1. photon
  2. docs
  3. Photon-RPM-OSTree-11-Running-container-applications-between-bootable-images.md
Raw Blame History
In this chapter, we want to test a docker application and make sure that all the settings and downloads done in one bootable filetree are going to be saved into writable folders and be available in the other image, in other words after reboot from the other image, everything is available exactly the same way. We are going to do this twice: first, to verify an existing bootable image installed in parallel and then create a new one. ### 11.1 Downloading a docker container appliance Photon OS comes with docker package installed and configured, but we expect that the docker daemon is inactive (not started). Configuration file /usr/lib/systemd/system/docker.service is read-only (remember /usr is bound as read-only). ``` root@sample-host-def [ ~ ]# systemctl status docker * docker.service - Docker Daemon Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled) Active: inactive (dead) root@sample-host-def [ ~ ]# cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker Daemon Wants=network-online.target After=network-online.target [Service] ExecStart=/bin/docker -d -s overlay ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity [Install] WantedBy=multi-user.target ``` Now let's enable docker daemon to start at boot time - this will create a symbolic link into writable folder /etc/systemd/system/multi-user.target.wants to its systemd configuration, as with all other systemd controlled services. ``` root@sample-host-def [ ~ ]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. root@sample-host-def [ ~ ]# ls -l /etc/systemd/system/multi-user.target.wants total 0 lrwxrwxrwx 1 root root 38 Sep 6 08:38 docker.service -> /usr/lib/systemd/system/docker.service lrwxrwxrwx 1 root root 47 Aug 28 20:21 iptables.service -> ../../../../lib/systemd/system/iptables.service lrwxrwxrwx 1 root root 47 Aug 28 20:21 remote-fs.target -> ../../../../lib/systemd/system/remote-fs.target lrwxrwxrwx 1 root root 50 Aug 28 20:21 sshd-keygen.service -> ../../../../lib/systemd/system/sshd-keygen.service lrwxrwxrwx 1 root root 43 Aug 28 20:21 sshd.service -> ../../../../lib/systemd/system/sshd.service lrwxrwxrwx 1 root root 55 Aug 28 20:21 systemd-networkd.service -> ../../../../lib/systemd/system/systemd-networkd.service lrwxrwxrwx 1 root root 55 Aug 28 20:21 systemd-resolved.service -> ../../../../lib/systemd/system/systemd-resolved.service ``` To verify that the symbolic link points to a file in a read-only directory, try to make a change in this file using vim and save. you'll get an error: "/usr/lib/systemd/system/docker.service" E166: Can't open linked file for writing". Finally, let's start the daemon, check again that is active. ``` root@sample-host-def [ ~ ]# systemctl start docker root@sample-host-def [ ~ ]# systemctl status -l docker * docker.service - Docker Daemon Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled) Active: active (running) since Sun 2015-09-06 08:56:30 UTC; 42s ago Main PID: 349 (docker) CGroup: /system.slice/docker.service `-349 /bin/docker -d -s overlay Sep 06 08:56:30 sample-host-def docker[349]: Warning: '-d' is deprecated, it will be removed soon. See usage. Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30Z" level=warning msg="please use 'docker daemon' instead." Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.617969465Z" level=info msg="Option DefaultDriver: bridge" Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.618264109Z" level=info msg="Option DefaultNetwork: bridge" Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.632397533Z" level=info msg="Listening for HTTP on unix (/var/run/docker.sock)" Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.637516253Z" level=info msg="Firewalld running: false" Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.786748372Z" level=info msg="Loading containers: start." Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.787252697Z" level=info msg="Loading containers: done." Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.787410576Z" level=info msg="Daemon has completed initialization" Sep 06 08:56:30 sample-host-def docker[349]: time="2015-09-06T08:56:30.787610148Z" level=info msg="Docker daemon" commit=d12ea79 execdriver=native-0.2 graphdriver=overlay version=1.8.1 ``` We'll ask docker to run Ubuntu Linux in a container. Since it's not present locally, it's going to be downloaded first from the official docker repository https://hub.docker.com/_/ubuntu/. ``` root@sample-host-def [ ~ ]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES root@sample-host-def [ ~ ]# docker run -it ubuntu Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu d3a1f33e8a5a: Downloading [=========================================> ] 54.55 MB/65.79 MB c22013c84729: Download complete d74508fb6632: Download complete 91e54dfb1179: Download complete ``` When downloading is complete, it comes to Ubuntu root prompt with assigned host name d07ebca78051, that is actually the Container ID. Let's verify it's indeed the expected OS. ``` root@sample-host-def [ ~ ]# docker run -it ubuntu Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu d3a1f33e8a5a: Pull complete c22013c84729: Pull complete d74508fb6632: Pull complete 91e54dfb1179: Already exists library/ubuntu:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security. Digest: sha256:fde8a8814702c18bb1f39b3bd91a2f82a8e428b1b4e39d1963c5d14418da8fba Status: Downloaded newer image for ubuntu:latest root@d07ebca78051:/# cat /etc/os-release NAME="Ubuntu" VERSION="14.04.3 LTS, Trusty Tahr" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 14.04.3 LTS" VERSION_ID="14.