CENG301 Database Management Systems

Session-4
Asst. Prof. Mustafa YENIAD
myeniad@gmail.com
 A Brief Information & What will you achieve?
• An introduction to the container world with Docker
(In simple words, Docker is a container runtime software,
and addtionally, Kubernetes is a container orchestration tool)

• By the end of this session, you will understand the core concepts of Docker, such as
Introduction

images, containers, Dockerfiles, using it along with useful docker commands.

• And comprehend why it is good for production and development and will be able to run
your applications using containers.

• You probably heard someone talking or read some article that cites Docker.
But what is it all about?
Why should I use Docker?
And why is it good for both dev and production systems.
 Why you should learn Docker?
• With every organization going towards the Cloud, the container model is going to be
even more critical in the coming years, and Docker and Kubernetes will play a significant
role in deploying and running software from Cloud.
• That's why it is very important for both programmers and DevOps engineers to learn
Introduction

Docker and Kubernetes to do well on their current job and add an in-demand technical
skill.

• Why containers? https://www.youtube.com/watch?v=n-JwAM6XF88

• Container and Kubernetes: https://www.youtube.com/watch?v=gFozhTXOx18
Introduction Why you should learn Docker?

One of the biggest benefits of running PostgreSQL is running your cluster in

primary-replica setup for the purposes of high-availability or load balancing
your read-only queries.

See: https://www.crunchydata.com/blog/an-easy-recipe-for-creating-a-postgresql-cluster-with-docker-swarm
 Docker Concepts
• Docker is a command-line program, a background daemon, and a set of remote
services that take a logistical approach to solving common software problems and
simplifying your experience installing, running, publishing, and removing software.
• Docker provides a uniformed wrapper around a software package:
"Build, Ship and Run Any App, Anywhere" [https://www.docker.com]
• Similar to shipping containers: The container is always the same, regardless of the contents and thus fits on
all trucks, cranes, ships, ...
Docker

• Docker Technology:
libvirt: Platform Virtualization
LXC (LinuX Containers):
Multiple isolated Linux systems
(containers) on a single host
Layered File System

[Source: https://docs.docker.com/terms/layer/]
 Remember: Namespace
• In computing, a namespace is a set of symbols that are used to organize objects of various kinds, so that
these objects may be referred to by name. Prominent examples include:
File Systems are namespaces that assign names to files
Some Programming Languages organize their variables and subroutines in namespaces
Computer Networks and Distributed Systems assign names to resources, such as computers, printers,
websites, (remote) files, etc.
• As an analogy, consider a system of naming of people where each person has a proper name, as well as a
family name shared with their relatives. If the first names of family members are unique only within each
Docker

family, then each person can be uniquely identified by the combination of first name and family name.

In a similar way, hierarchical file systems organize files in directories. Each directory is a separate
namespace, so that the directories "letters" and "invoices" may both contain a file "to_jane".

In computer programming, namespaces are typically employed for the purpose of grouping symbols and
identifiers around a particular functionality and to avoid name collisions between multiple identifiers that
share the same name.

In networking, the Domain Name System organizes websites (and other resources) into hierarchical
namespaces.
 Additional Information - Linux Namespaces
• Linux Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of
processes sees one set of resources while another set of processes sees a different set of resources.
• The feature works by having the same name space for these resources in the various sets of processes, but
those names referring to distinct resources. Examples of resource names that can exist in multiple spaces, so
that the named resources are partitioned, are process IDs, hostnames, user IDs, file names, and some
names associated with network access, and interprocess communication.
• Namespaces are fundamental aspect of containers on Linux.
Docker

