docker – Hackfi

Run ipfs server with docker

mkdir /root/ipfs

docker run -d  \
-v /root/ipfs:/export \
-v /root/ipfs:/data/ipfs \
-p 192.168.0.189:4001:4001 -p 192.168.0.189:4001:4001/udp -p 192.168.0.189:8080:8080 -p 192.168.0.189:5001:5001 \
ipfs/kubo:latest

stop and start ipfs container

On demand ecs fargate as Jenkins worker node

Create separate ecs-farget template for different kind of workload.
Do the proper tagging of resources so that we get proper costing

Docker with TLS:

###### server
dockerd \
    --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=server-cert.pem \
    --tlskey=server-key.pem \
    -H=0.0.0.0:2376

##### client
docker --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=cert.pem \
    --tlskey=key.pem \
    -H=$HOST:2376 version

##### secure by default
mkdir -pv ~/.docker
cp -v {ca,cert,key}.pem ~/.docker
export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1


##### make sure to have correct host/DNS name while creating the server cert

https://aws.amazon.com/blogs/containers/building-container-images-on-amazon-ecs-on-aws-fargate/

Docker socket remote access

Remote access docker:

   ┌─────────┐               port ┌────────┐
   │         │                    │        │
   │         │               2375 │        │
   │         ├────────────────────┤        │
   │         │           2376(TLS)│        │
   └─────────┘                    └────────┘
      client                      Docker Host

    192.168.0.10                  192.168.0.11

On docker client:

export DOCKER_HOST="tcp://192.168.0.11:2375"

With socat:

On docker host(192.168.0.114):

socat TCP-LISTEN:6644,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock

On docker client:

socat UNIX-LISTEN:/var/run/docker.sock,fork,reuseaddr,unlink-early,user=root,group=docker,mode=770 TCP:192.168.0.114:6644

Docker client:

root@lp-arm-2:~# docker ps
CONTAINER ID   IMAGE         COMMAND                  CREATED          STATUS          PORTS           NAMES
18f7aff52a13   docker:dind   "dockerd-entrypoint.…"   32 minutes ago   Up 32 minutes   2375-2376/tcp   nostalgic_jang

https://unix.stackexchange.com/questions/683688/is-it-possible-to-access-a-unix-socket-over-the-network

https://serverfault.com/questions/127794/forward-local-port-or-socket-file-to-remote-socket-file

Skopeo – Copy multi arch image from one registry to another registry

login to the repository:

[home@home ~]$ skopeo login --username $USER docker.io
Password: 
Login Succeeded!

Copy:

skopeo copy -a docker://nginx docker://$USER/nginx

References:

Enable systemd in WSL

update wsl (in powershell)

wsl --update

edit /etc/wsl.conf file and append/add [boot]

[automount]
options = "metadata"
[boot]
systemd=true

shutdown wls

 wsl --shutdown

Open WSL and check

apt install nginx -y

systemctl status nginx

#OR you can install docker directly in WSL

wsl -l

wsl -l -v

https://www.xda-developers.com/how-enable-systemd-in-wsl/

View image in linux ascii terminal

Install / Download binary from https://github.com/atanunq/viu

Dockerfile

FROM rust:slim-buster as build
ARG ARCH
WORKDIR opt
RUN rustup target add $ARCH-unknown-linux-musl
RUN apt update && apt install git -y
RUN git clone https://github.com/atanunq/viu
WORKDIR viu
RUN cargo build --target $ARCH-unknown-linux-musl --release
RUN cp /viu/target/$ARCH-unknown-linux-musl/release/viu /usr/bin

FROM alpine:3.15.0
COPY --from=build /opt/viu/target/$ARCH-unknown-linux-musl/release/viu /usr/bin
ENTRYPOINT ["viu"]

docker build with args

podman build -t viu --build-arg ARCH=x86_64 .

docker run -it -v $(pwd):/opt viu "/opt/img/bfa.jpg"

https://doc.rust-lang.org/nightly/rustc/platform-support.html
https://unix.stackexchange.com/questions/35333/what-is-the-fastest-way-to-view-images-from-the-terminal

