Your B.Tech.

Project Title

A Report Submitted
in Partial Fulfillment of the Requirements
for the Degree of
Bachelor of Technology
in
Computer Science & Engineering

by
Your Name goes here

to the
COMPUTER SCIENCE AND ENGINEERING DEPARTMENT
MOTILAL NEHRU NATIONAL INSTITUTE OF TECHNOLOGY
ALLAHABAD
April, 2017
 UNDERTAKING

I declare that the work presented in this report ti-

tled Your B.Tech. Project Title, submitted to the
Computer Science and Engineering Department, Motilal
Nehru National Institute of Technology, Allahabad, for
the award of the Bachelor of Technology degree in
Computer Science & Engineering , is my original work. I
have not plagiarized or submitted the same work for the award
of any other degree. In case this undertaking is found incorrect,
I accept that my degree may be unconditionally withdrawn.

April, 2017
Allahabad
(Your Name goes here)

ii
 CERTIFICATE

Certified that the work contained in the report ti-

tled Your B.Tech. Project Title, by Your Name
goes here, has been carried out under my super-
vision and that this work has not been submitted
elsewhere for a degree.

(Your Guide Name)

Computer Science and Engineering Dept.
M.N.N.I.T, Allahabad

April, 2017

iii
Preface

A good B.Tech. thesis is one that helps you in furthering your interest in a specific
field of study. Whether you plan to work in an industry or wish to take up academics
as a way of life, your thesis plays an important role.
Your thesis should judiciously combine theory with practice. It should result
in a realization of reasonably complex system (software and/or hardware). Given
various limitations, it is always better to extend your predecessors work. If you
plan it properly, you can really build on the experience of your seniors.

iv
Acknowledgements

Here it will go something like this............It is a great pleasure to thank the giants
on whose shoulders I stand. First of all, I would like to thank my supervisor ...

v
Contents

Preface iv

Acknowledgements v

1 Introduction 1

2 Why Docker Why not VM? 3

3 Docker Images 5
3.1 Containers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Useful Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2.1 Listing Docker Images . . . . . . . . . . . . . . . . . . . . . . 6
3.2.2 Searching Docker images . . . . . . . . . . . . . . . . . . . . . 7
3.2.3 Docker Pull . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.4 Remove an image . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.3 Manipulating a container . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4 Building your own Docker Image . . . . . . . . . . . . . . . . . . . . 10
3.4.1 Docker File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4 Docker Hub 12

5 Deploying applications with docker 14

5.1 Deploying a website with Docker . . . . . . . . . . . . . . . . . . . . 14

6 Docker Swarm 16
6.1 Docker swarm Components . . . . . . . . . . . . . . . . . . . . . . . 16

vi
 6.2 Docker swarm Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

7 Docker Security 19

A Appendix A 22
A.1 Difference Between VM and docker . . . . . . . . . . . . . . . . . . . 22
A.2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

References 24

vii
Chapter 1

Introduction

Figure 1: Docker

Docker is an open source platform which can be used to package, distribute and
run your applications. Docker provides an easy and efficient way to encapsulate
applications (e.g. a Java web application) and any required infrastructure to run
that application (e.g. Red hat Linux OS, Apache web server, Tomcat application
server, mySQL database etc.) as a single Docker image which can then be shared
through a central, shared Docker registry. The image can then be used to launch
a Docker container which makes the contained application available from the host
where the Docker container is running. Docker provides some convenient tools to

1
build Docker images in a simple and efficient way. A Docker container on the other
hand is a kind of light weight virtual machine with considerably smaller memory
and disk space footprint than a full blown virtual machine. Docker also has a
native clustering called Docker swarm.By enabling fast, convenient and automated
deployments, Docker has the effect of shortening the cycle between writing code,
testing code and getting it live on Production. The most common analogy used to
help people understand Docker is saying that Docker containers are like shipping
containers: they provide a standard, consistent way of shipping just about anything.
Docker containers provide a standard, consistent way of packaging just about any
application

2
Chapter 2

Why Docker Why not VM?