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" root@d07ebca78051:/# ``` Now let's write a file into Ubuntu home directory ``` echo "Ubuntu file" > /home/myfile root@d07ebca78051:/home# cat /home/myfile Ubuntu file ``` We'll exit back to the Photon prompt and if it's stopped, we will re-start it. ``` root@d07ebca78051:/# exit exit root@sample-host-def [ ~ ]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d07ebca78051 ubuntu "/bin/bash" 3 minutes ago Exited (0) 13 seconds ago kickass_hodgkin root@photon-host-cus1 [ ~ ]# docker start d07ebca78051 d07ebca78051 root@photon-host-cus1 [ ~ ]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d07ebca78051 ubuntu "/bin/bash" 16 minutes ago Up 5 seconds kickass_hodgkin ``` ### 11.2 Rebooting into an existing image Now let's reboot the machine and select the other image. First, we'll verify that the docker daemon is automaically started. ``` root@photon-host-cus1 [ ~ ]# systemctl status docker * docker.service - Docker Daemon Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled) Active: active (running) since Sun 2015-09-06 11:19:05 UTC; 2min 9s ago Main PID: 292 (docker) CGroup: /system.slice/docker.service `-292 /bin/docker -d -s overlay ... ``` Next, is the Ubuntu OS container still there? ``` root@photon-host-cus1 [ ~ ]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57dcac5d0490 ubuntu "/bin/bash" 25 minutes ago Exited (137) 5 minutes ago sad_banach ``` It is, so let's start it, attach and verify that our file is persisted, then add another line to it and save, exit. ``` root@photon-host-cus1 [ ~ ]# docker start -i 57dcac5d0490 root@57dcac5d0490:/# cat /home/myfile Ubuntu file root@57dcac5d0490:/# echo "booted into existing image" >> /home/myfile root@57dcac5d0490:/# exit ``` ### 11.3 Reboot into a newly created image Let's upgrade and replace the .0 image by a .3 build that contains git and also perl_YAML (because it is a dependency of git). ``` root@photon-host-cus1 [ ~ ]# rpm-ostree status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC * 2015-09-04 00:36:37 1.0_tp2_minimal.2 092e21d292 photon photon:photon/tp2/x86_64/minimal 2015-08-20 22:27:43 1.0_tp2_minimal 2940e10c4d photon photon:photon/tp2/x86_64/minimal root@photon-host-cus1 [ ~ ]# rpm-ostree upgrade Updating from: photon:photon/tp2/x86_64/minimal 43 metadata, 209 content objects fetched; 19992 KiB transferred in 0 seconds Copying /etc changes: 5 modified, 0 removed, 19 added Transaction complete; bootconfig swap: yes deployment count change: 0 Freed objects: 16.2 MB Added: git-2.1.2-1.ph1tp2.x86_64 perl-YAML-1.14-1.ph1tp2.noarch Upgrade prepared for next boot; run "systemctl reboot" to start a reboot root@photon-host-cus1 [ ~ ]# rpm-ostree status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC 2015-09-06 18:12:08 1.0_tp2_minimal.3 d16aebd803 photon photon:photon/tp2/x86_64/minimal * 2015-09-04 00:36:37 1.0_tp2_minimal.2 092e21d292 photon photon:photon/tp2/x86_64/minimal ``` After reboot from 1.0_tp2_minimal.3 build, let's check that the 3-way /etc merge succeeded as expected. The docker.service slink is still there, and docker demon restarted at boot. ``` root@photon-host-cus1 [ ~ ]# ls -l /etc/systemd/system/multi-user.target.wants/docker.service lrwxrwxrwx 1 root root 38 Sep 6 12:50 /etc/systemd/system/multi-user.target.wants/docker.service -> /usr/lib/systemd/system/docker.service root@photon-host-cus1 [ ~ ]# systemctl status docker * docker.service - Docker Daemon Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled) Active: active (running) since Sun 2015-09-06 12:56:33 UTC; 1min 27s ago Main PID: 292 (docker) CGroup: /system.slice/docker.service `-292 /bin/docker -d -s overlay ... ``` Let's revisit the Ubuntu container. Is the container still there? is myfile persisted? ``` root@photon-host-cus1 [ ~ ]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57dcac5d0490 ubuntu "/bin/bash" 2 hours ago Exited (0) About an hour ago sad_banach root@photon-host-cus1 [ ~ ]# docker start 57dcac5d0490 root@57dcac5d0490:/# cat /home/myfile Ubuntu file booted into existing image root@57dcac5d0490:/# echo "booted into new image" >> /home/myfile ``` [[Back to main page|Photon-RPM-OSTree:-a-simple-guide]] | [[Previous page|Photon RPM-OSTree:-10-Remotes]] | [[ Next page >|Photon-RPM-OSTree:-Install-or-rebase-to-Photon-OS-2.0]]