******
Docker
******

Remove stopped containers::

     docker rm $(docker ps -a -q)

Remove dangling images::

    docker rmi $(docker images -qf dangling=true)

Move Docker Storage Location
============================
In ``/etc/default/docker``, use the ``-g`` option, e.g.::

    DOCKER_OPTS="-dns 8.8.8.8 -g /new/storage/location"


TTY
===
I was runnin https://github.com/phusion/baseimage-docker like this::

    docker run\
        --rm\
        --name baseimage-test\
        phusion/baseimage\
        /sbin/my_init --enable-insecure-key
    # in another terminal
    ssh root@$(docker inspect --format="{{ .NetworkSettings.IPAddress }}" baseimage-test)

and got the following error message::

    PTY allocation request failed on channel 0
    stdin: is not a tty

Just run docker with the ``--tty`` flag::

    docker run\
        --tty
        --rm\
        --name baseimage-test\
        phusion/baseimage\
        /sbin/my_init --enable-insecure-key


Caveats
=======
The number of commits to union file system is limited. Try the following::

    cd /tmp
    echo "FROM ubuntu:12.04" > Dockerfile
    for i in $(seq -w 200); do
        echo "RUN touch /tmp/foo_$i" >> Dockerfile
    done
    docker build -t aufs-limit .

On my box this is limited to 127 commits::

    Step 125 : RUN touch /tmp/foo_125
    2014/03/11 16:40:11 Cannot create container with more than 127 parents

One would be wise to keep Dockerfiles moderate in length.

Unprivileged User
=================
Run a container as unprivileged user::

    docker run -it --rm --user=www-data nginx id

If it is not present in the container::

    finalize namespace setup user get supplementary groups Unable to find user

Mounts will get written as the selected user::

    mkdir /tmp/foo
    docker run -it --rm --user=www-data -v /tmp/foo:/tmp/foo nginx bash -c "echo hi > /tmp/foo/by_docker_www-data"
    ls -la /tmp/foo/by_docker_www-data

Dafuq?
======
This works::

    # server
    docker run -t -i -expose=1243 ubuntu:12.04 bash -c 'apt-get update && apt-get install -y netcat && nc -kl 1234'
    # client
    docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x ubuntu:12.04 bash -c 'apt-get update && apt-get install -y netcat && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'

This does not (only difference is image "base" where salt is installed)::

    # server
    docker run -t -i -expose=1243 base bash -c 'apt-get update && apt-get install -y netcat && nc -kl 1234'
    # client
    docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x base bash -c 'apt-get update && apt-get install -y netcat && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'

Problem was that base image contains universe, where netcat results in
netcat-traditional instead of netcat-openbsd. Fix::

    # server
    docker run -t -i -expose=1243 base bash -c 'apt-get update && apt-get install -y netcat-openbsd && nc -kl 1234'
    # client
    docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x base bash -c 'apt-get update && apt-get install -y netcat-openbsd && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'


Volumes
=======
Temporary volumes::

    docker volume create --label tmp=yes
    # show
    docker volume ls --filter label=tmp
    # clean up
    docker volume rm $(docker volume ls --quiet --filter label=tmp)