New Container Network Model @ Docker 1.9

Estimated Reading Time: 8 minutes

Docker 1.9 new networking is Software Defined Networking (SDN) for containers. Pushing the experimental version to the public was a right thing Docker Inc. did few months back and now when it is production ready, it is surely going to make Docker, an Enterprise Ready product.With SDN ,developers can breathe a flexibility to network their apps as you want without having to wait on the network operations team.

Docker 1.9 brings totally a new way of getting started with Networking straight away by using the new docker network command.In Docker 1.9, Networking is ready to use in production and works with Swarm and Compose. Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They seamlessly communicate with each other wherever they are – thus enabling true distributed applications.

Docker networking allows connectivity for containers to each other across different physical or virtual hosts. An Interesting stuff is containers using Networking can be easily stopped, started and restarted without disrupting the connections to other containers –    You don’t need to create a container before you can link to it. With Networking containers be created in any order and discover each other using their container names.

Libnetwork implements Container Network Model (CNM) which offers networking for containers while providing an abstraction that can be used to support multiple network drivers. It lies on 3 major components:

network-2

Sandbox

A Sandbox contains the configuration of a container’s network stack. This includes management of the container’s interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept. A Sandbox may contain many endpoints from multiple networks.

Endpoint

An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch internal port or similar. An Endpoint can belong to only one network but may only belong to one Sandbox.

Network

A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a Linux bridge, a VLAN, etc. Networks consist of many endpoints.

I spent couple of hours understanding how Docker network actually works.

Let me share my findings with you all:

Installing Docker 1.9 on Ubuntu 14.04.3

Below script will help you setup Docker 1.9 on Ubuntu 14.04.3 on the fly:

root@dell-virtual-machine:~# less script

# Check that HTTPS transport is available to APT
if [ ! -e /usr/lib/apt/methods/https ]; then
apt-get update
apt-get install -y apt-transport-https
fi

# Add the repository to your APT sources
echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list

# Then import the repository key
apt-key adv –keyserver hkp://p80.pool.sks-keyservers.net:80 –recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

# Install docker
apt-get update
apt-get install -y lxc-docker

#
# Alternatively, just use the curl-able install.sh script provided at https://get.docker.com
#

Executing the script will help you with Docker 1.9. I could see lxc-docker getting installing removing docker.io package. Good going ..

The following extra packages will be installed:
lxc-docker-1.9.0
The following packages will be REMOVED:
docker.io
The following NEW packages will be installed:
lxc-docker lxc-docker-1.9.0
0 upgraded, 2 newly installed, 1 to remove and 181 not upgraded.
Need to get 8,487 kB of archives.
After this operation, 1,236 kB of additional disk space will be used.
Get:1 https://get.docker.com/ubuntu/ docker/main lxc-docker amd64 1.9.0 [2,092 B]
Fetched 8,487 kB in 40s (211 kB/s)
(Reading database … 209652 files and directories currently installed.)
Removing docker.io (1.6.2~dfsg1-1ubuntu4~14.04.1) …
docker stop/waiting
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Selecting previously unselected package lxc-docker-1.9.0.
(Reading database … 209562 files and directories currently installed.)
Preparing to unpack …/lxc-docker-1.9.0_1.9.0_amd64.deb …
Unpacking lxc-docker-1.9.0 (1.9.0) …
Selecting previously unselected package lxc-docker.
Preparing to unpack …/lxc-docker_1.9.0_amd64.deb …
Unpacking lxc-docker (1.9.0) …
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker-1.9.0 (1.9.0) …
Installing new version of config file /etc/init.d/docker …
Installing new version of config file /etc/init/docker.conf …
docker start/running, process 1838
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker (1.9.0) …
root@dell-virtual-machine:~#

Running Docker daemon

root@dell-virtual-machine:~# docker daemon -H unix:///var/run/docker.sock       INFO[0000] API listen on /var/run/docker.sock
INFO[0000] [graphdriver] using prior storage driver “aufs”
INFO[0000] Firewalld running: true
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.42.1/16. Daemon option –bip can be used to set a preferred IP address
WARN[0000] Your kernel does not support swap memory limit.
INFO[0000] Loading containers: start.
………………………………………………………………………………………………………………………………….
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon                                 commit=76d6bc9 execdriver=native-0.2 graphdriver=aufs version=1.9.0

Switch to new terminal in case you are keen on seeing what goes behind the hood.

