Proj 13: Intro to Docker (15 pts.)

What you need

A Linux machine, real or virtual. I used a 32-bit Kali 2 virtual machine.

Purpose

To learn the basics of Docker--an exciting new alternative to virtual machines. Docker containers isolate programs like virtual machines, but are far smaller and faster than complete virtual machines because they avoid making unnecessary extra copies of files that are identical on the host and guest systems.

64-bit v. 32-bit Systems

Docker is intended for 64-bit systems. Using it on 32-bit systems is not supported, and offers a much smaller selection of standard images.

I wrote this project for a 32-bit Kali 2 VM because that's what my students already have. But if you have a 64-bit system handy, it would probably work better.

Installing Docker

On Kali, in a Terminal window, execute these commands:

apt-get update apt-get install docker.io -y
docker info

As shown below, docker runs and tells us there are 0 containers and 0 images at present.

Pulling an Ubuntu Image

On Kali, in a Terminal window, execute these commands:

docker pull 32bit/ubuntu:14.04

Docker starts downloading the image. The image is 272 MB in size.

While waiting for the download, take a look at the available images here:

https://hub.docker.com/u/32bit/

As you can see, there are only 4 images available. That's what we get for using a 32-bit host.

Take a look at all the 64-bit images:

https://hub.docker.com/explore/?page=1

When the image is finished downloading, execute this command:

docker info

As shown below, docker now has one image.

Execute this command:

docker images

This shows information about your image, including its "IMAGE ID" and size, as shown below.

Creating an Ubuntu Container

Execute these commands:

docker run -it 32bit/ubuntu:14.04 bash
cat /etc/lsb-release

This creates a "Container" from the Ubuntu image and runs it, showing a bash command-line.

This is really Ubuntu, not Kali, as shown below.

Exploring Docker Networking

Execute these commands:

ifconfig
exit

The Ubuntu container has a private IP address starting with 172, as shown below. Make a note of your container's IP address.

The "exit" command leaves the Ubuntu container and returns to Kali.

At the Kali prompt, execute this command:

ifconfig

The Kali system now has two adapters: "docker0" goes to the docker container, and eth0 goes to the Internet, as shown below.

At the Kali prompt, execute this command, replacing the IP address with the IP address of your Ubuntu container. After a few seconds, press Ctrl+C.

ping 172.16.0.3

There are no replies from the Docker container, as shown below.

Viewing Containers

At the Kali prompt, execute these commands:

docker ps
docker ps -a

The first command lists running containers, and shows none. The second command lists all containers, and shows that you do have a container, but it's "STATUS" is "Exited". The container isn't running, which is why it's not answering the pings.

Notice that the Ubuntu container has a "CONTAINER ID" number and also "NAMES". Currently it has a randomly generated name--when I did it, my container was named "insane_meitner", as shown below.

Using Help

We want to change the name of the container. To learn how to do that, execute this command:

docker help

The help message shows that there is a "docker rename" command, as shown below.

At the end of the output, it tells us how to learn more about a command: Run 'docker COMMAND --help'.

Execute these commands, using the correct name of your container instead of "insane_meitner", and your own name instead of "YOURNAME":

docker rename help docker rename insane_meitner ubuntu-YOURNAME
docker ps -a

You should see the new name, as shown below.

Saving a Screen Image

Make sure the output of the "docker ps -a" command shows ubuntu-YOURNAME, as shown above.

Click on the host machine's desktop.

Press Shift+PrintScrn. That will copy the whole desktop to the clipboard.

Open Paint and paste in the image.

Save the image with the filename "Your Name Proj 13a". Use your real name, not the literal text "Your Name". YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Restarting the Container

Your container is not running. Its current status is "Exited".

In Kali, in a terminal window, execute these commands to start your container, replacing "YOURNAME" with your own name.

docker start ubuntu-YOURNAME
docker ps

Your container should now have a STATUS of "Up", as shown below.