Docker is a container management system that helps easily manage Linux Containers
in an easier and universal fashion . There is no need for a complete operating system

Figure 2: Difference

every time we need to bring up a new container, which cuts down on the overall
size of containers. Docker relies on using the host OSs Linux kernel for the OS it
was built upon, such as Red Hat, CentOS, Ubuntu, and so on. For this reason,you
can have almost any Linux OS as your host operating system . With containers,
you share the underlying resources of the Docker host and you build an image that
is exactly what you need to run your application. You start with the basics and
you add what you need. VMs are built in the opposite direction. You are going

3
to start with a full operating system and, depending on your application, might be
strip out the things you dont want. As compared to virtual machines, containers
can be faster and less resource heavy as long as the user is willing to stick to a single
platform to provide the shared OS. A virtual machine could take up several minutes
to create and launch whereas a container can be created and launched just in a few
seconds. Applications contained in containers offer superior performance, compared
to running the application within a virtual machine.
A full virtualized system gets its own set of resources allocated to it, and does
minimal sharing. You get more isolation, but it is much heavier (requires more
resources). With Docker you get less isolation, but the containers are lightweight
(require fewer resources). So you could easily run thousands of containers on a host,
and it wont even blink.
There are pros and cons for each type of virtualized system. If you want full
isolation with guaranteed resources, a full VM is the way to go. If you just want
to isolate processes from each other and want to run a ton of them on a reason-
ably sized host, then Docker seems to be the way to go. Virtual Machines provide
high flexibility whereas Docker containers prime focus is on applications and their
dependencies

4
Chapter 3

Docker Images

An image is a filesystem and parameters to use at runtime . It doesnt have state and
never changes. A Docker image is made up of filesystems layered over each other.
At the base is a boot filesystem, bootfs , which resembles the typical Linux/Unix
boot filesystem. A Docker user will probably never interact with the boot filesys-
tem. Indeed, when a container has booted, it is moved into memory, and the boot
filesystem is unmounted to free up the RAM used by the initrd disk image.

Figure 3: Docker Image

An image is really a template that can be turned into a container. To turn

5
an image into a container, the Docker engine takes the image, adds a read-write
filesystem on top and initialises various settings including network ports, container
name, ID and resource limits.

3.1 Containers
A container is a running instance of an image.Docker originally used linux Containers
(LXC), but later switched to runC (formerly known as libcontainer), which runs in
the same operating system as its host. This allows it to share a lot of the host
operating system resources. Also, it uses a layered filesystem (AuFS) and manages
networking. AuFS is a layered file system, so you can have a read only part and
a write part which are merged together. One could have the common parts of
the operating system as read only (and shared amongst all of your containers) and
then give each container its own mount for writing. A running container has a
currently executing process, but a container can also be stopped (o exited in Dockers
terminology). An exited container is not the same as an image, as it can be restarted
and will retain its settings and any filesystem changes.

3.2 Useful Commands

3.2.1 Listing Docker Images

Command : sudo docker images

The above command shows the available images on your host , the output of this
command may vary from host to host . In the screenshot , the first column you see
is the Repository column , this column shows the name of the repository on docker
hub from which the image is pulled . The next column, the TAG column, will show
you different versions of a repository . As you can see in the preceding screenshot
with the Ubuntu repository, there are tag names for the different versions. So, if
you want to specify a particular version of a repository in your Dockerfile , you are
able to. This can help in backward compatibility . The next column, IMAGE ID ,

6
shows the unique id of the image . The last two columns are pretty straightforward;
the first being the creation date for the repository, followed by the virtual size of
the image

Figure 4: Docker images

3.2.2 Searching Docker images

Command: sudo docker search <image>

with docker search you can search for images based on different criteria . For
example, we can search for all the images with the term ubuntu in them and see
what all is available. Here is what we would get back in our results; it would go as
follows:
We can see the name of the repository, a reduced description, how many people
have starred and think it is a good repository, whether its an official repository;
which means its been approved by the Docker team, when we find a suitable images
we can pull it using docker pull command

3.2.3 Docker Pull

This command pulls the image to your host computer from the docker hub and you
can see the updated list using docker images command . Initially , this command
search in the host computer and if it does not find then it pulls from docker hub

7
 Figure 5: Docker pull

3.2.4 Remove an image

sudo docker rmi image

To remove an image from the your host computer , you can use docker rmi ubuntu
or you can also mention the image id

Local images live on our local Docker host in the /var/lib/docker

directory. Each image will be inside a directory named for your storage driver. Youll
also find all your containers in the /var/lib/docker/containers directory.

3.3 Manipulating a container

Lets just look at how to get images up, running, and turned into containers. The
most basic way to run a container is as follows . The most basic way to run a
container is as follows

docker run -i -t <image_name>:<tag> /bin/bash

We start off with docker run command , followed by two switches (flags) -t and -i .
The -i gives us an interactive shell into the running container , the -t will allocate a
pseudo-tty that, while using interactive processes, must be used together with the
-i switch. You can also use switches together . For example, -it is commonly used
for these two switches . This will help you test the container to see how it operates
before running it as a daemon .

