Docker

Troubleshooting

subnet sandbox join failed for "...": error creating vxlan interface: file exists

# Check each node for any vx-* interfaces in /sys/class/net:
$ ls -l /sys/class/net/ | grep vx

# it will show something like following
#  lrwxrwxrwx 1 root root 0 Apr 14 18:05 vx-001003-uijt2 -> ../../devices/virtual/net/vx-001003-uijt2
#  lrwxrwxrwx 1 root root 0 Apr 14 18:05 vx-001009-tj2nu -> ../../devices/virtual/net/vx-001009-tj2nu

# to get more info on each interface
udevadm info /sys/class/net/vx-nnnnnn-xxxxx

# Remove the vxlan
# sudo ip -d link show vx-nnnnnn-xxxxx
sudo ip link delete vx-nnnnnn-xxxxx

Useful commands

  • Remove all untagged images: docker rmi $(docker images -q --filter "dangling=true")
  • Remove all stopped containers: docker rm $(docker ps -a -q)
  • Cleanup ALL unused volumes: docker volume rm $(docker volume ls -qf dangling=true)
  • Cleanup anonymous (not 100% precise) unused volumes: docker volume rm $(docker volume ls -qf dangling=true | awk '!/_/' | awk '!/-/' | awk '!/\./' | awk -F, 'length($0) == 64 { print }')
  • Inspect containe state afte filled: docker inspect mywildfly -f ‘{{json .State}}'” should see OOMKilled=true

Dockerfile

Always clean up apps cache and unused dependencies

RUN BUILD_DEPS="...." \
    && apt-get update && apt-get install -y --no-install-recommends $BUILD_DEPS \ 
    ... 
    && apt-get purge -y --auto-remove $BUILD_DEPS
    && rm -rf /var/lib/apt/lists/*

Or with alpine

RUN BUILD_DEPS="...." \
      && apk update && apk upgrade \
      && apk add $BUILD_DEPS \
   ...
   && apk del $BUILD_DEPS \ 
   && rm -rf /var/cache/apk/*

CMD + ENTRYPOINT

  • ENTRYPOINT: is always executed if existed. Overridden by --entrypoint switch of the docker run command
  • CMD: when being alone, acts like ENTRYPOINT, but overridden by passing additional argument to the docker run command (after the image name)

  • Both have 2 forms

    • Exec form (preferred): example ENTRYPOINT ["a", "b", "c"]
    • Executed via exec, thus be able to receive UNIX signal, like SIGTERM, from docker stop
    • No variable substitution
    • Shell form: example ENTRYPOINT a b c
    • Executed via /bin/sh -c thus, cannot receive UNIT signals. To receive UNIX signals, start with exec. Example: ENTRYPOINT exec a b c
    • Has variable substitution

  • ENTRYPOINT + CMD: what is defined in CMD will be appended to ENTRYPOINT:

    • If using exec form: appended as-is
    • If using shell form: prepend /bin/sh -c before appended to the ENTRYPOINT
  • Note for writing starter script: Remember to use exec or gosu

Prefer COPY over ADD

  • More transparent (local copy, no tar auto-extraction like ADD)
  • COPY individual files rather than all at once (utilise cache when rerun)
  • ADD <URL> is discouraged, wget/curl instead (don't add another layer, able to clean up downloaded files after used)

Mac OS

Too much disk space occupied by file: ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/Docker.qcow2

  • That is a virtual disk that Docker store images, volumes...
  • It keeps growing and not sink (at the time of writing, July 2016)
  • If not bother about loosing these data, just stop docker daemon, remove that file and start the daemon.

Docker Compose

Default networking behaviour

Assume the docker-compose.yml file are store in a folder named mycoolapp. When running docker-compose up:

  • A bridge network will be created with name mycoolapp_default
  • For every service declared in the file, a container will be launched with name = the service name. Joining the container to the above network.
  • All containers will discover each other using service name (now becomes container name, hostname)