Search notes:

Docker

Distributing software should not be hard. Docker tries to achieve that goal.
A Docker image defines what software is included and how it will be run.
A Docker container is a running instance of an image.
A container is not installed.
A claim of Docker is that an application that runs on Docker runs on every Docker installation, everywhere.

Dockerfiles

Dockerfiles usually are small files, perhaps 5 to 30 lines.
A Dockerfile is used to create a Docker image.

Unable to login to docker, TLS-enabled daemon without TLS?

Problem was: user was not added to the docker group.

Docker image

Docker images are, by default, located under /var/lib/docker.

Remove 'old' containers

docker ps -a
docker rm ......

Check if installation is working

$ docker run hello-world
…
Hello from Docker!
This message shows that your installation appears to be working correctly.
…

Error message: Got permission denied while trying to connect to the Docker daemon socket …

A possible reason for the error message Got permission denied while trying to connect to the Docker daemon socket at unix:////var/run/docker.sock is that the user trying to execute a docker command is not in the docker group.
In this case, adding the current user ($USER) to this group will solve the issue: 
sudo usermod -aG docker $USER
When the user logs in again (or changes to the docker group with newgrp - docker), the docker commands should now be executable.

quay.io

quay.io is like a github for Docker images.

Installing

Apparently, docker can be installed with 
curl -sSL https://get.docker.com | sh
or 
wget -qO- https://get.docker.com | sh
On Ubuntu: 
sudo apt-get install docker.io

TODO

A user should be in the docker group: 
sudo usermod -aG docker
Apparently, there's a docker service that should/must/could be started: 
sudo service docker start
How does Docker relate to Snap?

scratch

$ docker pull scratch
Using default tag: latest
Error response from daemon: 'scratch' is a reserved name

Processes

Start a container with a couple of processes:

Run a new docker container (with the first process /bin/sh): 
$ docker run --rm -it --name alpine-ps-test alpine /bin/sh
Start a second process (in the background so that … 
/ # sleep 101 &
… the third process can be started in parallel): 
/ # sleep 102
/ #

Find processes in the host

In a shell on the host: find the processes that contain sleep 10\d in their arguments, and print their parent process id: 
$ ps a -o pid,ppid,tty,args | grep -P 'sleep 10\d'
  13804   13697 pts/0    sleep 101
  13805   13697 pts/0    sleep 102
The parent process is /bin/sh that started the sleep commands. Its parent process is 13678: 
$ ps p 13697 -o pid,ppid,tty,args
    PID    PPID TT       COMMAND
  13697   13678 pts/0    /bin/sh
Find the parent process again: 
$ ps p 13678 -o pid,ppid,tty,args
    PID    PPID TT       COMMAND
  13678       1 ?        /usr/bin/containerd-shim-runc-v2 -namespace moby -id f2789b4f06090dc6a4cbea3d3d9ca1c70a2700bf4ca23c02bbc64843a690a9b8 -address /run/containerd/containerd.sock
The mapping between of the «host» PID and the container PID is found in 
$ cat /proc/13804/status | grep NSpid

auth.docker.io

IMG=debian

TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/$IMG:pull" | jq -r .token)
curl -s -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/library/$IMG/tags/list | jq .
The returned list has debian:bullseye-slim which looks interesting: 
$ docker pull debian:bullseye-slim

Experimenting with a debian image

$ docker pull debian:bullseye-slim

$ docker run -it --name deb-test debian:bullseye-slim bash
root@315475baed4a:/# touch /tmp/touched
root@315475baed4a:/# exit
Container is not running anymore… 
$ docker ps
… but still present: 
$ docker ps -a
Restart the container: 
$ docker start -i deb-test
The touched file is still here: 
root@315475baed4a:/# ls -1 /tmp
touched
Adding a user: 
root@315475baed4a:/# useradd -s /bin/bash -m rene
root@315475baed4a:/# exit
Start the container in non-interactive mode: 
$ docker start  deb-test
deb-test
The container is now running: 
$ docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS          PORTS                    NAMES
315475baed4a   debian:bullseye-slim   "bash"                   43 minutes ago   Up 48 seconds                            deb-test
Connect as rene (why do I not have to enter a password?) 
$ docker exec --user rene -it deb-test  /bin/bash
rene@315475baed4a:/$ pwd
/

See also

Docker command line commands
Networking
Docker on Windows
dockerd
/etc/default/docker

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/developm...', 1743238491, '18.221.158.39', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/development/tools/Docker/index(241): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78