8
 Figure 6: Dockerrun

docker run -d <image_name>:<tag>

If the container is correctly set up , you will see it running status of the containers
can be known using docker ps command
We get a lot of other important information indicating that the container is
running . We can see the container ID , the image name that is running , the
command that is running on the container to keep the image live , when the container
started , its cur rent status , if any ports were exposed they would be listed here ,
as well as the name given to the container . Now, these names are random, unless
it is specified otherwise by the - - name switch . You can also expose the ports on
your containers by using the -p switch as follows

docker run -d -p 8080:80 ubuntu:14.10

This will run the ubuntu 14.10 container in the demonized mode, exposing port
8080 of the Docker host to port 80 on the running container: Stopping Containers :
For various reasons , you may want to stop containers, there are various commands
to do that, docker stop, docker kill , docker pause, docker unpause) . Docker kill
command will shutdown the container immediately . For a graceful shutdown of
the container, you would want to use the docker stop command. Mostly, when
you are testing , you will be using docker kill . When youre in your production
environments, you will want to use the docker stop to ensure you dont corrupt any
data you might have in the docker volumes . With the docker rename command ,we
can change the name that has been randomly generated for the container . When we

9
performed the docker run command, a random name was assigned to our container
most times these names are fine . But if you are looking for an easy way to manage
the containers , fine. But if you are looking for an easy way to manage the containers
, a name can be sometimes easier to remember. For this, you can use the docker
rename command as follows :

docker rename <current_container_name> <new_container_name>

3.4 Building your own Docker Image

To build your own images , you have to make appropiate docker file . Docker file is
the core file that contains instruction to be performed when an image is built .For
example, in an Ubuntu-based system, if you want to install the Apache package,
you would first do an apt-get update followed by an apt-get install -y apache2 .
Thesewould be the type of instructions you would find inside a typical Dockerfile.
Items such as commands, calls to other scripts , setting environment variables,
adding files and setting permissions can all be done via Dockerfile . Dock er file is
also where you specify what image is to be used as your base image for the build.

3.4.1 Docker File

Everything starts with the Dockerfile . The Dockerfile is the source code of the Image
Once the Dockerfile is created, you build it to create the image of the container. The
image is just the compiled version of the source code which is the Dockerfile.
Once you have the image of the container, you should redistribute it using the
registry . The registry is like a git repository you can push and pull images. Next,
you can use the image to run containers . A running container is very similar, in
many aspects, to a virtual machine (but without the hypervisor ). Example of a
Docker file :
In the screenshot , the first line states with the image we want to start off with
when we build the container. In this example , we will be using Ubuntu .The item
after the colon can be called if you want a specific version of it . The second line
is the line that is relevant to the maintainer of Dockerfile . This is for people to

10
 Figure 7: Docker File

contact you if they have any questions of find ant errors in yout file . In docker file
only one process can be done at a time. The EXPOSE line will expose the ports to
anything external to the container and to the host it is running on . The last line is
the command that is run when the container is launched.
The last line CMD in Dockerfile will be launched upon the container that isrun-
ning. This also helps emphasize the one process per container rule. Affter making
the dockerfile , using docker build command you can build the image

docker build -t manoharg : ubuntu_apache .

The most important thing to remember is the . the dot or period at the very end.
This is to tell the docker build command to build in the current folder. If you
are using your own registry to push your images, then you can use any naming
convention that you would like to use. But try to keep it simple and easy to identify
by looking at name

11
Chapter 4

Docker Hub

The Docker Hub is a location on the cloud, where you can store and share images
that you have created. You can also link your images to the GitHub repositories that
can be built automatically . There are two types of repositories on the Docker Hub:
the public and private repositories . Pushing to a repository is very straightforward.
Once you have the image built on your machine, there are two commands you need
to run. One you will only have to run once and the other command you will use every
time. docker login This will prompt you for your Docker Hub credentials and the

Figure 8: Docker Hub

e-mail address you are using on Docker Hub docker push REPOSITORY:TAG
This will show the progress of your push, kicking back to the command prompt
when completed. You will then be able to see the image in either the command-line
search. By default, repositories are pushed as public. If you want to set them to
private, you need to log in to the Docker Hub website and set the repository to

