1/
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.26/images/create?fromImage=alpine&tag=latest: dial unix /var/run/docker.sock: connect: permission denied


Add the non-root-user to group docker by updating /etc/group file or by running following command


usermod -aG docker non-root-user

Docker Basic Commands

Commands which are available to use in Docker to play with images or containers

## Download/Pull an image

docker pull alpine   ## alpine is an images located in local or docker hub repository

## List Docker images available locally

docker images

## Run Docker images

docker run alpine ls -l     #run command will look for image alpine locally if does not exist it will pull from docker hub, creates container and start/run a command in that container

docker run alpine echo "hello from alpine"

docker run alpine /bin/sh

Wait, nothing happened! Is that a bug? Well, no. These interactive shells will exit after running any scripted commands, unless they are run in an interactive terminal - so for this example to not exit, you need to docker run -it alpine /bin/sh

## List running containers

docker ps

## List all containers we ran

docker ps -a

## Run a container with attached tty

docker run -it alpine /bin/sh

This will drop you at /bin/sh shell in container (with tty) where you can run any command as similar to on OS

docker run -it alpine /bin/sh
/ # df -h

Filesystem                Size      Used Available Use% Mounted on

none                     18.1G      1.8G     15.3G  11% /

tmpfs                   496.2M         0    496.2M   0% /dev

tmpfs                   496.2M         0    496.2M   0% /sys/fs/cgroup

/dev/mapper/dockertest--vg-root

                         18.1G      1.8G     15.3G  11% /etc/resolv.conf

/dev/mapper/dockertest--vg-root

                         18.1G      1.8G     15.3G  11% /etc/hostname

/dev/mapper/dockertest--vg-root

                         18.1G      1.8G     15.3G  11% /etc/hosts

shm                      64.0M         0     64.0M   0% /dev/shm

tmpfs                   496.2M         0    496.2M   0% /proc/kcore

tmpfs                   496.2M         0    496.2M   0% /proc/timer_list

tmpfs                   496.2M         0    496.2M   0% /proc/timer_stats

tmpfs                   496.2M         0    496.2M   0% /proc/sched_debug

tmpfs                   496.2M         0    496.2M   0% /sys/firmware

## Inspect any image/container. INSPECT will Return low-level information on a container or image in JSON format

docker inspect alpine

## Remove containers

get the Container ID

docker ps -a

##docker rm container-ID

 docker rm 2db0a4bcb909

## Remove images

get the images IDs

docker images

## docker image rm image-ID   # but make sure containers using this image should be removed first else they will be in unstable state if image is removed

docker image rm 48b5124b2768

Terminologies

• Images - The file system and configuration of our application which are used to create containers
• Containers - Running instances of Docker images — containers run the actual applications. A container includes an application and all of its dependencies. It shares the kernel with other containers, and runs as an isolated process in user space on the host OS
• Docker daemon - The background service running on the host that manages building, running and distributing Docker containers
• Docker client - The command line tool that allows the user to interact with the Docker daemon
• Docker Hub - A registry of Docker images. You can think of the registry as a directory of all available Docker images

Docker Installation On Ubuntu 16.04

This post is about installation of Docker on Ubuntu 16.04 (must be 64-bit version)

Pre-requisites:

1) Download Ubuntu 16.04 (http://releases.ubuntu.com/16.04/ubuntu-16.04.2-server-amd64.iso)

2) Install Ubuntu 16.04 (https://help.ubuntu.com/lts/installation-guide/amd64/install.en.pdf)

3) Internet connection available to update and install docker packages and its dependencies


Steps to install Docker:

apt-get update

apt-get install -y --no-install-recommends linux-image-extra-$(uname -r) linux-image-extra-virtual

NOTE : linux-image-extra-* allow docker to use the aufs storage drivers

Ref AUFS -> http://www.thegeekstuff.com/2013/05/linux-aufs/

## Allow apt to use/communicate a repository over HTTPS

apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl software-properties-common


## Add Docker official GPG Key

curl -fsSL https://apt.dockerproject.org/gpg | sudo apt-key add -

## Verify that the key ID is 58118E89F3A912897C070ADBF76221572C52609D

apt-key fingerprint 58118E89F3A912897C070ADBF76221572C52609D

## Add Docker stable repository

add-apt-repository "deb https://apt.dockerproject.org/repo/ubuntu-$(lsb_release -cs) main"

## Install Docker

## update repositories to get the latest packages available to install

apt-get update

## Installing Docker enginer

apt-get -y install docker-engine

## Verify docker is installed correctly

docker run hello-world

It's output should be like

docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
78445dd45222: Pull complete 
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://cloud.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

Yay!! You are ready to go with Docker containerization :-)

How to install Perl modules on AIX Server?

How to install Perl modules on AIX Server?

Download perl module from http://search.cpan.org

Execute following commands to install module

gunzip –d package-module.tar.gz

tar xvf package-module.tar

cd package-module

perl Makefile.PL

If perl is installed on different location i.e.; /home/user/perl. Then follow below command

/home/user/perl/bin/perl Makefile.PL

make

make test

make install

Check installed perl module version

/home/user/perl/bin/perl –Mpackage::name –le ‘print $package::name::version’

For example, for EMail-Simple module

/home/user/perl/bin/perl -MEmail::Simple -le 'print $Email::Simple::VERSION'

How to install IBM Java 7?

If you want to run Java programs, then you should install JRE
If you want to develop Java programs, then you should install Java SDK (previously called as JDK). SDK also contains JRE

So, if someone ask you to install Java then install Java SDK

How to install Java 7 on AIX 7?