• The term "namespace" is often used for a type of namespace (e.g. process ID) as well for a particular space
of names. A Linux system starts out with a single namespace of each type, used by all processes. Processes
can create additional namespaces and join different namespaces.
• Since kernel version 4.10, there are 7 kinds of namespaces: Mount (mnt), Process ID (pid), Network (net),
Interprocess Communication (ipc), UTS, User ID (user), and Control Group (cgroup)
• Namespace functionality is the same across all kinds: Each process is associated with a namespace and can
only see or use the resources associated with that namespace, and descendant namespaces where
applicable. This way each process (or group thereof) can have a unique view on the resource. Which
resource is isolated depends on the kind of namespace that has been created for a given process group.
• Filedescriptor to the namespace's (ns) file: /proc/<pid>/ns/<ns-kind>
 Container technique
• Linux Kernel provides the “control groups” (cgroups) functionality (cgroup-tools):
Allows limitation and prioritization of resources (CPU, Memory, Block I/O, Network, etc.) without the need
for starting any VM
Introduced in 2008 (Kernel 2.6.24)
• Various container software use Linux namespaces in combination with cgroups to isolate their processes,
including Docker and LXC.
• “namespace isolation” functionality:
Docker

Resource limiting, Prioritization, Accounting, and Control (freezing groups of processes, restarting, etc.)
Allows: Complete isolation of an applications' view of the operating environment, including process trees,
networking, user IDs and mounted file systems.
Possible to have a new “init” process for each container!
• Containers running in the user space
• Each container has:
• Own process space; Own network interface; Own /sbin/init (coordinates the rest of the boot process
and configures the environment for the user)
• Run stuff as root
• Share kernel with the host
• No device emulation. The system software and devices are provided by the image.
 Docker Concepts
• Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers.
The use of Linux containers to deploy applications is called containerization.
Containers are not new, but their use for easily deploying applications is.
• Docker engine runs in the background.
• Containerization is increasingly popular because containers are:
Flexible: Even the most complex applications can be containerized.
Lightweight: Containers leverage and share the host kernel.
Interchangeable: You can deploy updates and upgrades on-the-fly.
Docker

Portable: You can build locally, deploy to the cloud, and run anywhere.
Scalable: You can increase and automatically distribute container replicas.
Stackable: You can stack services vertically and on-the-fly.
• An image is an executable package that includes everything needed to run an application--the code, a runtime,
libraries, environment variables, and configuration files.
• A container is a run-time instance of an image--what the image becomes in memory when executed (that is, an image
with state, or a user process). A container is launched by running an image. (Self-contained units of software that has
its own file system)
You can see a list of your running containers with the command, just as you would in Linux:
# docker ps; docker ps -l
• When you run a container the process you launch take the PID 1 and assume init power. So when that process is
terminated the daemon stop the container until a new process is launched (via docker start).
 Docker Concepts
• Traditional deployment era: Early on, organizations ran applications on physical servers. There was no way to define resource boundaries for applications
in a physical server, and this caused resource allocation issues.
• Virtualized deployment era: As a solution, virtualization was introduced. It allows you to run multiple Virtual Machines (VMs) on a single physical server's
CPU. Virtualization allows applications to be isolated between VMs and each VM is a full machine running all the components, including its own operating
system, on top of the virtualized hardware.
• Container deployment era: Like VM, a container has its own filesystem, share of CPU, memory, process space, and more. As they are decoupled from the
underlying infrastructure, they are portable across clouds and OS distributions.
Docker

[Source: https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/]
 Docker Concepts - LXC/Docker vs VM
• A container runs natively on Linux and shares the kernel of the host machine with other containers. It runs a
discrete process, taking no more memory than any other executable, making it lightweight.
• By contrast, a virtual machine (VM) runs a full-blown “guest” operating system with virtual access to host
resources through a hypervisor. In general, VMs provide an environment with more resources than most
applications need.

• Containers are not virtualization!

