Laboratory to bluemix, a cloud solution exercise to etl scheduler

Archive for the tag “docker”

Run the web app

Run images the same way you did locally but without any worry of keeping your laptop on all day!

  • Check images are in your Bluemix hosted registry

     $ cf ic images
     REPOSITORY                                        TAG           latest                         latest              
  • Run Mongo container

  Just like locally, except this time use cf ic instead of docker to point to Bluemix.

$ cf ic run --name lc-mongo -p 27017 -m 512

  • Show the running container instances

    Wait for a state of RUNNING before you proceed:

    $ cf ic ps
    CONTAINER ID        IMAGE                                                       
    7ebf51a3-35a   ""
  • Run  Let’s Chat container

    $ cf ic run --name lets-chat --link lc-mongo:mongo -p 8080 -m 256


    Show the running container instances. Wait for a state of RUNNING before you proceed:

    $ cf ic ps
    CONTAINER ID        IMAGE                                                                
  • Expose Let’s Chat container to the public Internet

    The IBM Containers command line tool will attempt to expose your container for you if you have room left in your Public IP Address quota.

    Check which IPs are available and then bind one to your running container.

    $ cf ic ip list
    Number of allocated public IP addresses:  2
    IpAddress        ContainerId   

    If you have no available IP addresses in the response, you can request one:

    $ cf ic ip request
    Successfully requested ip 134.XXX.YYY.ZZZ


  • Bind an available IP address

    $ cf ic ip bind 134.XXX.YYY.ZZZ lets-chat
    The IP address was bound successfully

    Show running containers with bound IP information now visible:

    $ cf ic ps
    d368a598-69d   ""
    7ebf51a3-35a       ""     
  • Running app in browser

    At the IP you just bound. Remember to use port 8080!


Congratulations, you have successfully completed this IBM Containers lab!. In this lab, you learned how to tag and push local images to Bluemix, inspect pushed images for security vulnerabilities, and run hosted multi-container applications on IBM Containers.

Now you can take the hands-off approach to all your future application deployments!


If you plan to do another lab, you need to clean up your container instances. This can be done through the UI and the DELETE button on each container, or you can do this through the CLI with the cf ic rm -f [CONTAINER_NAME] command.

$ cf ic rm -f lets-chat
$ cf ic rm -f mongo

Verify security vulnerabilities

One of the fundamental aspects of Docker containers is reuse and the ability to base your containers on top of other containers. IBM Containers provides Vulnerability Advisor, a pre-integrated security scanning tool that will alert you of vulnerable images and can even be configured to prevent deployment of those images.

  1. Go to the Bluemix Dashboard and click on CATALOG.
  2. Hover over the purple icon for Mongo. This is the Mongo image that you pulled from the public DockerHub registry and pushed into your private registry.You will see a pop-up with the vulnerability assessment shown inline. This is a red/yellow/green scale. Your Mongo image should be a green status of Safe to Deploy.
  3. Click on the Mongo image and you are taken to the container deployment page. You won’t deploy your container from here, but you can see the vulnerability assessment in full detail.On the right side of the screen, you can see your image’s Vulnerability Assessment as well as your quota information. The icon should read Safe to Deploy based on your Mongo image upload.
  4. Click on View the vulnerability report for this image. This will bring you to the assessment details page with two tabs:Vulnerable Packages and Policy Violations.
  5. Click on Manage your org’s policies. Here you are presented with two boxes – Deployment Settings for Containers and Image Deployment Impact
  6. Return to the Bluemix Catalog and review the vulnerability assessment for the Let’s Chat image. You can do this by clicking on the purple lets-chat icon and viewing the same vulnerability information on the right hand side of the page.

You have reviewed your pushed images, which were sourced from a public repository, and can now safely deploy them on your hosted Bluemix account. This is a key step in making sure you are running the code which you expect to be running and you are not opening your organization up to security issues, at the expense of agility. You still want to stay secure, even when moving at light-speed!

Push images to Bluemix

It is time to tag them for use in IBM Containers on Bluemix. To do so, you will need to tag them with the repository name you created when you setup your Bluemix account for IBM Container usage.

