Quick Bash Script to Update Docker

Quick Docker Tip

To run the latest version of Docker each time you start it, it’s as easy as creating and running this script:


if [[ -f ~/dockerbin/docker ]] ; then
rm docker
if [[ ! -d ~/dockerbin/ ]] ; then
 mkdir ~/dockerbin

wget https://get.docker.io/builds/Linux/x86_64/docker-latest \
-O ~/dockerbin/docker

chmod +x ~/dockerbin/docker
sudo ~/dockerbin/docker $OPTS &

If you need to add special options (like -g to change the location of the Docker install directory), you can edit the variable at the top of the file.

I don’t recommend using this for production systems, but while Docker is under heavy development, this is an easy way to stay up-to-date and get the bugfixes.

I’m beginning to copy over my technology-related posts from Google+ to this blog, mostly so I have an easy-to-read record of them. This one was originally published on 13 May 2014: Quick Docker Tip

Ramble on Docker and Open Source Learning

Warning: Ramble about Docker and Open Source Learning incoming!

I spent ALL DAY creating demo +Docker containers to share with the Docker community at $WORK, and elsewhere. I’m trying to drum up support for Docker as a technology in general, and I think the best way is to give folks some really easy images that they can just clone from the repo and build. (You can check out what I have so far here: https://github.com/DockerDemos)

In order to build the widest possible user base, I need a pretty large variety of images for folks to play with. I’m working on converting very $WORK-specific images I have been testing into more generic and out-of-the-box images for the public. That should take care of the web-y folks, since that’s what I do. I also created a container with a demo of my Pyku app, just for fun, and FullScreenMario , because it’s cool.

DockerOne of the more challenging areas at the moment, and one that Mark DeLong has been really interested in, is using Docker for Research Computing. (Update: ┬áMark has sponsored two “Duke Docker Days” since I wrote this article, with great success.) To that end, I’ve started to create an image for the Berkeley Open Infrastructure for Network Computing ( BOINC ) client software. That’s slower going because there are some small bugs in the latest branch of their software. I also looked at FoldingAtHome as a possible Docker container app. That would be more of a proof of concept because it wants to do more GPU computing. Not that you CAN’T with Docker – I just don’t know how yet.

I’m looking for other examples of self-contained apps that could be Docker-ized. WordPress will be a no-brainer (and will join the Drupal one I have in progress at the moment). What about a Dogecoin mining app? That’s probably lumped in there with [email protected] because of the GPU dependencies. On the “Just for Fun/Get Attention” front, I think a Minecraft server is on the horizon.

I’ve also got this hair-brained (hare-brained?) idea about getting some auto-updating containers that will checkout the latest stable branch of some pre-compiled code or website on a scheduled basis, making them completely locked down, scalable nodes that just run forever or until they’re no longer needed.

On more of Mark’s end of things, I’ve been thinking a lot of single-use disposable Linux servers for use in teaching beginners the basics of Linux. You’ll recall (or you won’t, but trust me, it happened) that I and a few other folks (Drew Stinnett, Jimmy Dorff) taught an Intro to Unix class a few weeks ago. We were, for lack of a better word, ABSOLUTELY PLAGUED with little bugs or inconsistencies between the lab computers we were trying to use and the course book. It reminded me of when I was a sysadmin-wannabe and a previous boss let me take a course offered online by Illinois University in Linux System Administration. They were no doubt using little Linux servers installed on blades somewhere, but it allowed me to log in with some predetermined credentials and work along with the book. I think we could improve on that concept with Docker.

I’d almost forgotten about that when Danny Williford contacted me and asked about more Into to Unix courses. Danny works with teens, trying to get them involved in computing. He made a comment that resonated with me about how, for some students, learning that they can control every aspect of their computing experience [if they use Linux] really excites them into delving deeper into the technology. Now, of course, I’m completely obsessed with trying to come up with the best possible way of making an Intro to Linux class available, free and openly, to anyone, and using Docker containers to do so. The beauty here is that we could host containers for people to use that will just kill themselves and re-spawn on log out – or offer these Docker images for them to use locally on their own!

(Edit: Since I wrote this article, we did something similar and setup a more formal Intro To Linux course, using on-demand created VMs for students to practice with.)