Hurray!! a new Docker 1.9 is right there on your Ubuntu box.

root@dell-virtual-machine:/home/dell# docker version
Client:
Version:      1.9.0
API version:  1.21
Go version:   go1.4.3
Git commit:   76d6bc9
Built:        Tue Nov  3 19:20:09 UTC 2015
OS/Arch:      linux/amd64

Server:
Version:      1.9.0
API version:  1.21
Go version:   go1.4.3
Git commit:   76d6bc9
Built:        Tue Nov  3 19:20:09 UTC 2015
OS/Arch:      linux/amd64
root@dell-virtual-machine:/home/dell#

I am keen on looking what new commands has arrived right there:

docker-network

root@dell-virtual-machine:/home/dell# docker
Usage: docker [OPTIONS] COMMAND [arg…]
docker daemon [ –help | … ]
docker [ –help | -v | –version ]

A self-sufficient runtime for containers.

Options:

–config=~/.docker                 Location of client config files
-D, –debug=false                  Enable debug mode
–disable-legacy-registry=false    Do not contact legacy registries
-H, –host=[]                      Daemon socket(s) to connect to
-h, –help=false                   Print usage
-l, –log-level=info               Set the logging level
–tls=false                        Use TLS; implied by –tlsverify
–tlscacert=~/.docker/ca.pem       Trust certs signed only by this CA
–tlscert=~/.docker/cert.pem       Path to TLS certificate file
–tlskey=~/.docker/key.pem         Path to TLS key file
–tlsverify=false                  Use TLS and verify the remote
-v, –version=false                Print version information and quit

Commands:
attach    Attach to a running container
build     Build an image from a Dockerfile
commit    Create a new image from a container’s changes
cp        Copy files/folders between a container and the local filesystem
create    Create a new container
diff      Inspect changes on a container’s filesystem
events    Get real time events from the server
exec      Run a command in a running container
export    Export a container’s filesystem as a tar archive
history   Show the history of an image
images    List images
import    Import the contents from a tarball to create a filesystem image
info      Display system-wide information
inspect   Return low-level information on a container or image
kill      Kill a running container
load      Load an image from a tar archive or STDIN
login     Register or log in to a Docker registry
logout    Log out from a Docker registry
logs      Fetch the logs of a container
network   Manage Docker networks
pause     Pause all processes within a container
port      List port mappings or a specific mapping for the CONTAINER
ps        List containers
pull      Pull an image or a repository from a registry
push      Push an image or a repository to a registry
rename    Rename a container
restart   Restart a container
rm        Remove one or more containers
rmi       Remove one or more images
run       Run a command in a new container
save      Save an image(s) to a tar archive
search    Search the Docker Hub for images
start     Start one or more stopped containers
stats     Display a live stream of container(s) resource usage statistics
stop      Stop a running container
tag       Tag an image into a repository
top       Display the running processes of a container
unpause   Unpause all processes within a container
version   Show the Docker version information
volume    Manage Docker volumes
wait      Block until a container stops, then print its exit code

Run ‘docker COMMAND –help’ for more information on a command.
root@dell-virtual-machine:/home/dell#

Docker 1.9.0 Client Binary
Docker Machine 0.5.0
Docker Compose 0.5.0
Docker Toolbox 1.9.0
Docker Swarm 1.0.0

Wow…swarm, toolbox, compose, machine all with a new version. Awesome !!

