Lab 12 - HackMD

# Lab 12 Albert Akmukhametov a.akmukhametov@innopolis.university ## Question 1 Simply speaking, `CMD` is default command to run and may be subject for overriding. For instance, `docekr run shit` will run container from `shit` image with command `CMD`. But if we run `docker run shit my_cmd`, `CMD` will not be executed and `my_cmd` will be executed instead. Usual usecase --- environmental images (eg. ubuntu, alpine) `ENTRYPOINT`, on the other side, is something which will be unconditionnaly run. I.e. in both `docker run shit` and `docker run shit my_cmd` entrypoint weill be executed. Usual usecase --- application running (eg. nginx, postgres) ## Question 2 1. Check its source if I take ready resource or check its partents if it developed by me. For example, if you download so called "fast and furious docker compose yml with postgress", you should e`nsure that original postgres image is correct (i.e. from official repo from official Docker hub). 2. Pay attention to forwarded resources. Make sure all external volumes which are binded to container are correct 3. Make sure `--privileged` is not used. It is bad because it makes isolation simple to escape 4. Pay attention to exposed ports. For example if you have complex `docker-compose.yml` with postgres, redis, some apps and nginx, make sure that correct ports of correct container will be exposed out of docker internal network. 5. Keep your images up-to-date in order to avod security problems (like CVEs or etc). But avoid using images with tag `:latest` because a. Docker hub repository may be hijacked and malicious image may be published as latest b. You can miss the moment when some backward-campatability breaking changes were applied, so your will have painful downtime ## Question 3 `docker system prune -a` Before: ![](https://i.imgur.com/6X5aVIz.png) Process: ![](https://i.imgur.com/S20cOjr.png) After: ![](https://i.imgur.com/PTPf1Dl.png) ## Question 4 Use `docker cp` 1. Run any container, example `docker run -it ubuntu /bin/bash` _(interactive shell for further check of solution)_ ![](https://i.imgur.com/L91wBl3.png) 2. Determine container ID using `docker ps` ![](https://i.imgur.com/oKF5jmP.png) 3. Use docker cp: `docker cp file container_id:path` ![](https://i.imgur.com/Avi6dib.png) 4. Check file ![](https://i.imgur.com/NpFTnfi.png) ## Question 5 ```bash docker run -v "$(pwd)/content:/usr/share/nginx/html" -d -p 8080:80 nginx ``` ![](https://i.imgur.com/o7e36XW.png) ![](https://i.imgur.com/Eggj8j6.png) ![](https://i.imgur.com/ud4vTsN.png) ## Question 6 1. Setup rsyslog server (config and rule) ![](https://i.imgur.com/I6bCcLW.png) ![](https://i.imgur.com/BbNR4a8.png) 2. Build and run docker container ![](https://i.imgur.com/8vG8k98.png) ![](https://i.imgur.com/3wMazyf.png) ![](https://i.imgur.com/EWTigdj.png) ![](https://i.imgur.com/zksfnHn.png) ## Question 8 1. Take a look at initial state of Dockerfile and get error ![](https://i.imgur.com/Kwxl7YK.png) 2. Alpine uses not `apt-get` but `apk`. Replace this line with the following: ``` RUN apk update && apk add python3 ``` ![](https://i.imgur.com/XsETdwd.png) 3. Try to build it with tag and run ![](https://i.imgur.com/XAHdkbF.png) 4. Replace `python` with `python3` and try to run it. Also need to replace CMD with ENTRYPOINT. Also I will expose 8000 port to test page ![](https://i.imgur.com/pvJqkYb.png) ### Resulting Dockerfile ```dockerfile FROM alpine RUN apk update && apk add python3 RUN touch index.html RUN echo "<html><h1>Testing web</h1></html>" >> index.html ENTRYPOINT ["python3", "-m", "http.server"] ```