diff options
-rwxr-xr-x | examples/example1.sh | 8 | ||||
-rwxr-xr-x | examples/example2.sh | 2 | ||||
-rwxr-xr-x | examples/example3/example3.sh | 2 | ||||
-rw-r--r-- | examples/example4/Dockerfile | 5 | ||||
-rwxr-xr-x | examples/example4/example4.sh | 22 | ||||
-rwxr-xr-x | examples/example5.sh | 28 | ||||
-rw-r--r-- | slides.md | 164 |
7 files changed, 205 insertions, 26 deletions
diff --git a/examples/example1.sh b/examples/example1.sh index d441d9a..cc42e7c 100755 --- a/examples/example1.sh +++ b/examples/example1.sh @@ -16,6 +16,14 @@ set -exuo pipefail # Run a container +# Time the docker command tells us how long it took +# --rm will remove the container after it's done executing +# -it is for running the docker process interactively in our +# current terminal vs running it as a daemon. +# ubuntu:18.04 is the image we want to use, if we don't have +# the image downloaded then docker will automatically try +# to get it from docker hub +# The remainder is the command we're passing to the container time docker run --rm -it ubuntu:18.04 /bin/bash -c 'echo Hello World' # Show size of docker container diff --git a/examples/example2.sh b/examples/example2.sh index ab4faff..e5d95c0 100755 --- a/examples/example2.sh +++ b/examples/example2.sh @@ -15,4 +15,4 @@ set -exuo pipefail # Run a container -docker run --rm -it ubuntu:18.04 /bin/bash -c date "$@" +docker run --rm -it ubuntu:18.04 /bin/bash -c "date $*" diff --git a/examples/example3/example3.sh b/examples/example3/example3.sh index b1676a4..a57b368 100755 --- a/examples/example3/example3.sh +++ b/examples/example3/example3.sh @@ -19,4 +19,4 @@ set -exuo pipefail docker build -t vim_image . # Run the image -docker run --rm -it -v "$(pwd)":/usr/src/app vim_image /bin/bash -c vim +docker run --rm -it -v "$(pwd)":/usr/src/app vim_image /bin/bash -c "vim $*" diff --git a/examples/example4/Dockerfile b/examples/example4/Dockerfile new file mode 100644 index 0000000..a13c3cc --- /dev/null +++ b/examples/example4/Dockerfile @@ -0,0 +1,5 @@ +FROM python:3 + +RUN pip3 install babysploit + +WORKDIR /usr/src/app diff --git a/examples/example4/example4.sh b/examples/example4/example4.sh new file mode 100755 index 0000000..3029c59 --- /dev/null +++ b/examples/example4/example4.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# vim: set filetype=sh +# +# Author: Cody Hiar +# Date: 2019-01-15 +# +# Description: Show how to build image, then run +# it. +# +# Set options: +# e: Stop script if command fails +# u: Stop script if unset variable is referenced +# x: Debug, print commands as they are executed +# o pipefail: If any command in a pipeline fails it all fails +# +set -exuo pipefail + +# Build the image +docker build -t baby_sploit . + +# Run the image +docker run --rm -it -v "$(pwd)":/usr/src/app baby_sploit /bin/bash -c "babysploit $*" diff --git a/examples/example5.sh b/examples/example5.sh new file mode 100755 index 0000000..aaaff17 --- /dev/null +++ b/examples/example5.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# vim: set filetype=sh +# +# Author: Cody Hiar +# Date: 2019-01-15 +# +# Description: How to run chrom containized +# +# Set options: +# e: Stop script if command fails +# u: Stop script if unset variable is referenced +# x: Debug, print commands as they are executed +# o pipefail: If any command in a pipeline fails it all fails +# +set -exuo pipefail + +# Error with container opening socket +# https://github.com/jessfraz/dockerfiles/issues/4 +xhost local:root + +# Launch spotify in a container +docker run -it \ + --rm \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix"$DISPLAY" \ + --device /dev/snd \ + --name spotify \ + jess/spotify @@ -61,18 +61,19 @@ answers are ostentatious. ------------------------------------------------- --> Handy Chart of Advantages <- -=============================== +Handy Chart of Advantages +========================= + +| Feature | VM | Docker | +| ----------- | -- | ------ | +| Size | ** | ** | +| Startup | ** | ** | +| Integration | ** | ** | --> | Feature | VM | Docker | <- --> | ----------- | -- | ------ | <- --> | Size | ** | ** | <- --> | Startup | ** | ** | <- --> | Integration | ** | ** | <- +Docker vs Vagrant +MBs vs GBs +Seconds vs Minutes --> Docker vs Vagrant <- --> MBs vs GBs <- --> Seconds vs Minutes <- ------------------------------------------------- @@ -93,6 +94,11 @@ answers are ostentatious. example1.sh demo +- Run script +- Explain commands +- Look at execution time +- Look at image size + ------------------------------------------------- -> What Happened? <- @@ -104,42 +110,152 @@ example1.sh demo 2. Docker spins up a container 3. Container runs `echo Hello World` 4. Docker spins down the container +4. Docker removed the container There will be no demo of a VM time equivalent ------------------------------------------------- -If the time difference between running a program -on the machine and running a program in a +Q: If the time difference between running a command +on the machine and running a command in a