  • Log in to Bluemix

     $ cf login
     API endpoint:
    Targeted org
    Select a space (or press enter to skip):
    1. BAO-TW
    2. Scheduler
    Space> 1
    Targeted space BAO-TW
  • Log into the IBM Containers service

     $ cf ic login
    Deleting the old configuration file...
    Retrieving client certificates from IBM Containers...
      Example Usage:
      docker ps
      docker images
  • First tag your MongoDB image.

  • Remember to use your namespace from the first command below to replace[NAMESPACE] in the tag and push commands below.List your images:
    $ docker images
    REPOSITORY                                               TAG
    mongo                                                    latest
    sdelements/lets-chat                                     latest

    Make note of your namespace:

    $ cf ic namespace get

    Tag your Mongo image in a Bluemix-compatible format:

    $ docker tag mongo

    List your images again, now showing the newly tagged image:

    $ docker images
    REPOSITORY                                               TAG
    mongo                                                    latest                       latest
    sdelements/lets-chat                                     latest

    The IMAGE ID stays the same and allows us to reuse the existing container image as-is.

  • Next, tag your Let’s Chat image.

  • Push commands below.Tag your Let’s Chat image in a Bluemix-compatible format:
    $ docker tag sdelements/lets-chat

    List your images again, now showing the newly tagged image:

    $ docker images
    REPOSITORY                                               TAG
  • Wrap  Let’s Chat image with a simple Dockerfile

    To ensure network connectivity, create a new directory called wrapper

    $ mkdir wrapper

    Switch to that directory and run the following command to create a Dockerfile

    $ cd wrapper
    $ echo "FROM sdelements/lets-chat:latest" > Dockerfile
    $ echo "CMD (sleep 60; npm start)" >> Dockerfile

    This will create a new Dockerfile that we can build a temporary image from.

    $ docker build -t .

    Use this image below to push to Bluemix instead of the base lets-chat image.

  • Push to private registry on Bluemix.

    This allows the IBM Container service to run your container images on the cloud.

    Push your Mongo image to your Bluemix registry:

    $ docker push
    The push refers to a repository [] (len: 1)
    Sending image list
    Pushing repository (1 tags)
    Pushing tag for rev [202e2c1fe066] on {}

    Push your Let’s Chat image to your Bluemix registry:

    $ docker push
    The push refers to a repository [] (len: 1)
    Sending image list
    Pushing tag for rev [2409eb7b9e8c] on {}

    Now your images are up in the cloud, in your hosted registry, and ready to run on Bluemix! But first, take a moment to understand what is inside the images you just pushed!

Pull public images

This lab work with two public images, Let’s Chat and MongoDB. First, you will need to pull them down locally before you can tag and push them to your private Bluemix registry.

  Pull the MongoDB image

  • $ docker pull mongo
    Using default tag: latest
    latest: Pulling from library/mongo
    Digest: sha256:223d59692269be18696be5c4f48e3d4117....
    Status: Downloaded newer image for mongo:latest

    Pull the Let’s Chat image

    $ docker pull sdelements/lets-chat
    Using default tag: latest
    latest: Pulling from sdelements/lets-chat
    Digest: sha256:98d1637b93a1fcc493bb00bb122602036b7....
    Status: Image is up to date for sdelements/lets-chat:latest

    Verify image by running locally

    Start a Mongo instance:

    $ docker run -d --name lc-mongo mongo  

    Start a Let’s Chat instance:

    $ docker run -d --name lets-chat --link lc-mongo:mongo -p 8080:8080 sdelements/lets-chat

    Access through browser

    In your browser, access http://localhost:8080.

    Stop local containers

    After verify images, these container are not required in following lab.

    Test Stop the containers:

    $ docker stop lets-chat lc-mongo

    Delete the containers:

    $ docker rm lets-chat lc-mongo

    Congratulations, you’ve pulled and run your first Docker-based web app. Now you will prepare the images to run them on the IBM Containers service in the cloud.