Access/copy files in distroless container

Method 1 – using basic shell command

# Get the PID
ps -ef | grep <containerID>

# View all files
ls -ltr /proc/<PID>/root/

Method 2 – using kubectl , docker cp command

docker cp containerID:/path/to/file /path/file
kubectl cp pod_name:/path/to/file /path/file

More : https://blog.px.dev/container-filesystems/

Build haskell static binary with docker

Why?
– Reduce surface attack
– Reduce docker image size

hola.sh

{-# LANGUAGE OverloadedStrings #-}
import Web.Scotty

import Data.Monoid (mconcat)

main = scotty 3000 $
    get "/:word" $ do
        beam <- param "word"
        html $ mconcat ["<h1>Scotty, ", beam, " me up!</h1>"]

alpine.Dockerfile

FROM haskell:8 AS build
WORKDIR /opt
RUN cabal update
RUN cabal install --lib scotty
COPY hola.hs .
#RUN ghc --make -threaded hola.hs  -o hola
RUN ghc --make -threaded -optl-static -optl-pthread hola.hs -o hola

FROM alpine:3.15.0
RUN addgroup -S group1 && adduser -S user1 -G group1
USER user1
WORKDIR /opt
COPY --from=build /opt/hola .
EXPOSE 3000
CMD ["/opt/hola"]

Create statically linked rust docker image with alpine

Why?
– Optimize size
– less surface attack

FROM rust:slim-buster AS build
WORKDIR /opt
COPY . .
RUN rustup target add x86_64-unknown-linux-musl
RUN cargo build --target x86_64-unknown-linux-musl --release

FROM alpine:3.15.0
WORKDIR /opt
COPY --from=build /opt/target/x86_64-unknown-linux-musl/release .
EXPOSE 7878
CMD ["/opt/simple-rust-webserver"]

docker build -t rust-web-alpine -f alpine.Dockerfile .

docker run -d -p 7878:7878 rust-web-alpine

[root@lp-test-1 simple-rust-webserver]# docker images | grep rust-web-alpine
rust-web-alpine                                latest          7dd00663078c   9 minutes ago    9.4MB

main.rs

use std::net::{TcpStream, TcpListener};
use std::io::{Read, Write};
use std::thread;


fn handle_read(mut stream: &TcpStream) {
    let mut buf = [0u8 ;4096];
    match stream.read(&mut buf) {
        Ok(_) => {
            let req_str = String::from_utf8_lossy(&buf);
            println!("{}", req_str);
            },
        Err(e) => println!("Unable to read stream: {}", e),
    }
}

fn handle_write(mut stream: TcpStream) {
    let response = b"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html><body>hola rust</body></html>\r\n";
    match stream.write(response) {
        Ok(_) => println!("Response sent"),
        Err(e) => println!("Failed sending response: {}", e),
    }
}

fn handle_client(stream: TcpStream) {
    handle_read(&stream);
    handle_write(stream);
}

fn main() {
    let listener = TcpListener::bind("0.0.0.0:7878").unwrap();
    println!("Listening for connections on port {}", 7878);

    for stream in listener.incoming() {
        match stream {
            Ok(stream) => {
                thread::spawn(|| {
                    handle_client(stream)
                });
            }
            Err(e) => {
                println!("Unable to connect: {}", e);
            }
        }
    }
}

More : https://users.rust-lang.org/t/building-executable-for-alpine-linux/13568

https://doc.rust-lang.org/cargo/commands/cargo-build.html

opensearch docker-compose

version: '3'
services:
  opensearch-node1:
    image: opensearchproject/opensearch:latest
    container_name: opensearch-node1
    environment:
      - discovery.type=single-node
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /opt/opensearch:/usr/share/opensearch/data
    ports:
      - 9200:9200
      - 9600:9600
  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest
    container_name: opensearch-dashboards
    ports:
      - 5601:5601
    expose:
      - "5601"
    environment:
      OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]'

more : https://opensearch.org/samples/docker-compose.yml