I’m a HUGE proponent of Open Source learning, and I think technology is going to both inform the way it works (taking it’s cues from the Open Source world) and provide the platform for this new type of learning. Just finding more ways to bring these two worlds together is both challenging and exciting. In my opinion, there should be more full time positions at both institutions of learning and technology companies dedicated to this cause. Schools and Universities because, despite the ever-present lack of funds, their primary function is to teach the world. Technology companies because the investment in education will pay dividends for them when these students complete their schooling and get jobs, or adult employees take advantage of free learning to improve themselves and their skills and knowledge.

These aren’t even long-term investments, if you think about it. Adult employees are learning on the job; the education pays back immediately. Let’s take a look at the longest case: a high school freshman starts to learn computer science from some Open Source learning platform. In just eight years, that student is in the workforce using their skills. Most companies commit to their marketing campaign for longer than that.

Kudos to Red Hat (with whom we met recently on these very topics) for recognizing this and getting involved. I look forward to this taking off around the world.

I’m beginning to copy over my technology-related posts from Google+ to this blog, mostly so I have an easy-to-read record of them. This one was originally published on 08 May 2014: Ramble on Docker and Open Source Learning

A Dream of Docker

Those of you who know me from $WORK know (oh, you know) that I’m currently heavily involved in testing out Docker for use here, and that I’ve fully drunk not only the Kool-Aid, but also any other Docker-related beverage that might be out there.

I’ve presented the Docker concept to a couple of our groups here, evangelized to individual co-workers, spent hours testing, developing, deploying, re-testing, evaluating, etc, etc, all the things about Docker. I’m working on processes, policies, infrastructure and code all related to how Docker can potentially work in our environment.

I literally cannot think of a single thing that my small team – part of the larger Unix team at $WORK, itself a part of the Systems Infrastructure department – …I can’t think of a single thing that my team does that could not be entirely encompassed in Docker containers. I can’t think of anything that we do that wouldn’t be improved, that wouldn’t be automated, that wouldn’t be scaled, that wouldn’t be made better in at least ONE way by moving it to Docker.

I am so on-board with Docker that I literally dreamed about it. I dreamed about presenting Docker to a group of co-workers last night. I, fully asleep in my bed, laid out all the good things about Docker, all the challenges we would face, all the policies and procedures that would change, and all the processes that would be streamlined.

At this point, I woke up and thought perhaps, perhaps, I’d been working a little too much with Docker recently, and maybe I needed to take a break and work on something else.

Naaaaahhhhhhh…it’s too cool! Vive la Docker!

I’m beginning to copy over my technology-related posts from Google+ to this blog, mostly so I have an easy-to-read record of them. This one was originally published on 26 March 2014: A Dream of Docker

SSH In a Docker CentOS Container

TL;DR: sed -i ‘s/session required pam_loginuid.so/session optional pam_loginuid.so/’ /etc/pam.d/sshd

I’ve previously posted (http://goo.gl/pCRkQ6) about failure SSH’ing into a Docker container running an ssh server. The prevailing fix online is to just change “UsePAM yes” to “UsePAM no” in the /etc/ssh/sshd_config file. But PAM is useful, and that’s not really a fix.

Thanks to Sean Dilda, I was able to narrow down the line where the actual PAM session stuff was bailing and killing the ssh session – it turns out it’s

session required pam_loginuid.so

…in the /etc/pam.d/sshd file.

From man pam_loginuid:

The pam_loginuid module sets the loginuid process attribute for the process that was authenticated.

Ok, this sounds kind of useful. It’s used for application auditing. However, more Google-ing turns up that Docker explicitly drops the audit-related capabilities that are required for this to work, causing an error to be returned to PAM. (http://goo.gl/wBffo3, via this post on StackOverflow: http://goo.gl/50xOuI) This means that it’s not ever going to work in a Docker container unless the Docker code is changed. That’s out of my hands, though.

So that leaves us with the TL;DR from above. You can change “session require pam_loginuid.so” to “session optional pam_loginuid.so” in the /etc/pam.d/sshd file. This will allow you to continue to use PAM, but skip over the failure to set loginuid process attributes, and continue on with the session without bailing.

This allows the ssh session to be useful, and PAM is still around so you can use Kerberos or other PAM-related stuff inside your container.

I’m beginning to copy over my technology-related posts from Google+ to this blog, mostly so I have an easy-to-read record of them. This one was originally published on 20 May 2014: SSH In a Docker CentOS Container