Lately I have being playing a lot with Docker, whatsoever, this blog is running on it, but What is Docker?
Docker is a software that allow us to run containers (think of them as VM’s for the moment) in a simple, light and fast way.
In the previous line I told you to think of a container as a VM, that’s not exactly true. A VM contains a full OS with everything that it required to boot as if it was a physical machine, this usually means that the disk usage is quite high from the beginning (Yeah, I know, you can make a super light installation not even bigger that a Gb). In Docker the containers only contain the required files (binaries, libraries, etc, etc) to work as the kernel is shared with the Host.
Docker also removes the hypervisor what makes it even lighter, and something I love, it can run inside a VM (only in Linux, Windows has a limitation that I will explain later on).
And, What does all this mean? To show you a real example, this is the disk usage of this blog currently on my Docker:
# docker ps -s CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE 553c6bf413f1 wordpress "/entrypoint.sh apach" 39 hours ago Up 15 hours 0.0.0.0:8080->80/tcp wordpress_wordpress_1 71.75 MB (virtual 592.3 MB) c828665d7494 mariadb "/docker-entrypoint.s" 39 hours ago Up 39 hours 3306/tcp wordpress_db_1 2 B (virtual 387.5 MB)
As you can see I use two containers, one for the wordpress (apache, php, etc) and the other one for mariadb, and I think the SIZE column speaks by itself.
Lets see what means each of the columns so you can start getting familiar with the different components of Docker.
This is the ID that Docker assigns to the container and that we can use as unique referer.
Base image use to create the container. We can consider an image as the template for a container, it contains all the basic elements already installed to work. Once the container is created we can modify it as we like, notice that the image itself is not modified, just the changes made on the container. In this cases the wordpress image container an installation of wordpress ready to use and includes an apache server, if I wanted to run a different wordpress I will simply use the same image to create a new container and start from scratch.
This is the command that is executed when the container starts, in this case a script that takes care of starting all the necessary services.
CREATED & STATUS
How long since the container was created and its uptime.
By default Docker generates a virtual network, similar to the VBox’s host-only, with which we can access the container ports only from the Host or from other containers. In this case the wordpress’s container maps port 80 of the container to the port 8080 of the Host what means that if we connect to the port 8080 of the Host the port 80 of the container will reply but, in the mariadb’s container, the port 3306 is not mapped meaning that it will be only accessible from the Host or, in this case, from the wordpress container.
In addition to the ID the containers also could be referred by a name, if it’s not specified when the container is created Docker will assign it a random one formed by two-word, some could be quite funny.
Another thing that made me fall in love with Docker is small deployment time, creating a new container takes only a few seconds, and only the first time may take a while if the base image is not already downloaded.
A Docker usage example could be a metasploit image and another one with OpenVAS that I created and that allows me to run those application without installing anything else than Docker in the Host as all the dependencies are already inside of the images. This way if I need metasploit I just create a container with that image and I will be able to use it immediately.
Another option that Docker has is the option to create a Swarm, something like a cluster, using different machines and administrate all from a single one. This way the containers will run in different machines be them the ones we specify, be them the ones Docker decides. The only inconvenience of the Swarm is that the ports are not mapped to the administrator machine but to the one where the container is running, meaning that if we run a container in a remote machine we will need to connect to the port on that machine. About Swarm I will talk in future post and will explain you how to build a simple one.
Hope you enjoyed this “little” introduction to Docker, if you want to read more you can go to their website: https://www.docker.com