Deploy a container through the command line

  1.  You can verify connection via cf ic images. This will show a list of all the images in your organization’s repository, which should be the four public IBM images so far.
        $ cf ic images
        REPOSITORY                                                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE                         latest              ef21e9d1656c        13 days ago         528.7 MB                                 latest              2209a9732f35        13 days ago         492.8 MB                                    latest              8f962f6afc9a        13 days ago         429 MB                    latest              5996bb6e51a1        13 days ago         770.4 MB
  2. You will be using the IBM Containers plug-in. You can run help for more information   $ cf ic help

  3. To create a container deploying the IBM Liberty container image again:cf ic run --name container-lab-1 -p 9080 -m 64
    • -p specifies the exposed port of the image, similar to the Ports field in Task 2, Step 9 above.When you specify a port, you are making the application available to the Bluemix Load Balancer and other containers attempting to access that port. If a port is specified in the Dockerfile for the image that you are using, include that port.For the IBM certified Liberty Server image, enter port 9080 via -p 9080.
      For the IBM certified Node.js, enter port 8000 via p 8000.
      If you plan on logging in to the container via SSH, add port 22 via -p 22.
    • --name specifies the name you can use to refer to the container
    • -m specifies the memory limit (and associated storage capacity), similar to Task 2, Step 7 above
    • is the repository name for the image as displayed by the cf ic images command
  4. To check that the container has been deployed successfully, run the cf ic ps -a command to show all the container artifacts that have been created or deployed in your organization.
        $ cf ic ps -a
        CONTAINER ID        IMAGE                                                            COMMAND             CREATED            STATUS                  PORTS                                                                                     NAMES
        a055ba5e-77b                     ""                  5 minutes ago      Running 4 minutes ago   134.XXX.YYY.ZZZ:9080->9080/tcp                                                             container-lab-1
  5. Now you can assign a public IP to the container. The cf ic run command will proactively attempt to request and bind a public IP address for your container instance if there is room left in your IP Quota. By default, you have 2 Public IP addresses in your quota.If your cf ic ps -a command returns your Liberty container with ports in the form of 134.XXX.YYY.ZZZ:9080->9080/tcp, then your container already has an assigned Public IP address and you can skip the next step.
  6. (Optional) You will first list all requested Public IP addresses and then bind an available IP address to your running container instance.
        $ cf ic ip list -a
        Number of allocated public IP addresses:  2
        IpAddress         ContainerId   
        134.XXX.YYY.174   df6ba7fd-436e-4d57-a69b-4228e19cadc1   

    Choose an IP address that is not bound to a container. Note that in Bluemix, you are allocated 2 Public IPs free of charge. If you do not have any public IP addresses available to complete the lab, use the cf ic ip release command to release one. In a real environment, contact your Bluemix organization administrator to provision additional public IP addresses for your organization.

    Once you have identified the desired IP address (selecting 134.XXX.YYY.175 from above), you run the cf ic ip bindcommand to associate a running container instance to a public IP address. The cf ic ip bind command takes either the container name or the container ID as the second argument to support scriptable interactions.

          $ cf ic ip bind 134.XXX.YYY.175 container-lab-1
          Successfully bound IP
  7. Validate access to the container through the browser. Run cf ic ps -a once again and copy the public IP address associated with your container. Enter this value into your browser via http://%5BPublic_IP_Address%5D:9080 and you should see the Welcome to Liberty landing page.
  8. Since both the UI and the CLI are working with the same backend, you can view your newly CLI-created container instance in the UI as well. This can be done by returning to the Bluemix Dashboard.
  9. Click on CONTAINERS in the left-hand menu. Your dashboard is now filtered to show your running container instances. Clicking on the square with the container-lab-1 title will take you to the container overview dashboard. From here you have access to the same Monitoring & Logging, as well as the controls available to Stop, Pause, Restart, & Delete containers.


Congratulations, you have successfully completed this IBM Containers lab! You learned how to work with IBM Containers, and deploy Docker images onto Bluemix through the UI & CLI.


If you plan to do another lab, you need to clean up your container instances. This can be done through the UI and the DELETE button on each container, or you can do this through the CLI with the cf ic rm -f [CONTAINER_NAME] command.

5. Install the IBM Containers plugin

Ref: Install IBM Container plugin@Step3


Instead of using the depreciated IBM® Containers Extension (ice), use the Cloud Foundry plug-in for IBM Containers after 2016-Jan.