Without Docker, businesses typically use hardware
Docker

virtualization (also known as virtual machines) to

provide isolation. Virtual machines provide virtual
hardware on which an operating system and other
programs can be installed. They take a long time
(often minutes) to create and require significant
resource overhead because they run a whole copy of
an operating system in addition to the software you
want to use.
• Unlike virtual machines, Docker containers do not use
hardware virtualization. Programs running inside Docker
containers interface directly with the host’s Linux kernel. Because there is no additional layer between the program running inside the
container and the computer’s operating system, no resources are wasted by running redundant software or simulating virtual
hardware. This is an important distinction. Docker is not a virtualization technology. Instead, it helps you use the container technology
already built into your operating system.
 Remember: Hypervisor
• A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows
one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
Docker

• Generally, there are two types of hypervisor:

• Type 1 hypervisors, called “bare metal hypervisor” run directly on the host’s hardware.
Bare metal hypervisors are installed directly on physical host server hardware just like an operating system and run on dedicated
hardware. They require a management console and are used in data centers. Examples of this type of hypervisor include Oracle
OVM for SPARC, ESXi, Hyper-V and KVM.
• Type 2 hypervisors, called “hosted hypervisor” run as a software layer on an OS, like other computer programs.
A Hosted Hypervisor is a virtual machine manager that is installed as a software application on an existing OS. It supports guest
virtual machines by coordinating calls for CPU, memory, disk, network and other resources through the physical host's operating
system. This makes it easy for an end user to run a virtual machine on a personal computing device. Examples of this type of
hypervisor include VMware Fusion, Oracle Virtual Box, Solaris Zones, Parallels and VMware Workstation.
• Hypervisors make it possible to use more of a system’s available resources and provide greater IT mobility since the guest VMs
are independent of the host hardware. This means they can be easily moved between different servers.
• As an analogy: ~ may be accepted that: Hypervisor->Docker Daemon (or Docker Engine); VM->Container (just one process!)
 Docker Concepts - LXC/Docker vs VM
• The advantages of Virtual Machines or Virtualization are:
• Multiple operating systems can run on the same machine
• Maintenance and Recovery were easy in case of failure conditions
• Total cost of ownership was also less due to the reduced need for
infrastructure
• Followings are the disadvantages of Virtualization:
• Running multiple Virtual Machines leads to unstable performance
• Hypervisors are not as efficient as the host operating system
Docker

• Boot up process is long and takes time

• Advantages of Containerization:
• Containers on the same OS kernel are lighter and smaller
• Better resource utilization compared to VMs
• Boot-up process is short and takes few seconds
Docker Docker & Hypervisor scenarios
 Docker Concepts - LXC/Docker vs VM
• "Do one thing and do it well!"
• See also:
• Main Docker Site: https://www.docker.io
• Docker Registry: https://index.docker.io
• Docker Registry API: http://docs.docker.io/en/latest/api/registry_api
• Docker Index API: http://docs.docker.io/en/latest/api/index_api
• Docker Remote API: http://docs.docker.io/en/latest/api/docker_remote_api
Docker

• https://docs.docker.com/reference/
 Docker Concepts - Image vs Container
• In Dockerland, there are images and containers. The two are closely
related, but distinct.
• To use a programming metaphor, if an image is a class, then a
container is an instance of a class - a run-time object. Containers are
hopefully why you're using Docker; they're lightweight and portable
encapsulations of an environment in which to run applications.
• An image is an inert, immutable, file that's essentially a snapshot of
a container and it is really a template that can be turned into a
container.
Docker

