Overview of Docker

Overview

Teaching: 10 min
Exercises: 10 min
Questions
Objectives
  • Be aware of the pros and cons compared to Singularity

  • Get started with Docker: download and run container images

  • Learn how to build an image with Docker

What’s the deal with Docker?

Docker has been the first container engine to get widespread popularity. It has achieved this mostly in the world of IT companies, where it can be a very effective tool in the hands of system administrators, to deploy all sorts of micro-services. It can also be a useful engine for running containers in laptops, personal workstations, and cloud VMs. Among its advantages:

On the other hand, some features make it not ideal for HPC. These include:

As you might encounter Docker in your container journey, let’s have a quick look at how the syntax looks like for the most basic operations.

To get a more detailed introduction on Docker containers, see this other workshop on Container workflows with Docker.

Downloading images and running containers

Let’s cd into the relevant demo directory:

$ cd $ERNZ20/demos/11_lolcow_docker

Let’s download a Ubuntu container image, using docker pull:

$ sudo docker pull ubuntu:18.04
18.04: Pulling from library/ubuntu
7ddbc47eeb70: Pull complete 
c1bbdc448b72: Pull complete 
8c3b70e39044: Pull complete 
45d437916d57: Pull complete 
Digest: sha256:6e9f67fa63b0323e9a1e587fd71c561ba48a034504fb804fd26fd8800039835d
Status: Downloaded newer image for ubuntu:18.04

Now, let’s use this image via docker run:

$ sudo docker run ubuntu:18.04 cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.3 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.3 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

Similar to Singularity, the pull step could be skipped, as trying to run an image which is not locally available would trigger the download anyway.

To open up a shell in the image, use docker run -it:

$ sudo docker run -it ubuntu:18.04 bash
root@dd1ca993f4ad:/#

Then type exit, or hit Ctrl-D, to leave the interactive shell.

As we mentioned above, lots of Docker defaults are about privileged runtime and container isolation. Some extra syntax is required in order to achieve a container execution comparable to Singularity, i.e. with

Long story short, this is what it takes:

$ sudo docker run --rm -v $(pwd):/data -w /data -u $(id -u):$(id -g) -i ubuntu:18.04 echo "Good Morning" >hello1.txt
$ ls -l hello1.txt
-rw-r----- 1 ubuntu ubuntu 13 Nov  1 08:29 hello1.txt

Let’s comment on the flags:

What about the --rm flag? To respond to this, let’s move on.

Managing containers and images

By default, when containers exit, they remain cached in the system for potential future restart. Have a look at a list of running and stopped containers with docker ps -a (remove -a to only list running ones):

$ sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS                       PORTS               NAMES
375a021f8674        ubuntu:18.04        "bash"                  52 seconds ago      Exited (0) 4 seconds ago                         reverent_volhard
6000f459c132        ubuntu:18.04        "cat /etc/os-release"   57 seconds ago      Exited (0) 55 seconds ago                        hungry_bhabha

It’s possible to clean up cached, exited containers by means of docker rm; there’s also an idiomatic way to clean all of them at once:

$ sudo docker rm $(sudo docker ps -qa)
375a021f8674
6000f459c132

If I know in advance I won’t need to re-run a container after it exits, I can use the runtime flag --rm, as in docker run --rm, to clean it up automatically, as we did in the example above.

Docker stores container images in a hidden directory under its own control. To get the list of downloaded images use docker images:

$ sudo docker images
REPOSITORY                        TAG                      IMAGE ID            CREATED             SIZE
ubuntu                            18.04                    775349758637        10 hours ago        64.2MB

If you don’t need an image any more and want to clear up disk space, use docker rmi to remove it:

$ sudo docker rmi ubuntu:18.04
Untagged: ubuntu:18.04
Untagged: ubuntu@sha256:6e9f67fa63b0323e9a1e587fd71c561ba48a034504fb804fd26fd8800039835d
Deleted: sha256:775349758637aff77bf85e2ff0597e86e3e859183ef0baba8b3e8fc8d3cba51c
Deleted: sha256:4fc26b0b0c6903db3b4fe96856034a1bd9411ed963a96c1bc8f03f18ee92ac2a
Deleted: sha256:b53837dafdd21f67e607ae642ce49d326b0c30b39734b6710c682a50a9f932bf
Deleted: sha256:565879c6effe6a013e0b2e492f182b40049f1c083fc582ef61e49a98dca23f7e
Deleted: sha256:cc967c529ced563b7746b663d98248bc571afdb3c012019d7f54d6c092793b8b

A Dockerfile recipe

It can be interesting to have an idea of how to build images with Docker. In fact, as we mentioned earlier on, the layered image format of Docker can sometimes help in reducing image development time. In addition, Docker images are quite universally compatible, as they can be run by Singularity, too.

