7 октября 2019
The biggest waste is a waste of time.
In the modern world, time is valued very highly, so people come up with various ways to save and optimize it. And with modern information technologies and software products, we have come up with a lot of ways to make life easier. For example, take the development team, how often do they have to do the same things? And if they need to transfer the developed product to the client, but it is necessary to properly set the client's servers up for the product launch? And if there are several such clients?
Or consider another option. Do you have multiple development teams that use the same technologies, each time installing all the software products used for all projects?
You can, of course, write scripts that will install everything you need every time, but even so, it can take a long time.
Finally, consider the option of a person who wants to try something, but for this he needs to install, for example, a web server, and he does not know how to install and configure it.
This is where Docker comes to the rescue. Docker packs the software along with all the necessary libraries, settings, code, and environment in so-called containers that can then be transferred to other machines. Containers are a cross between the software installed on the server and the virtual machine.
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2Then select a repository with a stable version of Docker:
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoNow install:
$ sudo yum install docker-ce docker-ce-cli containerd.ioNow add it to autorun and launch it:
$ sudo systemctl enable docker
$ sudo systemctl start dockerAll that's left is to check the performance:
$ sudo docker run hello-worldThis code downloads the image, launches a container that displays an informational message, and exits.
Installing Docker didn't take much time, but what about installing programs? Quite a lot of ready-made images are in the so-called Docker Hub, it is supplemented by both ordinary users like you and me, and teams of developers of various software. Remember our article on installing Atlassian Bitbucket? With Docker it takes only 3 lines:
$ sudo docker volume create --name bitbucketVolume
$ sudo docker run -v bitbucketVolume:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 atlassian/bitbucket-server
$ sudo docker run -v /data/bitbucket:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 atlassian/bitbucket-serverATTENTION!
It is worth warning that by default Docker rewrites the firewall rules, which allows you to access the container externally. This is a common mistake for beginners.
Therefore, we will disable the ability to change firewall rules. To begin with, we'll write --iptables=false in the service launch properties. You should get something like the following:
$ sudo grep "iptables" /etc/systemd/system/multi-user.target.wants/docker.serviceExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=falseAfter that, you must restart the services:
$ sudo systemctl daemon-reload
$ sudo systemctl restart dockerThis method has a drawback - after updating Docker, you will have to write in this setting again. In order to save the settings after the reboot, you need to create a daemon.json file with following content:
$ sudo vi /etc/docker/daemon.json{
"iptables": false
}Now all you have to do is restart docker:
$ sudo systemctl restart dockerBut now not only we won’t be able to access our container externally, but also from other container if we have several containers running. For this you need to edit the firewall rules.
Add the proxy interface created by docker (docker0 by default) to the allowed ones:
$ sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
$ sudo firewall-cmd --reloadTo access the container via the Internet, you need to allow certain ports, for example:
$ sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
$ sudo firewall-cmd --reloadTo access the Internet from the container, you need masquerading. Activate it for the public zone, where it is disabled by default:
$ sudo firewall-cmd --permanent --zone=public --query-masquerade
no
$ sudo firewall-cmd --permanent --zone=public --add-masquerade
$ sudo firewall-cmd --permanent --zone=public --query-masquerade
yes
$ sudo firewall-cmd --reloadStudying Docker features can take a long time, what we wanted to do was to tell you about the existence of such software. There are many resources for learning and using Docker in both English and Russian. This is a very good resource for viewing basic Docker features. This course is fully interactive and is similar to a virtual machine that outputs its console directly to your web browser.
The Syncweb team hopes that this information is useful to you and will save your valuable time.