12
Make Private.

13
Chapter 5

Deploying applications with

docker

5.1 Deploying a website with Docker

Its truly a Write once, run anywhere system. If it works on your laptop, itll work in
production no matter where or what its installed with. This changes how you think
about application.Consider our case of hosting this static website.Typically youd
think of this blog as collection of HTML,CSS,and images that make up this site.
What you think your application is affects how you deploy it. If your application is
a bundle of files then deploying means placing these files inside a software system
that understands HTTP and can serve files. eg:Apache or Nginx 1. Instead of using
a global Nginx instance to serve a blog, we created a Docker image with Nginx and
blogs files. Which makes the resulting blog application an unit that I can build,
test, and run anywhere as many times as I want. 2 .This is a much more preferable
outcome. Instead of a messy collection of files as my outcome, with Docker, we have
a neat tidy Docker image. Now to to run a very high-performance blog, all we need
to do is type DOCKER RUN BLOG and off it goes. TO CREATE STATIC SITE
APACHE SERVER FROM DOCKER ..

Create a docker file

Create a directory publichtml

14
 Creating a docker image

Creating docker container running this image

Open browser of the host and you will see the website up and running.

To attach a mysql database , we have to run two containers at a time .For that we
can use docker compose or simple flags.

Linking Apache and MySQL containers

docker pull mysql/mysql-server:5.6

By using pull command we are pulling mysql container.

docker run -p 3306:3306 name mysqlserver -e MYSQLROOTPASS-

WORD=root -d mysql/mysql-server:5.6

The above command runs the mysql as a container with a specified name . Now we
need to start the PHP server back up, but we need to allow it access to the MySQL
server.

docker run -tid -p 80:80 -v /Code/2016-02-full:/var/www/html name

appserver link mysqlserver:mysqldb nimmis/apache-php5

The link section is what allows this docker to talk to other dockers specified (eg.
mysqlserver), otherwise they are all kept separate. If both of these Dockers are up
and running, you can find out the internal IP address of each of them by running
this command. This gets the IP for mysqlserver.
docker inspect mysqlserver grep IPAddress

15
Chapter 6

Docker Swarm

In this chapter,we will be taking a look at Docker Swarm. With Docker Swarm, you
can create and manage Docker clusters. Swarm can be used to disperse containers
across multiple hosts. It also has the ability to know how to scale containers as well

6.1 Docker swarm Components

What components are involved with Docker Swarm? Lets take a look at the three
components of Docker Swarm:

Swarm

Swarm Manager

Swarm Workers

Swarm
Docker Swarm is the container that runs on each Swarm host. Swarm uses a unique
token for each cluster to be able to join the cluster. The Swarm container itself is
the one that communicates on behalf of that Docker host to the other Docker hosts
that are running Docker Swarm as well as the Docker Swarm manager.

16
Swarm manager
The Swarm manager is the host that is the central management point for all the
Swarm hosts. The Swarm manager is where you issue all your commands to control
nodes. You can switch between the nodes, join nodes, remove nodes, and manipulate
the hosts

Swarm Workers(Hosts)
Swarm hosts are those that run the Docker containers. The Swarm host is managed
from the Swarm manager

6.2 Docker swarm Usage

Lets now take a look at Swarm usage and how we can do the following tasks:

Creating a Swarm

Joining nodes

Deploying a container(service) over the swarm

Creating a Swarm
Run the following command to create a new swarm

docker swarm init advertise-addr MANAGER-IP

The advertise-addr flag configures the manager node to publish its address as
192.168.99.100. The other nodes in the swarm must be able to access the manager
at the IP
address.
The output includes the commands to join new nodes to the swarm.

17
Joining Nodes
Nodes will join as managers or workers depending on the value for the token flag.
If any node wants to join this swarm it can run following command

docker swarm join token SWMTKN-1-17o8xxtw1fwej5uitgi57a97a7v9sumi37a66ca6bqt8m1zsx3-

bln3bxwlnf82x8lkfbn0wk33d 192.168.0.5:2377

The node has joined as a worker or a manager Run docker info command to view the
current status of swarm Run docker node ls command to view Information about
nodes in the swarm. screenshot

Deploying a service over the swarm

To create the simplest type of service in a swarm, you only need to supply a container
image and the ports if needed and the replicas of containers

docker service create name=name -p 8888:88 replicas=8 IMAGENAME

You can also add -v flag to mount local files to the image To know about the status
of service use docker service ps servicename

