Practical Exercises for Docker Compose: Part 2

stop_grace_period

From https://docs.docker.com/compose/compose-file/#stop_grace_period

docker-compose up -d -t 0
nano docker-compose.ymlversion: "3.7"
services:
alpine:
image: alpine:3.8 command: sleep 600 stop_grace_period: 0s
docker-compose up -d
docker-compose up -d
docker-compose up -d
docker-compose up -d
docker-compose up -d
docker-compose up -d
2018-11-05T14:46:34.968709389+02:00 container kill  .... lots of information ...  signal=15
2018-11-05T14:46:34.984262101+02:00 container kill .... lots of information ... signal=9
2018-11-05T14:47:49.486907072+02:00 container kill .... lots of information ... signal=15
2018-11-05T14:47:59.510613956+02:00 container kill .... lots of information ... signal=9

sysctls

sysctls is used to set kernel parameters to set in the container.

docker-compose up -d -t 0
docker exec -it compose-tuts_alpine_1 /bin/sh
cat /proc/sys/net/core/somaxconn
cat /proc/sys/kernel/msgmax
cat /proc/sys/kernel/shmmax
/ # cat /proc/sys/net/core/somaxconn
128
/ # cat /proc/sys/kernel/msgmax
8192
/ # cat /proc/sys/kernel/shmmax
18446744073692774399
/ # exit
nano docker-compose.yml
version: "3.7"
services:
alpine:
image: alpine:3.8 command: sleep 600 sysctls: net.core.somaxconn: 512
kernel.shmmax: 18102030100020003000
kernel.msgmax: 4000
docker-compose up -d -t 0 
docker exec -it compose-tuts_alpine_1 /bin/sh
cat /proc/sys/net/core/somaxconn
cat /proc/sys/kernel/msgmax
cat /proc/sys/kernel/shmmax
/ # cat /proc/sys/net/core/somaxconn
512
/ # cat /proc/sys/kernel/msgmax
4000
/ # cat /proc/sys/kernel/shmmax
18102030100020003000
/ # exit

namespaced sysctls

( Continued from previous section, with important heading added )

ERROR: for compose-tuts_alpine_1  Cannot start service alpine: OCI runtime create failed: sysctl "fs.file-max" is not in a separate kernel namespace: unknown

ulimits

Ulimit provides control over the resources ( such as sizes, cpu time, priorities) available to the shell and to processes started by it.

nano docker-compose.yml
# add this content
version: "3.7"
services:
alpine:
image: alpine:3.8 command: sleep 60171 stop_grace_period: 0s ulimits:
nproc: 2
nofile:
soft: 2
hard: 4
docker-compose up -d -t 0
Recreating compose-tuts_alpine_1 ... errorERROR: for compose-tuts_alpine_1  Cannot start service alpine: OCI runtime create failed: container_linux.go:348: starting container process caused "open /proc/self/fd: too many open files": unknown
docker-compose up -d -t 0
nano docker-compose.ymlversion: "3.7"
services:
alpine:
image: alpine:3.8 command: sleep 60171 stop_grace_period: 0s ulimits:
fsize: 10
docker-compose up -d -t 0docker exec -it compose-tuts_alpine_1 /bin/sh
/ # dd if=/dev/zero of=/tmp/output.dat  bs=1M  count=10
dd if=/dev/zero of=/tmp/output.dat  bs=1M  count=10
File size limit exceeded (core dumped)

configs

Configs declare configuration files for applications inside your containers need. Configuration files like those normally found inside /etc and F/opt.