  • Install the IBM Containers Cloud Foundry plug-in download for your operating system by running one of the following commands.
    Table 2. Cloud Foundry plug in commands
    Operating system Command
    Linux 64-bit
     $ cf install-plugin

    When the installation completes, an OK message is displayed.Verify the plug-in installation


Verify the plug-in installation

$ cf plugins

Listing Installed Plugins…

Plugin Name Version Command Name Command Help
IBM-Containers 0.8.826 ic IBM Containers plug-in


Logging in through CLI

Log in to Bluemix through the Cloud Foundry CLI

$ cf login -a
  1. For Email, enter the IBM ID that you use to log in to Bluemix.
  2. For Password, enter the password for the IBM ID that you use to log in to Bluemix. By entering your user name and password, your Bluemix organization and space are retrieved.
  3. Enter the number that represents one of your Bluemix organizations.
  4. Enter the number that represents one of your Bluemix spaces

Log in to the IBM Container service

$ cf ic login


Bluemix Container Lab @ Windows


There are many configuration to enable Bulemix devops process. Here I show is the easiest way for lab.

  1. Install Docker@Windows
    Install Docker Toolbox
  2. Sign up for an IBM Bluemix account
  3. Install IBM Containers plugin
    Table 1. Two ways to install plugin @ Windows
    Operating system Command
    Windows 7 64-bit
    Linux 64-bit@VirtualBox


  4. Sign up for IBM Containers in IBM Bluemix
    • From the Bluemix dashboard, click Start Containers
    • You will be prompted to Set registry namespace.
    • Enter in a registry name, cannot be changed afterwards. This registry name is used across your account when using the IBM Containers service.

Read more…

2. Install Docker


Docker Installation reference

Update apt sources

To set APT to use packages from the new repository:

  1. Open a terminal window.
  2. Update package information, ensure that APT works with the https method, and that CA certificates are installed.
     $ sudo apt-get update
     $ sudo apt-get install apt-transport-https ca-certificates
  3. Add the new GPG key.
    $ sudo apt-key adv --keyserver hkp:// --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
  4. Open the /etc/apt/sources.list.d/docker.list file in your favourite editor.If the file doesn’t exist, create it. For example,$ sudo vi /etc/apt/sources.list.d/docker.list 
  5. Remove any existing entries.
  6. Add an entry for your Ubuntu operating system.The possible entries are:
    • On Ubuntu Trusty 14.04 (LTS)
      deb ubuntu-trusty main

    Save and close the /etc/apt/sources.list.d/docker.list file.

  7. Update the APT package index.
    $ sudo apt-get update
  8. Purge the old repo if it exists.
    $ sudo apt-get purge lxc-docker
  9. Verify that APT is pulling from the right repository.
    $ sudo apt-cache policy docker-engine

    From now on when you run apt-get upgrade, APT pulls from the new repository.

Prerequisites by Ubuntu Version

For Ubuntu Trusty and Wily, it’s recommended to install the linux-image-extra kernel package. The linux-image-extra package allows you use the aufs storage driver.

To install the linux-image-extra package for your kernel version:

  1. Open a terminal on your Ubuntu host.
  2. Update your package manager.
    $ sudo apt-get update
  3. Install the recommended package.
    $ sudo apt-get install linux-image-extra-$(uname -r)
  4. Go ahead and install Docker.
  5. Install apparmor is required. You can install it using:
    $ sudo apt-get install apparmor


Install Docker

Then, install Docker using the following:

  1. Update your APT package index.
    $ sudo apt-get update
  2. Install Docker.
    $ sudo apt-get install docker-engine
  3. Start the docker daemon.
    $ sudo service docker start
  4. Verify docker is installed correctly.
    $ sudo docker run hello-world

    This command downloads a test image and runs it in a container. When the container runs, it prints an informational message. Then, it exits.

Create a Docker group

The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can access it with sudo. For this reason, docker daemon always runs as the root user.

To avoid having to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.

To create the docker group and add your user:

  1. Create the docker group and add your user.
    $ sudo usermod -aG docker osboxes
  2. Log out and log back in.This ensures your user is running with the correct permissions.
  3. Verify your work by running docker without sudo.
    $ docker run hello-world

    If this fails with a message similar to this:

    Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?

    Check that the DOCKER_HOST environment variable is not set for your shell. If it is, unset it.

My playground

Post Navigation