Docker Daemon allows to you to access remotelly via API, by default is not active and you have to do a samll configuration. The normal use case is using docker-machine in order to create docker machines, but in enterprise envirotmenst not allways is allowed to install software even less docker software. However the developers may still need to conect to docker daemon to have a test envirotment. Below the stesps to provide a docker daemon a http API conection, enoguth to work with Eclipse or Netbeans
Below is explained the stpes done in Unbutu
First stop the docker service.
service docker stop
Later change the dockerd parameters. There is the option to create a etc/docker/daemon.json
but you still are going to need to change the docker.servie since dockerd is started with fd option. And if you try creating daemon.json with "hosts" options it will give an error asking to you to decide either json or dockerd parameteres.
root@ubuntu:/# vi /lib/systemd/system/docker.service
root@ubuntu:/etc/docker# service docker status
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2017-05-18 01:00:59 CEST; 8s ago
Docs: https://docs.docker.com
Main PID: 4117 (dockerd)
Tasks: 16 (limit: 4915)
Memory: 30.6M
CPU: 2.003s
CGroup: /system.slice/docker.service
├─4117 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H fd://
└─4121 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/l
to verify that docker is running and giving info curl
-X GET http://127.0.0.1:2375/images/json
Only remain Eclipse, Netbeans is exacly de same. It consists only on connect to the daemon
To look up images and containers there is a nice wizard and list.
dilluns, 1 de maig del 2017
Primeros pasos con Docker.
Buenisismo (corto, practico, con algo de teoria y poco ppt) curso de docker dado en la propia web de docker https://training.docker.com/introduction-to-docker https://training.docker.com/docker-fundamentals https://training.docker.com/docker-operations
Primeros pasos
Seguir las directrices https://docs.docker.com/engine/installation/linux/ubuntu.
Hemos instalado un unbutu 16 en virtual box con 16GB de disco y 4GB de memoria. Una vez levantada la maquina installar docker ocmo indica las directrizes que como es facil. Una opcion mejor es ir a docker store https://store.docker.com/editions/community/docker-ce-server-ubuntu?tab=description. estas instrucciones instalan una version mas actualizada
Agregar el usuario al grupo docker para evitar ir haciendo sudo
jordi@ubuntujordi:/$ sudo usermod -aG docker jordi. Despues salir para que pille los cambios logout
y ya se podra acceder sin ir poniendo sudo
jordi@ubuntujordi:~$ docker run hello-world.
para salir del container cntl +p +q
Otro ejemplo es
docker run -it ubuntu:14.04 bash. Los parametros it significan terminal mas stout, y bash es el comando que ejecuta. Obervar que para salir exit, una vez hecho no se guarda nada, si se crea un usuario se "pierde" .
Ejemplo de ejecutar un contender y dejarlo corriendo.
# docker run -d -P tomcat:7 . La d es "detached mode" para no quedar atrapado.
docker ps saca las imagenes y su estado root@ubuntu:/home/jordi# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f6bad8210e61 tomcat:7 "catalina.sh run" 2 minutes ago Up 2 minutes 0.0.0.0:32768->8080/tcp dreamy_volhard
dca00ddfe6c8 ubuntu:14.04 "bash" 22 minutes ago Up 22 minutes hopeful_jang
lo que significa que el redireccionamiento de puertos esta asi 0.0.0.0:32768->8080/tcp
root@ubuntu:/home/jordi# curl http://127.0.0.1:32768
Sacara una cosa fea
Docker fundamentals
Construir imagenes, Un poco de teoria. Las imagenes se montan a base de capas, cada layer o capa es a su vez una imagen. La estrucutura de capas sirve para simplificar la instalacion y publicacion de imagenes y asi 'dividir' y acutalizar solo la capa nueva que forma una imagen.
Una vez lanzado un contaner en detach mode podremos volver lanzando comandos
jordi@ubuntu:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
86d8efeabe8f tomcat:7 "ping www.google.es" About a minute ago Up 2 seconds 8080/tcp angry_torvalds
jordi@ubuntu:~$ docker exec -it 86d8efeabe8f bash
root@86d8efeabe8f:/usr/local/tomcat#
dokcer linking para comunicar contarines
docker volumetes.
Hay DOS maneras de crear imagenes
ejecutando un commit sobre la imagen por ejemplo $ docker commit ec221eabd2e3 jordiesc/mitest:1.
La otra es con un fichero llamdos dockerfile.
Las imagenes se guardan en Docker registros, los registry pueden ser publicos o privados . El publico mas famoso es DockerHub. solo considerar en que para produccion solo utilizar imagenes oficiales, que tienen el simbolito de la ballena.
Es posible crear un registro local via docker en si mismo
jordi@ubuntu:~$ docker run -d -p 5000:5000 registry:2.0. Despues para pull o push imanges hay que hacer referencia al server docker push name.com:5000/repositoryname:tag. para poner regstry remote hay que configurar TLS si no da error otra opcion es establecer --insecure
sudo service docker stop.
/etc/defult/docker DOCKER_OPTS="--insucure-registry ipregistry:portregistry".
sudo service docker start y con eso se activa el insecure.
Docker orchestration
DockerMachine es un tool para orquestrar docker machines en remoto desde un pc. Para instalar descargar los binarios desde aqui y situarlos en los binarios del $PATH usualmente en /usr/local/bin/docker-machine con permsios chmod+x para poder ejecutarlos
wget
https://github.com/docker/machine/releases/
Con docker machine se puede installar docker en instancias virtuales de varios vendedores y levandar contenedores con la misma API e interfaz. La verdad es que no acabo de verle la utilidad excepto para entornos multicloud.