Since your container has restarted, it may have a new IP address. To check, we'll attach to the running container.

Execute these commands:

docker attach ubuntu-YOURNAME

Press Enter.

ifconfig

Find the new IP address of your container, as shown below, and make a note of it.

Detaching from the Container

We want to stop issuing commands to the container and return to Kali, but without stopping it. To do that, press Ctrl+P and then Ctrl+Q

Then execute these commands, replacing the IP address with the correct address of your container:

docker ps
ping 172.17.0.6

You should see replies, with an amazingly short time (less than 0.1 millisecond), as shown below:

Press Ctrl+C to stop the pings.

Installing Apache in the Ubuntu Container

Starting from the Kali prompt, execute these commands, replacing YOURNAME with your own name:

docker attach ubuntu-YOURNAME

Press Enter.

service apache2 start

You see an "unregognized service" message, as shown below:

This Ubuntu image doesn't have Apache installed on it. To install it, execute these commands:

apt-get update apt-get install apache2 -y
netstat -pant

You should see apache2 listening on port 80, as shown below:

Making a Custom Web Page

In the ubuntu container, execute this command, replacing "YOURNAME" with your own name:

echo "<h2>Ubuntu Container on Kali -- YOURNAME</h2>" > /var/www/html/index.html

Viewing the "Ubuntu Container" Page Locally

Using the mouse, at the top left of the Kali desktop, click Applications.

Click IceWeasel.

In Iceweasel, in the address bar, enter the IP address of your ubuntu container. You should see the Web page you just created, as shown below.

Viewing the "Ubuntu Container" Page from the Host

On your host system, which is probably Windows or a Mac, open a Web browser. In the address bar, enter the IP address of your ubuntu container.

The browser times out, as shown below.

This happened because the Ubuntu container is behind a virtual router with Network Address Translation--it's not directly connected to the host system.

To operate network services inside the container, we need to specify port forwarding --connecting a port on the Kali host to a port on the Ubuntu guest.

Configuring the Container for Port Forwarding

Unfortunately, port forwarding can only be configured when a container is first created, as far as I can tell. So we'll make a new container.

Starting from the Ubuntu prompt, execute these commands, replacing "YOURNAME" with your own name.

exit docker run -p 8080:80 -it 32bit/ubuntu:14.04 bash apt-get update apt-get install apache2 -y echo "<h2>Ubuntu Container on Kali -- YOURNAME</h2>" > /var/www/html/index.html
netstat -pant

Your server should be listening on port 80, as shown below.

Press Ctrl+P and then press Ctrl+Q to detach from the container and leave it running.

In the Kali terminal, execute this command:

netstat -pant

You should see "docker-proxy" listening on port 8080, as shown below.

In the Kali terminal, execute this command:

ifconfig

Your Kali machine has four adapters now:

docker0 -- used for the old container which ran in NAT mode
eth0 -- connects to the Internet
lo0 -- loopback
veth58714b1 -- virtual adapter used by the running container in Bridged mode

Find the address of the eth0 interface. That's the address that can be seen from the host machine.

Viewing the "Ubuntu Container" Page from the Host

On your host system, which is probably Windows or a Mac, open a Web browser. In the address bar, enter the IP address of your Kali machine's eth0 adapter, followed by :8080.

The page should open, as shown below.

Saving a Screen Image

Make sure the browser shows a page containing Your Name served from a Web address ending in :8080.

Click on the host machine's desktop.

Press Shift+PrintScrn. That will copy the whole desktop to the clipboard.

Open Paint and paste in the image.

Save the image with the filename "Your Name Proj 13b". Use your real name, not the literal text "Your Name". YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Turning in your Project

Send the image to: cnit.120@gmail.com with a subject line of "Proj 13 From Your Name", replacing Your Name with your own first and last name. Send a Cc to yourself.

Sources

Get Started with Docker for Linux

Posted 10-9-15 by Sam Bowne
Last revised 1-9-16