• To turn an image into a container, the Docker engine takes the

image, adds a read-write filesystem on top and initializes various
settings including network ports, container name, ID and resource
limits.
• A running container has a currently executing process, but a
container can also be stopped (or exited in Docker's terminology).
An exited container is not the same as an image, as it can be
restarted and will retain its settings and any filesystem changes.
• As in the programming aspect, Image is a source code. When source
code is compiled and build, it is called as application. Similar to that
"when instance is created for the image", it is called as "Container".
Docker provides what is called an abstraction. Abstractions allow
you to work with complicated things in simplified terms.
• A container is a self contained sealed unit of software.
 Docker Concepts - Image vs Container
• Images are created with the build command, and they will produce a container when started with run. Images are stored in a Docker registry such as
registry.hub.docker.com. Because they can become quite large, images are designed to be composed of layers of other images, allowing a miminal amount
of data to be sent when transferring images over the network.
• Everything starts with the Dockerfile. The Dockerfile is the source code of the Image (It is a text file that contains all the commands, in order, needed to
build a given image. A Dockerfile is executed by the docker build command). Once the Dockerfile is created, you build it to create the image of the
container. The image is just the "compiled version" of the "source code" which is the Dockerfile. Once you have the image of the container, you should
redistribute it using the registry. The registry is like a git repository - you can push and pull images. Next, you can use the image to run containers. (Public
repository of Docker images: https://hub.docker.com/)
Docker
 Docker Concepts - Image vs Container
A picture is worth a thousand words:
Docker

• Pull image from Docker hub or build from a Dockerfile => Gives a Docker image (not editable!)
• Run the image ("docker run image_name:tag_name") => Gives a running image (i.e. a container)
 Install, Start and Test Docker (on Linux)
• New Linux distributions now use DNF (Dandified YUM). DNF technology provides increased performance, has well-defined APIs, and supports modular
content, software AppStreams for cloud, container workloads.
• DNF is a software package manager. It installs, performs updates, and removes packages on Linux distributions.
• Use DNF to add & enable the official Docker CE repository and also list the repos:
$ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo; sudo dnf repolist -v
• To list all the available docker-ce packages:
$ sudo dnf list docker-ce --showduplicates | sort -r
• An efficient solution is to allow your Linux system to install the version that meets the criteria best, using the --nobest command: (The
installation skips the latest candidates and installs the most appropriate version with the required containerd.io packages.)
$ sudo dnf install docker-ce --nobest --allowerasing -y # or yum install docker-ce docker-ce-cli containerd.io
Docker

• Enable and start the Docker service with: (We see the timestamp and confirm that Docker is active.)
$ sudo systemctl enable --now docker; systemctl status docker
• Add your user to the docker group with the following command:
$ sudo usermod -aG docker $USER; id $USER

• Testing Docker Installation by Pulling Test Container Image:

$ docker pull alpine
• Check if the image is available:
$ docker images
• Initiate Alpine Container Image: Use Docker to run the container with the downloaded image and try doing a simple command:
$ docker run -it --rm alpine /bin/sh

/# apk update
• You have successfully installed and configured Docker on Linux.
 Install, Start and Test Docker
• Alternatively:
$ docker images
$ docker pull hello-world
$ docker run hello-world
$ docker images
$ docker ps -a
$ docker version
$ docker info
$ docker
• Example of the docker name structure (you can leave out the parts you don't need):
Docker

registry.example.com:port/organization/image-name:version-tag

• All layers are read-only inside the image.

• When you run an image, and create a container or instantiate a
container, as it's called, that top writable layer is created and when
you go into the container and make changes to that container, or
perhaps the application runs and modifies inside the container,
that writables layer is modified (Union File System).
• When the contaner is stopped, that writable layer remains,
however, if the container is removed, the writable layer is gone or
deleted. And the image is the only thing that remains. And this is
why people say that containers are stateless.
 Play with Docker: A simple, interactive and fun playground to learn Docker
• PWD is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience
of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even
create clusters in Docker Swarm Mode.
Docker

• Try: https://labs.play-with-docker.com/
 Docker Concepts - Creating an Image
• When creating an image form a file, you have a number of different options.
See: https://docs.docker.com/engine/reference/commandline/build/
$ docker build https://github.com/docker/rootfs.git#container:docker # from git repositories
$ docker build http://server/context.tar.gz # from git repositories
$ docker build - < Dockerfile # from text files
$ docker build . # build with path
$ docker build github.com/creack/docker-firefox # build with URL
$ docker build context.tar.gz # build from a compressed context
Docker