Docker Swarn. Tool para clusterizar docker machines y tratarlos como una unidad. Parecido a Kubernettes. Cada nodoe thiene que tener swarn agent y hay un swarn Manager o master. el swarn manager o master es un docker container en si mismo asi como los agentes,
docker run -rm swarn create
Docker compose es una tool para mangegar multcontainer aplicaicones. Que es lo mas normal con compose se puede spinup todos los containers como una unidad. se crea un fichero yaml y se pone todos los contendedores con las referencias
Instalacion de docker compose basicamente es bajarse y ponerlo en usr/local/bin q es donde estan los ejecutables
despues le damos permisos de ejecucion sudo chmod +x /usr/local/bin/docker-compose el funcionamiento basico es tener un fichero docker-stack.yml y con el compando docker-compose up
Apache Tomcat/7.0.77
dilluns, 17 d’abril del 2017
Open Stack Orchrestation HEAT
HEAT is the OpenStack Module to provide rapid creation with templates. Whith temaplates you can build a ylm file whit all the specification neeeded to launch a complete tenant user whit all the components that a Open stack has such us networinkn, Load Balancers etc alll in a simple configuration file.
Heat allow to put parameters to be full filled for the end user once he launch a Open Stack.
REVERSE ENGINERING
However a very common user case is when a user already has a Open Stack tenant created and he want to redeploy the same envirotmetn or just to have a backup envirtoment file. Open Stack does not have a way to export as a Heat file directly. For that we can use a flame utlity to create the heat file yaml
sudo pip install python-flameclient
source xx-openrc.sh
flame --insecure >> yourfile.heat
The file created can be imported using horizont. The only issue we have detected is the allocation of the floats ips.
Sample file
### Heat Template ### description: Generated template heat_template_version: 2013-05-23 parameters: external_network_for_floating_ip_0: default: 1fd0a21e-e700-46ae-9f05-0b3164daafcc description: Network to allocate floating IP from type: string router_0_external_network: default: 1fd0a21e-e700-46ae-9f05-0b3164daafcc description: Router external network type: string server_0_flavor: default: m1.smaller description: Flavor to use for server server_0 type: string server_0_image: default: 76f5f4aa-a78f-4703-b738-cab967957431 description: Image to use to boot server server_0 type: string resources: floatingip_0: properties: floating_network_id: get_param: external_network_for_floating_ip_0 type: OS::Neutron::FloatingIP floatingip_association_0: properties: floating_ip: get_resource: floatingip_0 server_id: get_resource: server_0 type: OS::Nova::FloatingIPAssociation key_0: properties: name: jordi public_key: ssh-rsa AAAAB3 ...
Generated-by-Nova type: OS::Nova::KeyPair network_0: properties: admin_state_up: true name: jordinet shared: false
dissabte, 11 de març del 2017
Como que estoy repasando y profundizando el RSA y la criptografia, me planteo como escribir matematicas, cosa que nunca he hecho en ordenador, Hay una libreria java script muy chula que permite escriber Tex con MathJax.
Due the fact that all the documentation regarding the neutront is mentioning the old neutron pakcage
and this packge is not installed in the default openstackcli so it is necessary to get access to the package neutronclient.v2_0
pip install python-openstackclient
pip install python-neutronclient.
To run the code you have to download the credentiansl and executhe the sh whith source in order to keep the envirotmetn varibles in your session.
source yourcredentials.sh
Below a simple program which creates the security rules, security rules are something very similar to a firewall. You need to create at least one security rules and open ports and protocols in order to connect with your VM.
Do not forget the icmp in order to allow the routing towards the virtual instances.
to run tihis code
''' Created on Feb 26, 2017
@author: jordi ''' from os import environ as env
from keystoneauth1 import session from keystoneauth1 import loading from novaclient import client import logging
However this API has because there is not egreess option. To solve it is better use the new OpenStackSdk. Next entry
divendres, 17 de febrer del 2017
Create Certificate and Tomcat set up
First in order to do all the test we need to create or get a certificate. In Java platfform is quite easy.with the keytool which comes with every jdk. However in case of one way is more usual use a CA certificate- They usually delivery in pkcs12 format. keytool allow import this format of certificates. If not OpenSSL is a good tool to do lot of transformations
jordi@DESKTOP-V6S41NL MINGW64 /c/Program Files/Java/jdk1.8.0_111/bin
$ ./keytool -genkey -alias testcert -keyalg RSA -keypass testcert -storepass testcert -keystore c:/temp/keystore.jks
What is your first and last name?
[Unknown]: test
What is the name of your organizational unit?
[Unknown]: test
What is the name of your organization?
[Unknown]: test
What is the name of your City or Locality?
[Unknown]: test
What is the name of your State or Province?
[Unknown]: test
What is the two-letter country code for this unit?
[Unknown]: test
Is CN=test, OU=test, O=test, L=test, ST=test, C=test correct?
[no]: y
After to enable one way in Tomcat server.xml, the below is in Tomcat 9
Just set clientAuth="true" to enable double authorization or two way.
dimecres, 8 de febrer del 2017
Mis primeros lambdas expresions
Es la hora de mis primeros 'hola mundos' de lambdas. En el ejemplo se ve una lambda que necesita para compilar una interfaz. Nos podemos evitar compilar si utilizamos algunas de las interfaces ya hechas en el paquete java.util.function
package com.test;
public class Inicio {
public static void main(String[] args) {
System.out.println("metod Inicio");
MyLambda lamba = (String a) -> {
int i = a.length() ;
return i;
};
Thread th = new Thread(
new Runnable() {
@Override
public void run(){
System.out.println("dentro del thread");
};
});
Thread th2 = new Thread( () -> System.out.println("en el segudo thread"));