Let’s start playing around Docker network command. I am going to pull nginx first.

root@dell-virtual-machine:~# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
d0ca40da9e35: Pull complete
d1f66aef36c9: Pull complete
192997133528: Pull complete
c4b09a941684: Pull complete
4174aa7c7be8: Pull complete
0620b22b5443: Pull complete
87c3b9f58480: Pull complete
7d984375a5e7: Pull complete
e491c4f10eb2: Pull complete
edeba58b4ca7: Pull complete
a96311efcda8: Pull complete
914c82c5a678: Pull complete
Digest: sha256:b24651e86659a5d1e4103f8c1ea49567335528281c1678697783ae7569114e1e
Status: Downloaded newer image for nginx:latest
root@dell-virtual-machine:~#

Let’s see what Docker network has to say:

root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
root@dell-virtual-machine:~#

Cool…

Its time to start nginx on the new network of my interest. I will name it “web”.(sounds good Huh !!!)

root@dell-virtual-machine:~# docker run -itd –net=web –name web nginx
2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f
root@dell-virtual-machine:~#

Let me check the docker network again.
root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
root@dell-virtual-machine:~#

Fair enough. I can see it listed here.

Let’s play around it again. This time let me name it as “newapp”.

root@dell-virtual-machine:~# docker run -itd –net=newapp –net=myapp nginx
23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448
root@dell-virtual-machine:~#

Let’s check it again.

root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
8fdc0ce3c468        myapp               bridge
root@dell-virtual-machine:~#

Yipee.. there goes my “myapp” listed.

let us connect my web container to myapp network as shown:

root@dell-virtual-machine:~# docker network connect myapp web
root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
c03582079d99        none                null
9a7a4791e2ec        host                host
8fdc0ce3c468        myapp               bridge
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
root@dell-virtual-machine:~#

Good. Let us try to see if inspect works for network command too.

root@dell-virtual-machine:~# docker network inspect myapp
[
{
“Name”: “myapp”,
“Id”: “8fdc0ce3c468e8fccd513acc63171e168a823f80d61aca3529605961c5b96aab”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “fa6efb254809007debb75ea3ce694624809452466a14a1306844eaf97ca2094a”,
“MacAddress”: “02:42:ac:13:00:03”,
“IPv4Address”: “172.19.0.3/16”,
“IPv6Address”: “”
},
“23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448”: {
“EndpointID”: “35cfb86fe4c7bab266a1e671a37fc3ea28fb5382ccd7e1d032f6d1c53b50e509”,
“MacAddress”: “02:42:ac:13:00:02”,
“IPv4Address”: “172.19.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]
root@dell-virtual-machine:~#

root@dell-virtual-machine:~# docker network inspect web
[
{
“Name”: “web”,
“Id”: “a743bde2e8b912838dc1216b338b367b0c8fc9f224c7625f1078fbf96a7990ef”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “e3297e59f8613806ad1e4d9fb505f9636e581ad9986c3e5bbd2b1391d0d488ed”,
“MacAddress”: “02:42:ac:12:00:02”,
“IPv4Address”: “172.18.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]

This is super cool. I can see detailed information of all container tied to my web applications.

How about network bridge? Let’s try it :

root@dell-virtual-machine:~# docker network inspect bridge
[
{
“Name”: “bridge”,
“Id”: “69b253ef50d1640934b467c9a1ced5dee1b187082fa95da9ed6c9e1e9eb972bb”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{
“Subnet”: “172.17.42.1/16”,
“Gateway”: “172.17.42.1”
}
]
},
“Containers”: {},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
}
}
]
root@dell-virtual-machine:~#

root@dell-virtual-machine:~# docker network inspect host
[
{
“Name”: “host”,
“Id”: “9a7a4791e2ecc6b745721109d7d77c4ef5fa601e3b43c4b6415fd4851351d759”,
“Scope”: “local”,
“Driver”: “host”,
“IPAM”: {
“Driver”: “default”,
“Config”: []
},
“Containers”: {},
“Options”: {}
}
]
root@dell-virtual-machine:~#

I think the new “docker network” command is simply awesome.Docker is all about application and Docker folks have done a right job of concentrating completely on application design. This tool is surely going to be an amazing tool for developers as they now don’t have to worry about “Network Administrator” job. Its all purely “Dev-Ops Re-Org”.

