Posted on 02-Mar-2019 13:40:38
I have recently been in the role of a research engineer where I have been learning about modern engineering practices and the tools that support these. It has been very exciting and different role where I am spending more time reading on internet or watching videos. There are no production issues where I need to help L2 or push an emergency bug fix, no hard deadlines (eg: regulatory requirements), no back and forth on requirements gathering, etc All that sounds good but there is a different challenge now. Since its a role at an enterprise, there are 2 main challenges -
a) You dont have admin/sudo privileges . Hence you cant install what you want easily. If you want to get something installed, you need to submit a request with the IT services team, they run their own code and security scans and finally you get it.
b) You have a proxy which blocks few sites or few actions against a site.
Unfortunately, nothing much can be done for the second point above but Docker comes as a rescue for he first point. Since Docker images are built with all the dependencies within the image and they run within a container on the host OS, this solves the first problem to a great extent. You can either download the available Docker images in Docker hub or you can build your own Docker file and build the images you need.
When I say Docker solves the problem to a great extent, there are certain things which cannot be solved with Docker too. For eg, when you need access to certain system information that only root user or sudoers can access. For eg. Packetbeat is a tool which can sniff network layer on the host where it is installed. It either needs to be run by a root user or the executable will need additional capabilities (CAP_NET_RAW) to be provided with the setcap command. There is no option here than taking help of IT team to get the capabilities set.
Here are some tips for using Docker based on my experience, as I needed to find these as I faced problems.
a) If you want to access a web application running in a localhost inside the docker container, run the app with the address 0.0.0.0 instead of localhost. For eg while brining up a Flask app, pass the host = 0.0.0.0 in the app.run() call. Make sure the web app is accessible from a browser with the http://0.0.0.0/yoururl address. And if you are running Docker on Mac, access the apps on the host machine from the container with the host as docker.for.mac.localhost instead of localhost. In some versions use docker.for.mac.host.internal or host.docker.internal.
b) Docker containers come up with an option of whether their network is contained or they run on the host network. In order to run the container in the host network, run the container with the –net=host option.
c) If you have to move your locally tried images to a Linux environment, use docker save to save the image to a tar file on your local machine and load the image in the tar file on target machine using the docker load command.
d) To set the proxy of your enterprise, set it in the Docker daemon for Mac under the Preferences tab. If there is a user name or password for your proxy, set it as http://username:password@IPaddress:port.
e) The beauty with proxy setting in above point is that it is not used by the docker build command for some reason though it is used by the docker pull command. In order to set the proxy for the docker build, add the proxy within the docker file. Again as above point, use the username and password if the proxy needs to be authenticated.
ENV http_proxy ENV https_proxy Hope these tips help those using Docker within enterprises. I will keep editing this post for adding more tips here as I face issues and find solutions for them. Come back to this if you need any help around Docker.
Vishnu Vardhan Chikoti is a co-author for the book "Hands-on Site Reliability Engineering". He is a technology leader with diverse experience in the areas of Application and Database design and development, Micro-services & Micro-frontends, DevOps, Site Reliability Engineering and Machine Learning.