current position:Home>How to use docker to safely try out software

How to use docker to safely try out software

2022-01-27 01:21:40 mikes zhang

 Insert picture description here
Docker Allows you to package your software as a self-sufficient container , These containers share the kernel of the host , But it looks and feels like an independent VM. The software runs close to the performance of the machine . This makes Docker Containers are a great way to safely try out new packages , Without having to install... On your machine “ Bare pager ”. Here are some techniques you can use .

Why use Docker To try out the software ?

When you first try the software , It is not always advisable to install directly from the package manager . You may not want to run unproven daemons or network services on your hardware . Some uninstallers do not delete every file connected to their packages , If you decide not to use the software for a long time , Your machine will be messed up by isolated configurations .

In the worst case , The package you download may even be malicious or damaged . Choosing bare metal installation will put your data at risk . When you realize the problem , Attackers may have collected sensitive information from their malicious installation scripts .

Docker The container provides you with an isolated sandbox , You can install new packages in it without worrying about these problems . And start a new VM comparison ,Docker Lighter 、 faster , But it provides a similar level of security when configured for secure execution .

The package you install in the container will modify the file system of the container , So that your host data remains complete . Malicious packages will be more difficult to compromise your system , Because they need to leave the container to reach your host . The installer looking for interesting configuration files from other packages will see a new file system , Not your user data .
If you find that a package is not suitable for you , Just delete the sandbox Docker The container can be “ uninstall ” it . It won't leave any trace on your system .

lookup Docker Mirror image

When you want to try something new , You'd better search first Docker Hub, See if there is already a container image of the package you choose . Images provide ready to use deployment of specific software , It is similar to the configuration of a set of software packages in advance VM ISO.

Many popular programs now offer official Docker Mirror as part of its release . These in Docker Hub It's clearly marked green “ Official image ” badge .
 Insert picture description here
Sometimes , You may find an unofficial image , This image provides the package you are looking for , But released by community members . It's worth checking the download statistics first to assess whether others have successfully used it .

You should also make sure that the image has a variation of the software version you want . The image will use Docker Tags distinguish between different versions , for example mongo:5MongoDB 5 and mongo:4MongoDB 4. Use Docker Hub View the available options and when they were last updated .

Use images

After finding the image , Start a container from it . You should refer to Docker Hub Image description on , To get a specific description of the software you choose .

Usually , You can launch images of packaged interactive applications in the following order :

docker run -it example-image:latest

Start to provide... For the background process -d The image of the logo :

docker run -d example-image:latest

The docker run The command starts the container with the specified image . Your software is now running in an isolated environment with its own file system . You can run multiple independent instances simultaneously by booting multiple containers from the image .

What if there is no image ?

Lack of official or unofficial information for the package you selected Docker The image is not for you to try Docker The end of the trip . under these circumstances , Create a container from the operating system base image to host your isolated environment . then , You can run the regular installer of the software to put it in your container .

This is Docker Start a new Ubuntu Examples of environments :

docker run -it ubuntu:20.04

these -it The flag means that you will enter the interactive... Running in the terminal shell. Now? , You can use apt、curl、wget Or any other steps necessary to install and try out your target package .

apt update
apt install example-package
example-package --example-flags

If you want to repeat these steps again later , Please write a Dockerfile To build your own image :

FROM ubuntu:20.04
apt update
apt install example-package
ENTRYPOINT ["example-package"]
CMD [""]

Build your image :

docker build -t example-package:latest .

Now start a container with your image , The container runs automatically example-package Add to Ubuntu Binary file of basic image :

docker run -it example-package:latest --example-flags

It works , Because binary files are in Dockerfile Set in the for Docker The command of the image . It will run automatically when the container starts , Receive your message to The logo of docker run.

take snapshot

Use Docker Another benefit of trying new software is that it can create a snapshot of the current state of the container . When you try different settings and want to back up specific configurations so that you can easily return later , It's very useful .

Use the following docker commit Command to create a new image from the container's file system :

docker commit my-container package-snapshot:latest

You should replace my-container Container ID Or name . You can get these details by running ,docker ps It displays all running containers in the startup order . This command marks the snapshot image as package-snapshot:latest.
 Insert picture description here
Now? , You can apply any changes you need to existing containers , Without worrying about breaking the current state . If you want to roll back , Please use docker run from package-snapshot:latest Image boot another container .

clean up

When you finish the experiment ,Docker It's easy to “ uninstall ” Your software , Without leaving any trace . First delete your container :

docker rm my-container

Then clear the image you downloaded :

docker run -it -v config-volume:/etc/example-package/conf.d example-package:latest

You are now back to a clean state . Because anything related to the software only exists in your container , So your host's file system will remain the same .

Persistent data

One challenge you may encounter is , When do you want to pause the trial and resume it later .Docker Containers reset their state when they stop , So any file system changes you make ( For example, add a configuration file ) All will be lost .

You can solve this problem by installing the volume into the container , In order to keep important files on your host . Use for this -v sign docker run.

docker run -it -v config-volume:/etc/example-package/conf.d example-package:latest
The life of a roll is longer than that of a single container , So you can provide the same -v Flag to restore files to a new container . Use docker volume rm Command delete volume .

Conclusion

Docker It is a quick and easy way to safely try out software without polluting the host environment . It allows you to categorize new software packages before introducing them into sensitive systems and bare metal hardware .
Use Docker Provides the opportunity to scan the software before running . Built in Docker Scanning components can identify vulnerabilities in the image package , Give you a general understanding of potential safety hazards . Use docker scan example-package:latest Scan downloaded images .

You can choose to continue using... After the initial experiment Dockerized Software installation . perhaps , You can use what you have learned to set up a normal bare metal installation , Thus, it is more convinced that the software package can realize its claimed functions .

copyright notice
author[mikes zhang],Please bring the original link to reprint, thank you.
https://en.cdmana.com/2022/01/202201270121366544.html

Random recommended