Will be back with more exploration on “Docker Networking”.

Understanding Docker Networking – Part-I

Estimated Reading Time: 6 minutes

This is a tutorial series for understanding how Docker Networking really works. I have tried to put it in very simple language so that laymen can understand how Docker networking is different from traditional bare metal OR virtual networking. I have put it through Q&A which are usually been asked or raised during the various meetups, seminars , webinars and presentations. Hope it is helpful for all Docker beginners. Here we go –

Que: How does Docker networking look like?

Dock_Net1

Que: Where does the 172.17.42.x come from?

It randomly chooses an address and subnet from the private range defined by RFC 1918 that are not in use on the host machine, and assigns it to docker0. By default it chooses a 16-bit netmask providing 65,534 addresses for the host machine and its containers. The MAC address is generated using the IP address allocated to the container to avoid ARP collisions, using a range from 02:42:ac:11:00:00 to 02:42:ac:11:ff:ff.

Que: How does ifconfig look like?

Every time Docker creates a container, it creates a pair of “peer” interfaces that are
like opposite ends of a pipe — a packet sent on one will be received on the other. It
gives one of the peers to the container to become its eth0 interface and keeps the other
peer, with a unique name like vethAQI2QT, out in the namespace of the host machine. By
binding every veth* interface to the docker0 bridge, Docker creates a virtual subnet shared between the host machine and every Docker container.

Que: How does traditional Docker Host network look like before Docker is installed?

Dock_Net2

Que: How does Docker Host network configuration look like after Docker is installed?

Dock_Net3

Que: How does Docker Host network configuration look like after Docker container is created?

Dock_Net5

Que: How can I see bridge details sitting on the Docker Host?

Let’s install bridge-utils utility to see how does it look like:

1. Install bridge-utils package:

root@dell-virtual-machine:~# apt-get install bridge-utils
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
bridge-utils
0 upgraded, 1 newly installed, 0 to remove and 152 not upgraded.
Need to get 29.2 kB of archives.
After this operation, 146 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu/ trusty/main bridge-utils amd64 1.5-6ubuntu2

[29.2 kB]
Fetched 29.2 kB in 0s (31.0 kB/s)
Selecting previously unselected package bridge-utils.
(Reading database … 195531 files and directories currently installed.)
Preparing to unpack …/bridge-utils_1.5-6ubuntu2_amd64.deb …
Unpacking bridge-utils (1.5-6ubuntu2) …
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Setting up bridge-utils (1.5-6ubuntu2) …
root@dell-virtual-machine:~#

Showing brctl output:

root@dell-virtual-machine:~# brctl show docker0
bridge name     bridge id               STP enabled     interfaces
docker0         8000.56847afe9799       no              veth5247
root@dell-virtual-machine:~#

Showing ifconfig:

docker0   Link encap:Ethernet  HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:43473 errors:0 dropped:0 overruns:0 frame:0
TX packets:97379 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2327602 (2.3 MB)  TX bytes:189338797 (189.3 MB)

veth5247  Link encap:Ethernet  HWaddr d6:22:ba:f9:03:37
inet6 addr: fe80::d422:baff:fef9:337/64 Scope:Link
UP BROADCAST RUNNING  MTU:1500  Metric:1
RX packets:43073 errors:0 dropped:0 overruns:0 frame:0
TX packets:97352 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2904552 (2.9 MB)  TX bytes:189334263 (189.3 MB)

Checking Iptables:

Let’s go inside the running container and check the ipaddress entry:

Verify the running container:

root@dell-virtual-machine:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS

PORTS               NAMES
cdecbc0a80ef        dc29bb81b6b8        /bin/bash           26 hours ago        Up 26

hours                             stoic_lumiere

Checking the container networking config:

root@cdecbc0a80ef:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
60: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen

1000
link/ether aa:7a:fc:28:67:cf brd ff:ff:ff:ff:ff:ff
inet 172.17.0.30/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a87a:fcff:fe28:67cf/64 scope link
valid_lft forever preferred_lft forever
root@cdecbc0a80ef:/#

Que: How shall I confirm that all the network traffic flows through Docker bridge?

