docker-container.adoc

Run Container

The first step in running any application on Docker is to run a container from an image. There are plenty of images available from the official Docker registry (aka Docker Hub). To run any of them, you just have to ask the Docker Client to run it. The client will check if the image already exists on Docker Host. If it exists then it’ll run it, otherwise the host will download the image and then run it.

Pull Image

Let’s first check, if there are any images already available:

docker images

At first, this list is empty. Now, let’s get a plain jboss/wildfly image from the instructor’s registry:

docker pull classroom.example.com:5000/wildfly

By default, docker images are retrieved from Docker Hub. This lab is pre-congfigured to run such that everything can be pulled from instructor’s machine.

You can see, that Docker is downloading the image with it’s different layers.

Note

In a traditional Linux boot, the Kernel first mounts the root File System as read-only, checks its integrity, and then switches the whole rootfs volume to read-write mode. When Docker mounts the rootfs, it starts read-only, as in a traditional Linux boot, but then, instead of changing the file system to read-write mode, it takes advantage of a union mount to add a read-write file system over the read-only file system. In fact there may be multiple read-only file systems stacked on top of each other. Consider each one of these file systems as a layer. At first, the top read-write layer has nothing in it, but any time a process creates a file, this happens in the top layer. And if something needs to update an existing file in a lower layer, then the file gets copied to the upper layer and changes go into the copy. The version of the file on the lower layer cannot be seen by the applications anymore, but it is there, unchanged. We call the union of the read-write layer and all the read-only layers a union file system. Figure 1. Docker Layers

In our particular case, the jboss/wildfly image extends the jboss/base-jdk:7 image which adds the OpenJDK distribution on top of the jboss/base image. The base image is used for all JBoss community images. It provides a base layer that includes:

1. A jboss user (uid/gid 1000) with home directory set to /opt/jboss

2. A few tools that may be useful when extending the image or installing software, like unzip.

The ``jboss/base-jdk:7'' image adds:

1. Latest OpenJDK distribution

2. Adds a JAVA_HOME environment variable

When the download is done, you can list the images again and will see the following:

docker images

REPOSITORY              TAG     IMAGE ID       CREATED       VIRTUAL SIZE
classroom.example.com:5000/wildfly  latest  2ac466861ca1   10 weeks ago  951.3 MB

Run Container

Interactive Container

Run WildFly container in an interactive mode.

docker run -it classroom.example.com:5000/wildfly

This will show the output as:

> docker run -it classroom.example.com:5000/wildfly
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/jboss/wildfly

  JAVA: /usr/lib/jvm/java/bin/java

  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true

=========================================================================

17:58:58,353 INFO  [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final
17:58:58,891 INFO  [org.jboss.msc] (main) JBoss MSC version 1.2.2.Final
17:58:59,056 INFO  [org.jboss.as] (MSC service thread 1-2) JBAS015899: WildFly 8.2.0.Final "Tweek" starting

. . .

17:59:03,211 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://127.0.0.1:9990/management
17:59:03,212 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990
17:59:03,213 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 8.2.0.Final "Tweek" started in 5310ms - Started 184 of 234 services (82 services are lazy, passive or on-demand)

This shows that the server started correctly, congratulations!

By default, Docker runs in the foreground. -i allows to interact with the STDIN and -t attach a TTY to the process. Switches can be combined together and used as -it.

Hit Ctrl+C to stop the container.

Detached Container

Restart the container in detached mode:

> docker run -d classroom.example.com:5000/wildfly
972f51cc8422eec0a7ea9a804a55a2827b5537c00a6bfd45f8646cb764bc002a

-d runs the container in detached mode.

The output is the unique id assigned to the container. Check the logs as:

> docker logs 972f51cc8422eec0a7ea9a804a55a2827b5537c00a6bfd45f8646cb764bc002a
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/jboss/wildfly

. . .

We can check it by issuing the docker ps command which retrieves the images process which are running and the ports engaged by the process:

> docker ps
CONTAINER ID        IMAGE                                 COMMAND                CREATED             STATUS              PORTS                    NAMES
0bc123a8ece0        classroom.example.com:5000/wildfly:latest    "/opt/jboss/wildfly/   4 seconds ago       Up 4 seconds        8080/tcp                 tender_wozniak

Also try docker ps -a to see all the containers on this machine.

