Working with Docker¶
In this section, we will look at a few more advanced examples of working with container images that are available on Docker Hub. We will run commands using the containerized assets both interactively and non-interactively.
Pull An Official Image¶
One powerful aspect of developing with containers and the Docker ecosystem is the large collection of container images freely available. There are 10s of millions of images on Docker Hub alone, but beware: using an image that you don’t know anything about comes with the same risks involved with running any software.
Warning
Be careful running container images that you are not familiar with. Some could contain security vulnerabilities or, even worse, malicious code like viruses or ransomware.
To combat this, Docker Hub provides “Official Images”, a well-maintained set of container images providing high-quality installations of operating systems, programming language environments and more.
We can search through the official images on Docker Hub here.
Scroll down to find the Python official image called python
, then
click on that image.
We see a lot of information about how to use the image, including information about the different
“tags” available. We see tags such as 3.12-rc
, 3.11.2
, 3.11
, 3
, etc.
We’ll discuss tags in detail later, but for now, does anyone have a guess as to what
the Python tags refer to?
We can pull the official Python image using command, then check to make sure it is available locally:
$ docker pull python
...
$ docker images
...
$ docker inspect python
...
Tip
Use docker inspect
to find some metadata available for each image.
Start an Interactive Shell Inside a Container¶
Using an interactive shell is a great way to poke around inside a container and see what is in there. Imagine you are ssh-ing to a different Linux server, have root access, and can see what files, commands, environment, etc., is available.
Before starting an interactive shell inside the container, execute the following commands on your local device (we will see why in a minute):
$ whoami
wallen
$ pwd
/Users/wallen
$ uname -a
Darwin wireless-10-147-13-120.public.utexas.edu 22.1.0 Darwin Kernel Version 22.1.0: Sun Oct 9 20:14:54 PDT 2022; root:xnu-8792.41.9~2/RELEASE_X86_64 x86_64
Now start the interactive shell inside a Python container:
$ docker run --rm -it python /bin/bash
root@fc5b620c5a88:/#
Here is an explanation of the command options:
docker run # run a container
--rm # remove the container when we exit
-it # interactively attach terminal to inside of container
python # use the official python image
/bin/bash # execute the bash shell program inside container
Try the following commands - the same commands you did above before staring the interactive shell in the container - and note what has changed:
root@fc5b620c5a88:/# whoami
root
root@fc5b620c5a88:/# pwd
/
root@fc5b620c5a88:/# uname -a
Linux e8bdfbf0fad7 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 GNU/Linux
Now you are the root
user on a different operating system inside a running
Linux container! You can type exit
to escape the container.
EXERCISE¶
Before you exit the container, try running the command python
. What happens?
Compare that with running the command python
directly on your local device.
Run a Command Inside a Container¶
Back out on your local device, we now know we have a container image called
python
that has a particular version of Python (3.11.x) that may
not otherwise be available on your local device. The 3.11.x Python interpreter,
it’s standard library, and all of the dependencies of those are included in the
container image and
are isolated from everything else. This image (python
) is portable
and will run the exact same way on any OS that Docker supports.
In practice, though, we don’t want to start interactive shells each time we need to use a software application inside an image. Docker allows you to spin up an ad hoc container to run applications from outside. For example, try:
$ docker run --rm python whoami
root
$ docker run --rm python pwd
/
$ docker run --rm python uname -a
Linux e8bdfbf0fad7 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 GNU/Linux
$ docker run -it --rm python
Python 3.11.2 (main, Feb 11 2023, 02:24:27) [GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> # type exit() to escape
The first three commands above omitted the -it
flags because they did not
require an interactive terminal to run. On each of these commands, Docker finds
the image the command refers to, spins up a new container based on that image,
executes the given command inside, prints the result, and exits and removes the
container.
The last command, which did not specify a command to run inside the container, uses the container’s
default command. We don’t know ahead of time what (if any) default command is provided for
any given image, but what default command was provided for the python
image?
Yes, it was the python
command itself, and that requires an interactivity to use,
so we provide the -it
flags.
If all else fails, display the help text:
$ docker --help
shows all docker options and summaries
$ docker COMMAND --help
shows options and summaries for a particular command