If I traceroute to other host machine from this container , it will flow through docker0
bridge as shown below:

root@cdecbc0a80ef:/# traceroute 10.94.214.207
traceroute to 10.94.214.207 (10.94.214.207), 30 hops max, 60 byte packets
1  172.17.42.1 (172.17.42.1)  0.202 ms  7.754 ms  5.453 ms
2  10.94.214.207 (10.94.214.207)  0.536 ms  0.815 ms  0.534 ms

If we try to check iptables entry:

root@dell-virtual-machine:~# iptables -t nat -L -n|grep MAS
MASQUERADE  all  —  172.17.0.0/16       !172.17.0.0/16
MASQUERADE  all  —  0.0.0.0/0            0.0.0.0/0
root@dell-virtual-machine:~#

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16       !172.17.0.0/16
POSTROUTING_direct  all  —  0.0.0.0/0            0.0.0.0/0
POSTROUTING_ZONES_SOURCE  all  —  0.0.0.0/0            0.0.0.0/0
POSTROUTING_ZONES  all  —  0.0.0.0/0            0.0.0.0/0

Que: Can you showcase any example which shows how iptables entry changes while we add new containers?

Let’s install httpd container:

root@dell-virtual-machine:~# docker run -itd -P httpd
Unable to find image ‘httpd’ locally
Pulling repository httpd
924d2d66a3b5: Download complete
575489a51992: Download complete
6845b83c79fb: Download complete
4f64efbea1d3: Download complete
08101e1b920e: Download complete
932fa81787bc: Download complete
b5bbe0bc4a47: Download complete
07239fa805ff: Download complete
17c09b5e274d: Download complete
6ffd7cced2c0: Download complete
b14dd1447073: Download complete
b8d3a847be50: Download complete
f66c1d4454c0: Download complete
5c6d62f9d593: Download complete
3f09f511bbedb5984ff3053e5f50715eb9bd17a2be2e29756012720b7b3f5598
root@dell-virtual-machine:~#

lets check the docker history:
root@dell-virtual-machine:~# docker history httpd
IMAGE               CREATED             CREATED BY

SIZE
924d2d66a3b5        8 days ago          /bin/sh -c #(nop) CMD [“httpd-foreground”]      0

B
5c6d62f9d593        8 days ago          /bin/sh -c #(nop)                  0 B
f66c1d4454c0        8 days ago          /bin/sh -c #(nop) COPY file:f465a45ed4146a281

135 B
b8d3a847be50        8 days ago          /bin/sh -c buildDeps=’

ca-certificates                         cu                  31.18 MB
b14dd1447073        8 days ago          /bin/sh -c #(nop) ENV HTTPD_BZ2_URL=https://w   0

B
6ffd7cced2c0        8 days ago          /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.17      0

B
17c09b5e274d        8 days ago          /bin/sh -c gpg –keyserver ha.pool.sks-keyser

145.9 kB
07239fa805ff        8 days ago          /bin/sh -c apt-get update

&& apt-get install   5.506 MB
b5bbe0bc4a47        8 days ago          /bin/sh -c #(nop) WORKDIR /usr/local/apache2    0

B
932fa81787bc        8 days ago          /bin/sh -c mkdir -p “$HTTPD_PREFIX”

&& chown            0 B
08101e1b920e        8 days ago          /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:/u   0

B
4f64efbea1d3        8 days ago          /bin/sh -c #(nop) ENV HTTPD_PREFIX=/usr/local   0

B
6845b83c79fb        9 days ago          /bin/sh -c #(nop) CMD [“/bin/bash”]             0

B
575489a51992        9 days ago          /bin/sh -c #(nop) ADD file:5f0fca122586fe4ea7

125.1 MB
root@dell-virtual-machine:~#

It must be able to see EXPOSE 80/tcp entry which indicates that iptables automatically handles the NATing part.