nano config_data'# config data
nano my_second_config.config'# my_second_config.config contents
docker config create my_second_config my_second_config.config
nano docker-compose.ymlversion: "3.7"
services:
alpine:
image: alpine:3.8
command: sleep 600
configs:
- my_first_config
- my_second_config
configs: my_first_config:
file: ./config_data
my_second_config:
external: true
docker swarm initdocker stack deploy -c docker-compose.yml  mystackdocker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
ab50c7daf979 alpine:3.8 "sleep 600" 14 seconds ago Up 13 seconds mystack_alpine.1.jq3buvzkf2a3hpn7mwb0e43om
docker exec -it mystack_alpine.1.jq3buvzkf2a3hpn7mwb0e43om /bin/sh
/ # ls
bin lib my_second_config sbin usr
dev media proc srv var
etc mnt root sys
home my_first_config run tmp
/ # cat my_first_config
'# config data
/ # cat my_second_config
'# my_second_config.config contents
/ # exit
nano docker-compose.ymlversion: "3.7"
services:
alpine:
image: alpine:3.8
command: sleep 600
configs:
- source: my_first_config
target: /etc/my_first_config
- source: my_second_config
target: /opt/my_second_config
configs: my_first_config:
file: ./config_data
my_second_config:
external: true
docker stack rm  mystack
docker stack deploy -c docker-compose.yml  mystack
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
01156eb13576 alpine:3.8 "sleep 600" 4 seconds ago Up 2 seconds mystack_alpine.1.vg2m0ge161anuoz31c2mdgf1k
docker exec -it mystack_alpine.1.vg2m0ge161anuoz31c2mdgf1k /bin/sh
/ # ls
bin etc lib mnt proc run srv tmp var
dev home media opt root sbin sys usr
/ # cat /etc/my_first_config
'# config data
/ # cat /opt/my_second_config
'# my_second_config.config contents
/ # exit

secrets

Secrets work VERY similar to configs as explained above. The major difference is that the contents of secrets are encrypted.

nano docker-compose.ymlversion: "3.7"
services:
alpine:
image: alpine:3.8
command: sleep 600
secrets:
- my_secret
secrets: my_secret:
external: true
docker-compose down -t 0
docker stack rm mystack
docker container prune -f
echo a secret password | docker secret create my_secret -
docker stack deploy -c docker-compose.yml  mystack
docker ps -a
docker exec -it mystack_alpine.1.xrgtrrfnwn2qet5pevj5n9wne /bin/sh
- df to show /run/secrets/my_secret exist - in tmpfs - in ram.
- cat /run/secrets/my_secret ... to see the secret.
/ # df -h
Filesystem Size Used Available Use% Mounted on
/dev/mapper/docker-253:1-388628-c16342a3e1f1bfcdcebb82872fa626a5f35a2bea4e535aa9a889069b85c63332
10.0G 37.3M 10.0G 0% /
tmpfs 64.0M 0 64.0M 0% /dev
tmpfs 492.6M 0 492.6M 0% /sys/fs/cgroup
/dev/mapper/centos00-root
12.6G 5.5G 7.1G 43% /etc/resolv.conf
/dev/mapper/centos00-root
12.6G 5.5G 7.1G 43% /etc/hostname
/dev/mapper/centos00-root
12.6G 5.5G 7.1G 43% /etc/hosts
shm 64.0M 0 64.0M 0% /dev/shm
tmpfs 492.6M 4.0K 492.6M 0% /run/secrets/my_secret
tmpfs 492.6M 0 492.6M 0% /proc/acpi
tmpfs 64.0M 0 64.0M 0% /proc/kcore
tmpfs 64.0M 0 64.0M 0% /proc/keys
tmpfs 64.0M 0 64.0M 0% /proc/timer_list
tmpfs 64.0M 0 64.0M 0% /proc/timer_stats
tmpfs 64.0M 0 64.0M 0% /proc/sched_debug
tmpfs 492.6M 0 492.6M 0% /proc/scsi
tmpfs 492.6M 0 492.6M 0% /sys/firmware
/ # cat /run/secrets/my_secret
a secret password
/ # exit
docker inspect my_secret[
{
"ID": "vjvqnag6nu0p87xc0o94p315g",
"Version": {
"Index": 386
},
"CreatedAt": "2018-11-06T12:05:40.984748215Z",
"UpdatedAt": "2018-11-06T12:05:40.984748215Z",
"Spec": {
"Name": "my_secret",
"Labels": {}
}
}
]
docker secret ls

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com