Order in the System

Installing Docker

The following examples show how to install and run a Docker environment on Fedora 20. Docker version 1.2.0 is used; however, all of the examples also work without modification on other Red Hat-based distributions. You will find further guidance for other Linux versions on the Docker website [1].

First, install the package docker-io from the distribution's standard software repository and then enable the Docker service:

# yum -y install docker-io
# systemctl start docker
# systemctl enable docker

At this point, use:

# getenforce

to make sure the system is in SELinux enforcing mode

Enforcing

For a first test, start your first container with the command:

# docker run -i -t fedora /bin/bash

This activates a container based on the fedora image and starts the Bash shell in the container. The two options cause the container to be assigned a pseudo-terminal; you will have an interactive connection to the container. Because the fedora image is not yet present on the system, the Docker command-line tool establishes a connection to Docker Hub to download it from there.

Docker Hub is a central repository on which several different Docker images are available. Using docker search , you can search for specific images. If you use a proxy to connect to the Internet, first register it in the Systemd unit file for the Docker service (Listing 1) and then load the modified configuration:

# systemctl daemon-reload

After downloading the images, the Bash shell starts within the container and waits for your input. Access the ps command within the container and you will just see two processes: the Bash process with the PID 1 and the ps process. All other host system processes are not visible within the container, because it uses its own PID namespace.

### You can define an HTTP proxy for the Docker service in the file /usr/lib/systemd/system/ docker.service.
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=/usr/bin/docker -d -H fd:// $OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.0/8"
[Install]
Also=docker.socket

The same applies to the filesystem. Run ls, and you will see the container image's filesystem. The docker ps command displays all active containers on the host system (Listing 2).

# docker ps
CONTAINER ID  **  **  **  **  ** IMAGE  **  **  **  **  ** ** ** COMMAND  **  **  **  **  ** CREATED  **  **  **  **  ** STATUS  **  **  **  **  ** PORTS  **  **  **  **  ** NAMES
314852f5a82e  **  **  **  **  ** **fedora:latest  **  ** "/bin/bash  **  **  **  **8 seconds ago  **  **  **Up 6 seconds  **  **  **  **  **  **  **  ** ** ** ** **ecstatic_turing

Along with a unique ID for the container, at this point, you will see the image used, the application running in the container, and the container's current status. It is only active as long as the application is running. If you log out of the shell within the container, the container also stops. A renewed call to docker ps confirms this.

This command supports a number of useful options. For example, docker ps **-a displays all previously started containers, regardless of their status. The -l option restricts the output to the last started container. You can wake up a stopped container at any time using docker start. The -a option immediately produces an interactive connection, and you are then, in this example, connected with the container's shell. If you want to delete a container as soon as it has been stopped, use the --rm option when starting the container (docker start --rm).

Memory Internals

The Device Mapper storage back end generates two files in /var/lib/docker/devicemapper/devicemapper by default: a 100GB data file and a 2GB metadata file. Both files are sparse files which therefore occupy much less space on the filesystem. The data file contains all your system's image data. Docker generates the block devices that are integrated when starting a container from these files using a loopback mount.

You will find the metadata for all containers in /var/lib/docker/containers. The config.json file contains information for a container in JSON format. If you start a container, Docker will use the previously integrated data file. If you enter

du -h /var/lib/docker/devicemapper/devicemapper/data

you will see how much disk space the file actually occupies on the filesystem. The more images you use, the greater the disk space required.

If the standard size of 100GB is no longer sufficient, you can define a new size for the data file in a separate systemd unit file for the Docker service. Copy the file /usr/lib/systemd/system/docker.service to /etc/systemd/system/docker.service and extend the "ExecStart=/usr/bin/docker" line to include the options

--storage-opt dm.loopdatasize=500GB
--storage-opt dm.loopmetadatasize=10GB

At this point, note that the use of loopback devices instead of only block devices definitely involves a performance hit. The data and metadata pools should therefore be on physical block devices in productive environments. The readme file [2] for the Device Mapper back end describes how you can perform such a configuration.