We’re going to build a very similar image to the one we built with Singularity. The Dockerfile recipe file in the demo directory looks like:

FROM ubuntu:18.04

MAINTAINER Pawsey Supercomputing Centre

RUN apt-get -y update && \
  apt-get -y install fortune cowsay lolcat

ENV PATH=/usr/games:$PATH

VOLUME /data
WORKDIR /data

CMD fortune | cowsay | lolcat

The directory where the Dockerfile is stored is the so called the Docker build context. Docker will include files in this directory in the build process and in the final image. As a by-product, this will make the build process longer and the image larger, so that we want to include only those strictly required for the build, even none if possible.

Let’s comment on the Docker instructions that appear in this Dockerfile.

More information on the Dockerfile syntax can be found at the Dockerfile reference.

Layers in a container image

Note how the RUN instruction above is used to execute a sequence of commands to update the list of available packages and install a set of Linux packages.
We have concatenated all these commands in one using the && linux operator, and then the \ symbol to break them into multiple lines for readability.

We could have used one RUN instruction per command, so why concatenating instead?
Well, each RUN creates a distinct layer in the final image, increasing its size. It is a good practice to use as few layers, and thus RUN instructions, as possible, to keep the image size smaller.

Building the container image

Once the Dockerfile is ready, let us build the image with docker build:

$ sudo docker build -t lolcow:1Nov19 .

In the command above, . is the location of the build context (i.e. the directory for the Dockerfile).
The -t flag is used to specify the image name (compulsory) and tag (optional).

Any lowercase alphanumeric string can be used as image name; here we’ve used lolcow. The image tag (following the colon) can be optionally used to maintain a set of different image versions on Docker Hub, and is a key feature in enabling reproducibility of your computations through containers; here we’ve used 1Nov19.

Adding the prefix <Your Docker Hub account>/ to the image name is also optional and allows to push the built image to your Docker Hub registry (see below).

The complete format for the image name looks like: <Your Docker Hub account ^>/<Image name>:<Image tag ^>. ^These are optional.

This is the output of our build:

Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ubuntu:18.04
 ---> 775349758637
Step 2/7 : MAINTAINER Pawsey Supercomputing Centre
 ---> Running in 91c109dfd5ba
Removing intermediate container 91c109dfd5ba
 ---> 361490204a2c
Step 3/7 : RUN apt-get -y update &&   apt-get -y install fortune cowsay lolcat
 ---> Running in 4543b6bb99f1
[..]
Removing intermediate container 4543b6bb99f1
 ---> 7958a569068f
Step 4/7 : ENV PATH=/usr/games:$PATH
 ---> Running in 86282799c41f
Removing intermediate container 86282799c41f
 ---> 3ffdfe179e34
Step 5/7 : VOLUME /data
 ---> Running in f93de5446caa
Removing intermediate container f93de5446caa
 ---> 9c174e36bf3a
Step 6/7 : WORKDIR /data
 ---> Running in eed67d591239
Removing intermediate container eed67d591239
 ---> 36cc09b2c59b
Step 7/7 : CMD fortune | cowsay | lolcat
 ---> Running in 87a464d2ee67
Removing intermediate container 87a464d2ee67
 ---> 3c62a0f2e06e
Successfully built 3c62a0f2e06e
Successfully tagged lolcow:1Nov19

Let’s give this image a go! Let’s execute it without any argument to use the default command:

$ sudo docker run --rm lolcow:1Nov19
 _______________________________________
/ Good news. Ten weeks from Friday will \
\ be a pretty good day.                 /
 ---------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Note how the default command can be readily overwritten:

$ sudo docker run --rm lolcow:1Nov19 echo "Hello World!"
Hello World!

Pushing the image to Docker Hub

If you have a (free) Docker Hub account you must first login to Docker.

$ sudo docker login

You are now ready to push your newly created image to the Docker Hub web registry.

First, let us create a second tag for the image, that includes your Docker Account. To this end we’ll use docker tag:

$ sudo docker tag lolcow:1Nov19 <your-dockerhub-account>/lolcow:1Nov19

Now we can push the image:

$ sudo docker push <your-dockerhub-account>/lolcow:1Nov19
The push refers to repository [docker.io/marcodelapierre/lolcow]
9d2959e72647: Pushed 
317d47a452af: Pushed 
e0b3afb09dc3: Mounted from library/ubuntu 
6c01b5a53aac: Mounted from library/ubuntu 
2c6ac8e5063e: Mounted from library/ubuntu 
cc967c529ced: Mounted from library/ubuntu 
1Nov19: digest: sha256:295c5695e2b05f6123bc2d8669ec7b66e45df5000ab9fc45ce3566ae3c0d839e size: 1571

Your image is now publicly available for anyone to pull.

Key Points

  • Use docker pull to download container images

  • Use docker run to execute commands in containers

  • Build images starting from a Dockerfile recipe with docker build

  • Push images to a web registry with docker push