Docker#

Remove stopped containers:

docker rm $(docker ps -a -q)

Remove dangling images:

docker rmi $(docker images -qf dangling=true)

Move Docker Storage Location#

In /etc/default/docker, use the -g option, e.g.:

DOCKER_OPTS="-dns 8.8.8.8 -g /new/storage/location"

TTY#

I was runnin phusion/baseimage-docker like this:

docker run\
    --rm\
    --name baseimage-test\
    phusion/baseimage\
    /sbin/my_init --enable-insecure-key
# in another terminal
ssh root@$(docker inspect --format="{{ .NetworkSettings.IPAddress }}" baseimage-test)

and got the following error message:

PTY allocation request failed on channel 0
stdin: is not a tty

Just run docker with the --tty flag:

docker run\
    --tty
    --rm\
    --name baseimage-test\
    phusion/baseimage\
    /sbin/my_init --enable-insecure-key

Caveats#

The number of commits to union file system is limited. Try the following:

cd /tmp
echo "FROM ubuntu:12.04" > Dockerfile
for i in $(seq -w 200); do
    echo "RUN touch /tmp/foo_$i" >> Dockerfile
done
docker build -t aufs-limit .

On my box this is limited to 127 commits:

Step 125 : RUN touch /tmp/foo_125
2014/03/11 16:40:11 Cannot create container with more than 127 parents

One would be wise to keep Dockerfiles moderate in length.

Unprivileged User#

Run a container as unprivileged user:

docker run -it --rm --user=www-data nginx id

If it is not present in the container:

finalize namespace setup user get supplementary groups Unable to find user

Mounts will get written as the selected user:

mkdir /tmp/foo
docker run -it --rm --user=www-data -v /tmp/foo:/tmp/foo nginx bash -c "echo hi > /tmp/foo/by_docker_www-data"
ls -la /tmp/foo/by_docker_www-data

Dafuq?#

This works:

# server
docker run -t -i -expose=1243 ubuntu:12.04 bash -c 'apt-get update && apt-get install -y netcat && nc -kl 1234'
# client
docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x ubuntu:12.04 bash -c 'apt-get update && apt-get install -y netcat && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'

This does not (only difference is image “base” where salt is installed):

# server
docker run -t -i -expose=1243 base bash -c 'apt-get update && apt-get install -y netcat && nc -kl 1234'
# client
docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x base bash -c 'apt-get update && apt-get install -y netcat && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'

Problem was that base image contains universe, where netcat results in netcat-traditional instead of netcat-openbsd. Fix:

# server
docker run -t -i -expose=1243 base bash -c 'apt-get update && apt-get install -y netcat-openbsd && nc -kl 1234'
# client
docker run -i -t -link $(docker ps | head -n2 | tail -n1 | python -c 'import sys; print sys.stdin.read().strip().split()[-1].split(",")[0]'):x base bash -c 'apt-get update && apt-get install -y netcat-openbsd && echo "$HOSTNAME says hi" | nc $X_PORT_1243_TCP_ADDR 1234 && echo "message sent"'

Volumes#

Temporary volumes:

docker volume create --label tmp=yes
# show
docker volume ls --filter label=tmp
# clean up
docker volume rm $(docker volume ls --quiet --filter label=tmp)