$ docker build -f Dockerfile . # build with a Dockerfile

 Docker Concepts - Container
A picture is worth a thousand words:
Docker

A container includes: code, configs, processes, networking, dependencies and it even includes just enough of the operating system to run
your code.
Each container has its own isolated little world.
And Docker is the program that manages all of this!
 Docker Concepts - Container
Docker:
A client program named Docker (technically Container Runtime),
A server program that manages a Linux system,
A program that builds containers from code along with its dependencies and bundles
it up and then seals it into a container.
And it is a service that distributes these containers across the internet and makes it so
you can find other’s work, and the right people can find your work.
Docker

To see list of your running containers (except the Stopped Containers by default):
# docker ps

List the image(s) that was downloaded to your machine:

# docker image ls

See also: https://docs.docker.com/get-started/

 The Docker Flow
A picture is worth a thousand words:
• The whole point of images: they are fixed points where you know everything is
good and you can always start from there.
• "docker run" command takes an image and turns into a living container
• The next step in the Docker flow is a "Stopped Container" that is running is alive, it
has a process in it. When that process exits, the container will be still there.
• To see all containers (Stopped included) we can specify the "-a" argument:
# docker ps -a
Docker

• If we just want to see the last container to exit specify the "-l" argument after "ps":
# docker ps -l
• "docker run" and "docker commit " are complementary to each other
• To run an image (i.e. ubuntu) and commit it as a new new image:
# docker run -ti ubuntu bash [new_container_name]
root@c7b98e3cf524 touch my-important-file; exit
# docker commit [c7b98e3cf524(container_id) or container_name] [my-new-image-name]
sha256:c6e5341fb9c7aea8700e4b1944912316e7262bd02b19214662e4120053221e7f
(if you didn’t provide [my-new-image-name]):
# docker tag c6e5341fb9c7aea8700e4b1944912316e7262bd02b19214662e4120053221e7f my-new-image-name
# docker images
 The Docker Flow
A picture is worth a thousand words:
Docker
 The Docker Flow
• "docker run" and "docker commit" are complementary to each other:
• "docker run" takes images to containers, and "docker commit" takes containers back
to new images. (It does not overwrite the image that the container was made from)

• Let's take an example:

• Start with the Ubuntu image:
# docker run -ti ubuntu:latest bash # the ":latest" tag is actually optional, if you don't specify it, Docker will fill in the word "latest" for you.
• Create an empty file while you are in the container:
Docker

# touch my_file; ls; exit

• After finish editing and exiting this container, look at the most recently exited container:
# docker ps -l
• Grab that container ID and commit it:
# docker commit [container-id]; docker images
• Set a new tag name for that:
# docker tag [container-id] :[new-tag i.e: v5.2] ; docker images
• To run that new image and go to its bash environment:
# docker run -ti [new-tag] or [container-id] bash
• To run a container that run in detached mode (i.e. Like a daemon or background process):
# docker run -d [tag] or [container-id]
 Docker Concepts – Useful / Important Commands

$ docker images
$ docker container ls # ="docker ps" list the running containers ; sure it is more typing, but it is a lot more clear on what it does.
$ docker container ls -l # ="docker ps -l" list latest created container
$ docker container ls -a # ="docker ps -a" list all (both running and stoppped) containers
$ docker run -ti [image_name] # ti: terminal interactive takes images to container and runs command(s) in this new container
$ docker run -ti --name [string] [image_name] # Assign a name to the container and run it
Docker

$ docker ps # take a look to "running images" = "containers"

$ docker exec -it [container-id] bash # This allows you to run a command in a running container, (runs: bash)
$ docker attach [container-id] or [its name] # This allows you to enter a running container (the same with the previous & more useful)
$ docker start [container-id] or [its name] # Start one or more stopped container(s)
$ docker inspect [instance-id] or [its name] # Return detailed information on Docker objects (i.e. images, containers..)
$ docker image inspect [instance-id] or [its name]
$ docker exec -ti --user root [container-id] or [its name] bash