Docker System Basics

A 30-minute hands-on session to introduce Docker fundamentals with a focus on HPC development.

Overview

In this session, you will learn:

  • The basic components of the Docker system.

  • How to run containers interactively and in detached mode.

  • Key Docker commands such as docker ps, docker images, and how to manage container lifecycles.

  • How Docker concepts translate to HPC containerization workflows.

Docker System Components

basics of docker system

The basic components of the Docker system are:

  • Images: Blueprints of the application and its dependencies.

  • Containers: Running instances of images.

  • Volumes: Persistent data storage.

  • Networks: Isolated environments for containers to communicate.

  • Dockerfile: A file used to create Docker images.

Docker Hello World Example

Let’s start by running a simple Docker container:

docker run hello-world

This command pulls the hello-world image from Docker Hub and runs it in a container. Notice that the container runs, prints a message, and then exits.

Running Ubuntu in a Container

You can start an interactive session in an Ubuntu container. In this example, we also use the --rm flag.

docker run --rm -it ubuntu bash

  • Explanation:

    • --rm: Automatically removes the container after it exits, keeping your system clean.

    • -it: Combines -i (interactive) and -t (allocate a pseudo-TTY) to enable an interactive shell session.

After running this command, you’ll have an interactive Bash shell inside the Ubuntu container.

Essential Docker Commands

Listing Containers and Images

  • docker ps Lists all running containers.

docker ps

  • docker ps -a Lists all containers, including those that have exited.

docker ps -a

  • docker images Lists all available Docker images on your system.

docker images

Running Containers in Detached Mode

To run a container in the background (detached mode), use the -d flag:

docker run --rm -d ubuntu sleep 60

  • Explanation:

    • -d runs the container in detached mode.

    • In this example, the container will run the sleep 60 command and exit after 60 seconds.

    • The --rm flag ensures the container is removed automatically when it stops.

Logging into and Out of Docker Registries

Creating a GHCR_PAT (Classic Token) for GitHub Container Registry

To authenticate with GitHub Container Registry (ghcr.io), you need to create a Personal Access Token (PAT) with the proper scopes. Follow these steps:

  1. Go to GitHub Settings: Click your profile icon in the upper-right corner and select Settings.

  2. Navigate to Developer Settings: In the left sidebar, select Developer settings.

  3. Personal Access Tokens: Click Personal access tokens and then select Generate new token (classic).

  4. Configure Your Token:

    • Note: Provide a descriptive name (e.g., "GHCR PAT for Actions").

    • Expiration: Set an expiration date appropriate for your use case.

    • Scopes: Make sure to select at least the following:

    • read:packages – Required to pull packages from GHCR.

    • write:packages – Required to push packages to GHCR.

    • (Optional) delete:packages – If you need to remove packages.

  5. Generate the Token: Click Generate token at the bottom of the page.

  6. Copy the Token: Important: Copy the generated token immediately and store it securely. You won’t be able to see it again.

  7. Use the Token: Save this token as GHCR_PAT in your GitHub repository secrets for use in your CI/CD workflows.

For more details, refer to the GitHub documentation on [creating a personal access token](docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).

Login and Logout Commands

  • docker login Log into a Docker registry (e.g., Docker Hub or GitHub Container Registry).

docker login ghcr.io -u <your-username> --password $GHCR_PAT

  • Replace <your-username> with your actual username and supply your password via standard input (or use a secret in CI/CD pipelines).

  • docker logout Log out from the Docker registry.

docker logout ghcr.io

Advanced Docker Usage

Volumes: Persistent Storage

Use volumes to store data that persists even after a container is removed. For example, run an Ubuntu container with a mounted volume from your local /tmp directory:

docker run --rm -it -v /tmp:/tmp ubuntu bash

Inside the container, you can run df to view the mounted volume.

Docker Images and Updates

Docker images can be updated and modified by creating new image layers.

This approach allows you to:

  • Roll Back Updates: Easily revert to a previous image version.

  • Efficient Testing: Only new layers need to be pushed or pulled.

  • Optimized Distribution: Minimize changes, reducing download times.

changes and updates

Docker for HPC

Docker serves as a foundational tool in HPC container workflows:

  • Development & Testing: Create and test HPC applications in a controlled Docker environment.

  • Container Conversion: Docker images can be converted to Apptainer/Singularity images for deployment on HPC clusters.

  • Reproducibility: Docker ensures consistent environments across different stages of development and production.

Conclusion

We covered:

  • Basic Docker components and commands.

  • Running containers interactively and in detached mode.

  • Managing containers and images with docker ps and docker images.

  • Logging into and out of Docker registries.

  • Advanced topics including volumes and image layering.

  • How Docker basics underpin HPC containerization workflows.

Questions? Let’s discuss how these tools can streamline HPC application development!