Lets try running another container:

So far we saw that:

root@dell-virtual-machine:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS

PORTS                   NAMES
3f09f511bbed        httpd:latest        httpd-foreground    About a minute ago   Up About

a minute   0.0.0.0:49153->80/tcp   nostalgic_brown
cdecbc0a80ef        dc29bb81b6b8        /bin/bash           26 hours ago         Up 9

minutes                                stoic_lumiere

Lets create a new container with 8080 instead of 80.

root@dell-virtual-machine:~# docker run -itd -p 8080:80 httpd
6b0ff011f85dea77e2bec937b8c39d29131ba1bed3606c530d0750d9f4daaaac
root@dell-virtual-machine:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS

PORTS                   NAMES
6b0ff011f85d        httpd:latest        httpd-foreground    3 seconds ago       Up 2

seconds        0.0.0.0:8080->80/tcp    dreamy_pasteur
3f09f511bbed        httpd:latest        httpd-foreground    2 minutes ago       Up 2

minutes        0.0.0.0:49153->80/tcp   nostalgic_brown
cdecbc0a80ef        dc29bb81b6b8        /bin/bash           26 hours ago        Up 9

minutes                                stoic_lumiere
root@dell-virtual-machine:~#

Now running iptables shows us the new entry:

root@dell-virtual-machine:~# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
PREROUTING_direct  all  —  0.0.0.0/0            0.0.0.0/0
PREROUTING_ZONES_SOURCE  all  —  0.0.0.0/0            0.0.0.0/0
PREROUTING_ZONES  all  —  0.0.0.0/0            0.0.0.0/0
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type

LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  —  0.0.0.0/0            0.0.0.0/0
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type

LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16       !172.17.0.0/16
POSTROUTING_direct  all  —  0.0.0.0/0            0.0.0.0/0
POSTROUTING_ZONES_SOURCE  all  —  0.0.0.0/0            0.0.0.0/0
POSTROUTING_ZONES  all  —  0.0.0.0/0            0.0.0.0/0

Chain DOCKER (2 references)
target     prot opt source               destination
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:49153

to:172.17.0.3:80
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080

to:172.17.0.4:80

How to build .DEB packages through Docker

Estimated Reading Time: 2 minutes

Building .DEB package is still a daunting process. It involves a series of compiling, linking and building the source packages. Compiling tuns your source code into object code.Linking combines your object code with libraries into a raw executable whereas building is the sequence composed of compiling and linking, with possibly other tasks such as installer creation.

You start with setting up build process, linking the object code with libraries and then series of steps to build .DEB packages. It involves complexity and series of debugging to reach the end point of creating .DEB packages. Last week I started looking at making the developer’s work more easy. Why not use Docker?  Let me share how easy is it get .DEB packages built up. Here we go:

I picked up nagios as I have a pretty good understanding on Nagios tool.

My Dockerfile looked very similar to the below:

Docker_DEB

File: build.sh

The file build.sh helps you to build the container through Docker file. Hope this is placed under the parent nagios/ directory.

Docker_DEB2

Once .deb is created through Dockerfile successfully, you might be interested to copy it to the host machine and henceafter removing the container. This file might help you with this.

File: extractdeb.sh

Dock_1

File: resource/configure.sh

The configure.sh provides all the necessary option for supplying the required parameter for nagios to pick and stay on the filesystem as shown below:

Docker_DEB4

That’s it. Just run the below commands in sequence and you are ready to build .DEB package in a single shot:

#cd ajeetraina/nagios

#./build.sh

#./extractdeb.sh

Hope you enjoyed the post. Do reach out to me if you have further ideas and suggestions.