1st check what version of Java is compatible with AIX OS version

Refer : http://www.ibm.com/developerworks/java/jdk/aix/service.html


oslevel            ### check AIX OS version

bootinfo -K     ### AIX OS architecture 32bit or 64bit

Lets say it's 64bit, so we want to install 64bit java version

We must be registered with IBM with some login name and password to download Java SDK software

Once downloaded perform following steps to install:

Download Java and save in /tmp/ directory

mkdir /tmp/java7_64

cp /tmp/Java7r1_64.sdk.tar.gz /tmp/java7_64

cd /tmp/java7_64

gunzip -d Java7r1_64.sdk.tar.gz

tar xvf Java7r1_64.sdk.tar

inutoc .

smitty installp

Select "Install Software"

INPUT device / directory for software [./]                ### Directory where java installer available
SOFTWARE to install [_all_latest]
PREVIEW only? (install operation will NOT occur) no
COMMIT software updates? yes
SAVE replaced files? no
AUTOMATICALLY install requisite software? yes
EXTEND file systems if space needed? yes
OVERWRITE same or newer versions? no
VERIFY install and check file sizes? no
Include corresponding LANGUAGE filesets? yes
DETAILED output? no
Process multiple volumes? yes
ACCEPT new license agreements? yes           ### Use Tab to change No to Yes

Press enter to install

That's it!!

CentOS / RHEL 6 - Setup SELinux to work with Apache

By default SeLinux is enabled and it will mark some labeling on each and every file and ports on OS based on Service.

SeLinux work on following parameters:

1) Context
2) Boolean

1) Context, we can say label. Commands chcon and semanage
2) Boolean, SeLinux having properties for each service like need to enable read or write access to directory, enable http with ftp or not etc.. Commands semanage, getseboolean, setseboolean

In our case we are going to setup SeLinux to work with Apache

Context

Port Settings

As per SeLinux, services can work on only assigned specific ports like

semanage port -l|grep -i mysql

mysqld_port_t                  tcp      1186, 3306, 63132-63164

semanage port -l|grep -i http_port_t

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

So, port given in above output, by default allowed for mysql and apache services

Lets, take an example and change following line in /etc/httpd/conf/httpd.conf

Listen *:2222

Save and restart httpd service

While httpd restart, this will show following:

service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.56.103 for ServerName
(13)Permission denied: make_sock: could not bind to address [::]:2222
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:2222
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]

It's showing Permission denied: make_sock, that means SeLinux not allowing to create sock on 2222 port

As we want run Apache / httpd on 2222 port, execute following command to enable 2222 port for httpd service

semanage port -a -t http_port_t -p tcp 2222

semanage port -l|grep -i http_port_t

http_port_t                    tcp      2222, 80, 81, 443, 488, 8008, 8009, 8443, 9000

Now 2222 port has been assigned to http_port i.e.; http/apache service

Start http/apache service, you should not get any error this time

service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.56.103 for ServerName
                                                           [  OK  ]

netstat -antp|grep http
tcp        0      0 :::2222                     :::*                        LISTEN      1403/httpd

File/Folder Labeling

SeLinux keep labeling on each and every file which is as per service

ls -ldZ /var/www/

drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/

ls -ldZ /var/www/html/

drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/

ls -ldZ /etc/httpd/

drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/

ls -ldZ /etc/httpd/conf

drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/conf

ls -lZ /usr/sbin/httpd

-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd

Here (starting with http means its Domain for only httpd service):

httpd_config_t                          # http configuration
httpd_sys_content_t                 # http system content
httpd_exec_t                            # http executable

So, each and every called by httpd/apache service should have proper label.

Lets try to run httpd with different DocumentRoot with im-proper labeling on files and folders

mkdir /data/www -p

ls -ldZ /data/

drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /data/

ls -ldZ /data/www/

drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /data/www/


cat > /data/www/index.html
this is test

ctrl+D

ls -lZ /data/www/index.html

-rw-r--r--. root root unconfined_u:object_r:default_t:s0 /data/www/index.html


Restart httpd service and access through your web browser http://server-IP:2222

You should get following error in web broweser:

Forbidden

You don't have permission to access / on this server.

and following in apache/httpd service error logs:

[Tue Oct 28 21:17:07 2014] [error] [client 192.168.56.1] (13)Permission denied: access to /index.html denied


How to recover from above error:

Change label of DocumentRoot i.e.; /data/www and its files

As this is going to be http content directory, we should change label to httpd_sys_content_t

chcon -t httpd_sys_content_t /data -R

for permanent changes

semanage fcontext -t httpd_sys_content_t /data
semanage fcontext -t httpd_sys_content_t /data/www

Now you should be able to access server pages without any error

Command to see running process context

ps auxZ         # will provide process context too

Boolean

Commands to get or set Boolean variables

getsebool
setsebool

Some of the http/apache boolean variables

getsebool -a|grep http

httpd_enable_cgi --> on
httpd_enable_homedirs --> off
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off

If you do not want to disable apache/http to serve cgi files

setsebool httpd_enable_cgi off

Enable user's home directory to be used for data/pages serving for apache/http

setsebool httpd_enable_homedirs on

Enable Apache/http to use CIFS/NFS directory to serve pages

setsebool httpd_use_cifs off

setsebool httpd_use_nfs off

Other commands to use

Disable SeLinux

setenforce 0

modify /etc/sysconfig/selinux file and set

SELINUX=disabled

Reboot machine

Command to restore context

restorecon -Rv /data

Create /.autorelabel for allow OS to relabel complete system at next boot time