18
Chapter 7

Docker Security

In this chapter, we will be taking a look at Docker security ,the topic on the forefront
of everyones minds these days

Lock Your Swarm to protect its encryption key

In docker 1.13 and higher, the Raft logs used by swarm managers are encrypted
on disk by default.Encryption protects your services configuration and data from
attackers who gain access to the encrypted Raft logs. When Docker restarts,both
the TLS key used to encrypt communication among swarm nodes, and the key
used to encrypt and decrypt Raft logs on disk, are loaded into each manager nodes
memory.Docker 1.13 version have the ability to protect the mutual TLS encryption
key and the key used to encrypt and decrypt Raft logs at rest, by allowing you to
take ownership of these keys and to require manual unlocking of your managers.This
is called autolock . When Docker restarts, you must unlock the swarm first, using
a key encryption key generated by Docker when the swarm was locked and you can
change this key frequently in order to increase security by rotating this key from
this command.
docker swarm unlock-key rotate

19
INITIALIZING A SWARM WITH AUTOLOCK
ENABLED
docker swarm init autolock

after executing above command swarm is intialized here autolock is a flag to enabling
autolocking of swarm manger nodes when Docker restarts. secreenshot

Here key is SWMKEY-1-hejZTlNgxCOwBa8TTeWjt8S58pSKNOYdS3sEGlHmenU,

store the key in safe place when Docker restarts, you need to unlock the swarm and
you will see an error like the following and services will not start.

ENABLE OR DISABLE AUTOLOCK ON AN EX-

ISTING SWARM
To enable autolock on an existing swarm, set the autolock flag to true remember this
key without it wont be able to restart the manager. To disable autolock set autolock
to false use the following command docker swarm update autolock=false

VIEW THE CURRENT UNLOCK KEY FOR A

RUNNING SWARM
If your swarm is running as expected, then a manager node becomes unavailable.
You troubleshoot the problem and bring the physical node back online,but you
need to unlock the manager by providing the unlock key in order to read encrypted
credentials and Raft logs.You can view current unlock key using this command

docker swarm unlock-key

UNLOCK A SWARM
To unlock a locked swarm,use below command

20
 docker swarm unlock

after this enter unlock key then your swarm gets unlocked.

21
Appendix A

Appendix A

A.1 Difference Between VM and docker

we can compare docker vs VM with an anology, houses are like VMs where as
apartment buildings are containers. Houses (the VMs) are fully self-contained and
offer protection from unwanted guests. They also each possess their own infrastruc-
ture plumbing, heating, electrical, etc. Furthermore, in the vast majority of cases
houses are all going to have at a minimum a bedroom, living area, bathroom, and
kitchen. Apartments (the containers) also offer protection from unwanted guests,
but they are built around shared infrastructure. The apartment building (Docker
Host) shares plumbing, heating, electrical, etc. Youre only renting exactly what you
need. Finally, just like houses, apartments have front doors that lock to keep out
unwanted guests.

A.2 Commands
docker attach Attach to a running container
docker build Build an Image from a docker file
docker create Create a new container
docker exec Run a command in a running container
docker Image Manage images

22
docker Images List Images
docker info Display system-wide information
docker login - Log in to a Docker registry
docker logout Log out from a Docker registry
docker node Manage Swarm nodes
docker ps List containers
docker pull pull an image or a repository from a registry
docker push push an image or a repository from a registry
docker restart restart one or more containers

23
References

[1] Andersen, M. R., Christensen, C. N., and Srensen, K. L. Internal

documentation in an elucidative environment. Masters thesis, Aalborg Univer-
sity, June 2000. Available from http://dopu.cs.auc.dk.

[2] Chen, Y.-F. R., Fowler, G. S., Koutsofios, E., and Wallach, R. S.
Ciao: A graphical navigator for software and document repositories. In Interna-
tional Conference on Software Maintenance (1995), pp. 6675.

[3] Goossens, M., MittelBach, F., and alexander Samarin. The

LATEX Comapnion. Addison-Wesley.

[4] Kristensen, B. B., Madsen, O. L., Mouller-Pedersen, B., and Ny-

gaard, K. Integrated Interactive Computing Systems. North-Holland, Amster-
dam, 1983, ch. Syntax-directed program modularization, pp. 207219.

[5] leslie Lamport. LATEX A Document Preparation System. Pearson Education,

India, 2004.

[6] Nrmark, K. Elucidative programming. Nordic Journal of Computing 7, 2

(2000), 87105.

24