Outline

• In this lecture, we will learn:
  • The core concepts of Docker containerisation
  • The basic usage of Docker images/containers

Why learn containers?

A solution: containerisation of applications

What is containerisation?

• A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.
  • Container ≠ VM
  • Share Host OS
  • An isolated process
  • Motto: Build, ship and then run it anywhere

Key benefits of containers

Key docker terminology

• Docker Image: The basis of a Docker container. Represents a full application
• Docker Container: The standard unit in which the application service resides and executes
• Docker Engine: Creates, ships and runs Docker containers deployable on a physical or virtual, host locally, in a datacenter or cloud service provider
• Registry Service: Cloud or server based storage and distribution service for your images

Central concept of containerisation

Docker architecture

Important docker commands

docker run — Run a container

• A hello-world example

• Note: User requires root previlizes to use docker

Pulling an image

• Usage: docker pull <image name>

• Pulling an image with specific tag
  • docker pull ubuntu:23.10
• Understand: pull vs. run command

Docker run in forground vs. background mode

• Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG…]
  • docker run ... # default mode: foreground
  • docker run -d ... # with -d flag, run in detached mode

Running docker containers in interactive mode

• containers are non-interactive by default
  • <stdin> is closed immediately and terminal commands are not passed
• Use -i for interactive mode; -t allocates pseudo-terminal
  • Example usage: docker run -i -t IMAGE [ARG]

Listing containers

• list the running containers
  • docker ps

• list the running and stopped containers
  • docker ps -a

Interacting with containers

• Good for making changes inside a container
• usage: docker exec –it <container_id> bash
• Container ID/name should be from running container
• Just use exit (or control +d ) to exit out of a container

Create a new image from a modified container

• Changes in the container are not saved to image by default
• The docker commit allows creation of image from container
• Usage: docker commit [container id] [image-name]:[tag]
  • Create an image of an edited container on local system

Image URI syntax in detail

• library: Pull an image from the currently configured library
  • library://user/collection/container[:tag]
• docker: Pull an image from Docker Hub
  • docker://repository/image:tag
• Quay.io : pull image form Red Hat quay repository
  • docker: //quay.io/repository/image:tag

Containers in docker archive files

• Docker allows saving images into single file as tar archives
• Tar archives contains layers and metadata that make up a Docker container
• One can convert the tar file into an Apptainer container using the docker-archive bootstrap agent
• Usage: apptainer build local_tar.sif docker-archive:local.tar

Podman containers in HPC environment: One slide overview

• Runs as a daemonless process
• Does NOT require root access (i.e., Enhanced security)
• Uses user namespaces to provide an isolated container environment
• Allows non-privileged builds
• Provides compatibility with Docker (smooth tranisition frm Docker to Podman)
• Potential alternative but less matured ecosystem for HPC applications