Run Container with Default Port

Startup log of the server shows that the server is located in the /opt/jboss/wildfly. It also shows that the public interfaces are bound to the 0.0.0.0 address while the admin interfaces are bound just to localhost. This information will be useful to learn how to customize the server.

docker-machine ip <machine-name> gives us the Docker Host IP address and this was already added to the hosts file. So, we can give it another try by accessing: http://dockerhost:8080. However, this will not work either.

If you want containers to accept incoming connections, you will need to provide special options when invoking docker run. The container, we just started, can’t be accessed by our browser. We need to stop it again and restart with different options.

docker stop 0bc123a8ece0

Restart the container as:

> docker ps
CONTAINER ID        IMAGE                                 COMMAND                CREATED             STATUS              PORTS                     NAMES
4545ced66242        classroom.example.com:5000/wildfly:latest    "/opt/jboss/wildfly/   3 seconds ago       Up 3 seconds        0.0.0.0:32768->8080/tcp   suspicious_wozniak

-P flag map any network ports inside the image it to a random high port from the range 49153 to 65535 on Docker host.

The port mapping is shown in the PORTS column. Access the WildFly server at http://dockerhost:32768:8080. Make sure to use the correct port number as shown in your case.

Run Container with Specified Port

Lets stop the previously running container as:

docker stop 4545ced66242

Restart the container as:

docker run -it -p 8080:8080 classroom.example.com:5000/wildfly

The format is -p hostPort:containerPort. This option maps container ports to host ports and allows other containers on our host to access them.

Note	Docker Port Mapping Port exposure and mapping are the keys to successful work with Docker. See more about networking on the Docker website Advanced Networking

Now we’re ready to test http://dockerhost:8080 again. This works with the exposed port, as expected.

Figure 2. Welcome WildFly

Enabling WildFly Administration

Default WildFly image exposes only port 8080 and thus is not available for administration using either the CLI or Admin Console.

Default Port Mapping

The following command will override the default command in Docker file, explicitly starting WildFly, and binding application and management port to all network interfaces.

docker run -P -d classroom.example.com:5000/wildfly /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0

Accessing WildFly Administration Console require a user in administration realm. A pre-created image, with appropriate username/password credentials, is used to start WildFly as:

docker run -P -d classroom.example.com:5000/wildfly-management

-P flag map any network ports inside the image it to a random high port from the range 49153 to 65535 on Docker host.

Look at the exposed ports as:

 docker ps
CONTAINER ID        IMAGE                                           COMMAND                CREATED             STATUS              PORTS                                              NAMES
6f610b310a46        classroom.example.com:5000/wildfly-management:latest   "/bin/sh -c '/opt/jb   6 seconds ago       Up 6 seconds        0.0.0.0:32769->8080/tcp, 0.0.0.0:32770->9990/tcp   determined_darwin

Look for the host port that is mapped in the container, 32770 in this case. Access the admin console at http://dockerhost:32770.

The username/password credentials are:

Field	Value
Username	admin
Password	docker#admin

Additional Ways To Find Port Mapping

The exact mapped port can also be found as:

1. Using docker inspect:

   docker inspect --format='{{(index (index .NetworkSettings.Ports "9990/tcp") 0).HostPort}}' 6f610b310a46

2. Using docker port:

   docker port 6f610b310a46

   to see the output as:

   0.0.0.0:32769->8080/tcp
   0.0.0.0:32770->9990/tcp

Fixed Port Mapping

This management image can also be started with a pre-defined port mapping as:

docker run -p 8080:8080 -p 9990:9990 -d classroom.example.com:5000/wildfly-management

In this case, Docker port mapping will be shown as:

8080/tcp -> 0.0.0.0:8080
9990/tcp -> 0.0.0.0:9990

Stop and Remove Container

Stop Container

1. Stop a specific container:

   docker stop 0bc123a8ece0

2. Stop all the running containers

   docker rm $(docker stop $(docker ps -q))

3. Stop only the exited containers

   docker ps -a -f "exited=-1"

Remove Container

1. Remove a specific container:

   docker rm 0bc123a8ece0

2. Containers meeting a regular expression

   docker ps -a | grep wildfly | awk '{print $1}' | xargs docker rm

3. All running containers, without any criteria

   docker rm $(docker ps -aq)