Tuesday, July 26, 2022

Docker Restart policies

Hello DevOps/DevSecOps team, welcome back for another intresting post on Docker. In this post we will be discussing and experiment on "docker restart policies".
 

What is Docker restart policies?

Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker daemon restarts.
 
A Docker container’s status can be controlled by providing the restart policy while the container is instantiated with docker run sub command.

 
Docker container restart policies

Docker restart policies are there to keep containers active(Up status) in all possible downfalls, we can leverage it in multiple ways as an example if we have a Tomcat/Nginx web server running on a container and have to keep it Up and running even on bad request we can use restart policy with a flag, it will keep the server "Up" and running till we stopped it manually.
Syntax:
docker run --restart [policy-type] IMAGE [COMMAND] [ARG...]
  
Below are the policy-type for the running a container with --restart option:

1.	no (Default): Will not start containers automatically when in exited state.
2. on-failure [:max-retries] : Restart the container if it exits due to an error ( could be because of a crash ), which manifests as a non-zero exit code. (usually it’ll be in 100+ number 127 or 137,  143 exit codes).
3. unless-stopped: Restarts the container unless it is stopped manually. If done manually then container will not restart even after restarting Docker daemon.
4. always: It restarts always in any given situation, however If it is manually stopped, it is restarted only when Docker daemon restarts or the container itself is manually restarted.


.

How to enable restart of container which is already running
Ensure docker daemon restarts on system/VM reboot.
If I do restart the docker service restart with the following command on RHEL or Ubuntu Linux:
sudo systemctl enable docker.service
[optional] On the Play With Docker you can run the following command to restart the docker daemon.
kill -9 `pgrep dockerd`; dockerd > /docker.log 2>&1 &

1. Default policy no

What will happen to that running container? Does it start by itself? No because it's restart policy by default 'no' so it won't start.
docker container run --name no-c1 --restart no  -d nginx
docker ps
kill -9 `pgrep dockerd`; dockerd > /docker.log 2 > &1 &
docker ps
docker ps -a
After restart of docker daemon also "no" effect to the container. That is the default behaviour of containers.
always The name itself telling us it always try to restart the container when a docker daemon restarts.
# Usecase 1: a container with restart policy using always after the docker daemon restart will restart container
docker container run --name always-c1 --restart always -d nginx
docker ps 
kill -9 `pgrep dockerd`; dockerd > /docker.log 2>&1 &
docker ps
# Usecase 2: When you stop the container and restart the docker daemon
$ docker stop always-c1 
kill -9 `pgrep dockerd`; dockerd > /docker.log 2>&1 &
docker ps
Ensure the docker container has restart policy with update command
docker update --restart=always [container id or container name]
Regular restart policy is no. That means default container if it dies due to some reason, it will not start by itself. 
   docker run --name nginxc0 \
 -d nginx
unless-stopped
This policy work we will expect two use casees, Let's see first use case - This restart policy works same as always, when you are defined as follows the container nginxc1 after regular restart of docker engine it will be starting the container automatically.
   docker run --name nginxc1 \
 --restart unless-stopped -d nginx
 
  sudo systemctl restart docker

Use case 2 
The second use case - here the container will be stopped manually, but when the Docker engine restart completes there is no restarting container.

always
   docker run --name nginxc2 \
 --restart always -d nginx
 
  sudo systemctl restart docker

on_failure
   docker run --name nginxc3 \
 --restart on_failure -d nginx
 
  sudo systemctl restart docker

If we undderstand this setup how it works and saves in production, same policies will be used in the docker compose and docker stack yaml files as well.

Wednesday, July 20, 2022

Docker Command Tricks & Tips

 

Docker container command Tips & Tricks


Here my idea is to use the Unix/Linux 'alias' command for most those common docker container, network, volume commands to form as short-cuts. This trick work on bash shell.

First examine the docker container listing with the --format options as follows.

docker container ps -s \
  --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Size}}"
docker ps command

To get the logs of any applications that runs in container
alias dkrlogs='docker logs'
alias dkrlogsf='docker logs -f '

docker logs with alias trick

List of the images
alias dkri='docker image ls'
docker image list alias trick

The container list
alias dkrcs='docker container ls'
docker container list alias trick

Remove the 'Exited' status container
alias dkrrm='docker rm'
docker rm alias trick

Docker top list to see the container inside process ID

alias dkrtop='docker top'
docker top alias trick

All the above nice commands will be helpful for the pipelines, Containerization makes CI/CD seamless. 

We could add the following alias lines to our .bashrc or .bashprofile where docker command executable:
alias dkrlogs='docker logs'
alias dkrlogsf='docker logs -f '
alias dkri='docker image ls'
alias dkrcs='docker container ls'
alias dkrrm='docker rm'
alias dkrtop='docker top'
alias cleanall='docker container rm $(docker ps -a -q)'
alias dkrps='docker ps --all --format "table {{.ID}}\t{{.Names}}\t{{.Image}}\t{{.Status}}"'

How to know which docker volume connected to your container? 


Let's create a container named as myweb with a docker volume attached as web-volume.
docker run -d --name myweb --mount source=web-volume,destination=/usr/share/nginx/html nginx
Using inspect sub-command on the container --format string with JSON forms is going to return a Json block:
docker container inspect --format '{{json .HostConfig.Mounts}}' myweb |jq

alias knv2c="docker container inspect --format '{{json .HostConfig.Mounts}}' $1"
kn2c myweb|jq


alias k2c="docker container inspect -f '{{json .HostConfig.Mounts }}'"
docker container inspect with -f option json format


How to get a container IP from Docker Host?