container is negligible, then why don't we start running all commands inside of containers? ------------------------------------------------- -Answer: We don't understand Docker yet. But after +A: We don't understand Docker yet. But after this we will! ------------------------------------------------- --> Let's dockerize a command <- -=============================== +-> Let's dockerize the 'date' command <- +======================================== example2.sh demo +- show `date` command +- show script with docker command explain '$@' args +- run `date -d yesterday` locally and with script +- move script to somewhere on $PATH to execute + ------------------------------------------------- -As you can see the run time of the program inside -the container is blazingly fast. We can extend -this concept of dockerizing command by building -our own docker images that install all the -dependancies necessary. +As you can see the run time of the command inside +the container is blazingly fast. `date` was already built +into the container so look at how to install a package. ------------------------------------------------- -> Introducting Docker Files <- =============================== -Dockerfiles are a set of instructions that build a -docker image which can then be ran locally, shared -with others, and even extended to be included in -other docker files. +Docker images are synonymous with VM snapshots. They take a +'picture' of the current container. While it is possible to +start a container, install/set it up, and then export the +container as an image, the best way to create images is by +using a Dockerfile. Dockerfiles are step by step set of +instructions on how to create an image that will be able to +run an application. + +------------------------------------------------- + +-> Let's dockerize Vim <- +========================= + +example3.sh demo + +- Show Dockerfile +- Show script, explain docker build +- Explain layers for caching and build context +- Explain the volumes for mounting files + +------------------------------------------------- + +-> A Quick Intermission: <- +=========================== +-> Compiled vs Intepreted Programming Languages <- +================================================== + +Once upon a time, programming langauges were compiled to +binaries and everyone was happy. Then the evil Alan Kay +led the creation of Smalltalk at Xerox PARC which influenced +future programming languages with evil concepts like object +oriented programming and compiling at run time. Now we have +to live with the evil Alan Kay's cruel intentions and will +never know true happiness again. + +The End + +------------------------------------------------- + +-> Using language specific images <- +==================================== + +Some langauges, such as python, ruby, and javascript, +are compiled at run time when they are run. This means that +you need to have that language's ecosystem installed on your +machine to run a tool programmed in that language. Docker +provides official images for many languages which provide +required low level libraries and usually the languages +package manager so that you can quickly get up and running. +Now we don't have to pick tools based on their languages. + +------------------------------------------------- + +-> Let's dockerize Babysploit <- +================================ + +example4.sh demo + +- Babysploit provides own container, we'll try our own +- Show Dockerfile and script + +------------------------------------------------- + +-> A Beginner's Summary <- +========================== + +- We have a loose general idea of what Docker is +- We've seen how fast/small docker images are +- We have a framework for running images similar to binaries +- Dockerfiles provide us with step by step instructions on + how to build the environment for an application as well + as define the boundaries of an application +- We can use tools written in languages we don't know + without having to research how to set the the languages + environment, and even do development on the tool + +------------------------------------------------- + +-> What about GUI Apps? <- +========================== + +Ok let's kick it up. + +So far we've only been working with simple binaries on the +command line but docker is capable of much, much more. How +about GUI aplications? + +* Note: This is for linux only, sorry mac/windows +* ref: https://blog.jessfraz.com/post/ +* docker-containers-on-the-desktop/ + +------------------------------------------------- + +-> Let's dockerize Spotify <- +============================= + +example5.sh demo + +- Explain how display can be shared with volumes +- Run spotify + +------------------------------------------------- + +-> Managing Multiple Containers? <- +=================================== + +Docker compose is a tool for defining multi container +environments that allow us to create a repeatable +infrastructure setup so that we can build complex +environments that have complex requirements. |