-
Notifications
You must be signed in to change notification settings - Fork 7
Docker Overview
This page gives a brief overview of some docker concepts. The official overview can be found here.
Dockerfile: Analogous to a make file in some ways. Used to direct the docker engine in the construction of Docker images.
Docker image: Read-only template containing layers with the necessary OS, environment variables, programs and applications for running a specific task.
Docker container: A running instance of a docker image. Containers are emphemeral and do not save run-time information locally.
Docker hub: Official online registry of Docker images. One of many places docker images may be hosted, however.
The following command format is used to run a docker image to start a docker container:
docker run -ti --rm -u $(id -u):(id -g) --hostname docker \
-v <external-directory>:<internal-directory> \
<docker-image>:<image-tag> \
<optional-calls-to-internal-commands>
The option calls to internal commands are discussed in the building and running scripts wiki page
This option is used to set the user and groupd id to run in the container. It is passed using the form:
-u <username-or-id>:<groupname-or-id>
To pass the your accounts user id and group id to the container use the following:
-u $(id -u):(id -g)
Given that docker wants to run as root inside the container by default, it is necessary to pass this option to match your user id and group id for any files that will be created across a volume mount. See the volume mount option section for more information. Otherwise a non-sudo user will not be able to manipulate the files created.
Docker allows the user to mount external directories to the directories inside the running container. The option is passed in the form:
-v <external-directory>:<internal-directory>
It is important to note that if the internal directory does not exist in the container, docker will create the internal directory on the fly.
Note that files created across the docker volume mounts will have the same permission structure as the user that is operating inside the container. Docker wants to run as root by default which is dangerous and security issue since volume mounting gives read and write access for the container user by default as well. As such, the user should pass the -u option as discussed in the user option section to make sure the volume mounted folder permissions match their account userid and groupid.
Finally, it is important to note that docker volume mounts override the mounted internal folder with the contents of the mounted external folder. As such, the user should be careful not to mount to non-empty container directories. For example if the user tries to mount to the /ctsm/cime/scripts directory internal to the container, all the contents of the scripts directory will be lost (for that container instance).
Docker does not remove containers that have completed (successfully or otherwise), which can take up space on your drive. Adding the --rm option will tell docker to automatically remove the docker container after an exit.
This option allows a user to enter into the container and interact with it via a bash shell inside the container. This is actually a combination of -t psuedo-tty and -i interactive options. The t option is necessary to use with the i option, but can be written in the following alternative forms: -ti, -t -i, -i -t