Let's create a network as vybhava-net and add couple of containers to it as shown:
docker network create vybhava-net
docker run --net vybhava-net --name nginx -d nginx
# same way create n1, n2, n3 etc.

docker network inspect vybhava-net -f '{{json .Containers}}'|jq
  
Image here shows you the filtered JSON output for containers which are attached to the network 'vybhava-net'

Docker network inspect filtered for containers



How to get the network block and IPAddress of a given container? 

Getting the IPaddress of a container is as follows: 

Let's create an example container name as urweb.
  
docker run -d --name urweb \
--mount source=zing,destination=/usr/share/nginx/html nginx:alpine
Command execution related to alias using shell arguments:
docker container \
  inspect  -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' urweb

alias getip="docker container inspect  -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $1"
getip urweb 
The following is the execution of the alias command for the container within the default network.

How to get the User defined bridge network IPAddress? 


Let's make user defined network as mynet.
  
docker network create mynet; docker network ls

#create a mongo container
docker run -d --rm --name mongodb01 --network mynet  \
-e MONGO_INITDB_ROOT_USERNAME=admin  \
-e MONGO_INITDB_ROOT_PASSWORD="vybhavatechnologies" mongo

#Create a mongo-express container 
docker run -it --rm \
    --network mynet \
    --name mongo-express \
    -p 8081:8081 \
    -e ME_CONFIG_OPTIONS_EDITORTHEME="ambiance" \
    -e ME_CONFIG_MONGODB_SERVER="mongodb01" \
    -e ME_CONFIG_MONGODB_ADMINUSERNAME="admin" \
    -e ME_CONFIG_MONGODB_ADMINPASSWORD="vybhavatechnologies" \
    mongo-express
After adding two containers mongo, mongo-express to the mynet we can inspect the Network settings map to this user defined bridge network.
	
$ docker inspect -f '{{.Name}}-{{.NetworkSettings.Networks.mynet.IPAddress }}' 96bbda65987a
/mongo-express-172.19.0.3
[node1] (local) root@192.168.0.8 ~
$ docker inspect -f '{{.Name}}-{{.NetworkSettings.Networks.mynet.IPAddress }}' e2ba199e8307
/mongodb01-172.19.0.2
 

Sunday, July 10, 2022

Git Config different scopes

Hello DevOps or DevSecOps team here in this post I would like to expose more details about how the Git configurations can be done and viewed and where it is going to stored as file.

Git Basic Configurations and scopes

Let's see what are options we have for "git config" command in a Linux system, here I've used Ubuntu Linux to execute all 'git config' commands. 

git config command
git config scopes

There are three different levels : local, global, system-level configuration values attributes defined in Git. 

  1. System
  2. Global
  3. Local

System level config

Git allows us to define System wide configuration that means the configured values will be available for all users in the system and for every project repository as well.

# System level configurations will be stored in /etc/gitconfig file
git config --system core.editor "vim"
git config --system merge.tool "vimdiff"
The execution of the commands 

git config --global command example
git config --global command example


Global level config

Git configure values are defined at user level you can work on multiple repositories within the same user scope. If you define same values defined as in the system then user level values will be overrides.

 git config --global alias.co checkout
 git config --global alias.graph log --oneline --all --graph --decorate
 git config --global alias.graph "log --oneline --all --graph --decorate"
 git config --global alias.st status
 git config --global alias.ci commit
 git config --global alias.br branch
 git config --global --list
 cat .gitconfig
Defining Global level configuration and where it stores on hands-on:

git config --global scope

Local (Repository) level config

The configurations made at the local level are more overridden capacity than other two scopes. This will be useful project wise repository uses these definitions.

Now we configure global level user settings are as follows:

mkdir gitdemo-project
cd gitdemo-project/
git init
git config --local user.name "BhavaniShekhar"
git config --local user.email  "bhavanishekhar@vybhava.com"
git config --local --list
git st
cat .git/config
Le'ts execute this above commands for local repository wise config 

git config --local example
git config --local scope example


Troubleshooting: Learn from the Mistakes

I've proceeded here and created a file named 'mytest.py' and entered the sample code:

# This is first testing python program

print("Hello Git Learners!")

First file adding to index

git add mytest.py

warning: LF will be replaced by CRLF in mytest.py.
The file will have its original line endings in your working directory


Note We will discuss about CRLF issue in the 'Setting end line'.

At the time of committing the code found that mistake in the mail-id that 'devopshunger' given instead of  'devopshunter'. Learn from mistakes! 

How to edit my git configuration value for user.email? 

It will be the same command it will override to reset the value.

git config --global user.email 'gladiator@devopshunter.com'

Now new problem configuration is changed but my git log shows that old mailid! how to update that? We have option '--amend', where this option will help us to amend previous commit.

git commit --amend --reset-author
[master 4ec5de9] initial commit for the git learn project
 1 file changed, 3 insertions(+)
 create mode 100644 mytest.py


Unless you don't setup the global user config values you will be warned and automatically takes the operating system user and hostname as git user details. If you setup your customized user.name and user.email that will be used to commit the changes in the local and remote repo. When everyone go for look into "git log" it will show tracking history about who did the code changes and what and when it was done that change.

Verify the Configurations that you made to the global level.

 git config --list |grep user
user.name=devops.warrior
user.email=gladiator@devopshunter.com


How to Setup line ending preferences  in Windows?

This will be trick that you need to use for the GitOps to work better outputs.

For Mac/Unix/Linux platform users

git config --global core.autocrlf input
git config --global core.safecrlf true


For Windows platform user

git config --global core.autocrlf true
git config --global core.safecrlf true


Try this trick on your git bash.

Relevant References: 

  1. Git Alias
  2. Git on PowerShell
  3. Git config setting up repo

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)