Machine Learning Cloud Getting started guide
March 4th, 2020 Tübingen Outline • Who, what, how, … what again? o Our Cloud Infrastructure o Openstack, Storage, ... • General basics o SSH o DNS & TLS, … • Openstack basics: images, flavors, security groups, networks, floating IPs • Usage Terms, • VMs & Baremetal basics • How to create, connect and use • VM Hardening • Difference VM vs. Baremetal • GPUs (Driver, CUDA, within Docker) • Storage: Cinder, Quobyte, S3, WebDAV • Cloud-based services: Gitlab, Nextcloud, … • Docker • Support Who are we ...
[email protected] [email protected] [email protected] [email protected]
07071 - 29 70282 Openstack – ML-Cloud
Physical infrastructure ML-Cloud - TTR2 server room
• 14x 1G Switches & 10x 40G Switches • 2x Provisioningmachines • 2x Loadbalancer • 3x Openstack controllers
• 11x Storage servers (~1.8 PB, Quobyte software) • 12x GPU - Hypervisors with 4x Tesla V100 32GB RAM (NVLINK possible) • 7 Baremetal machines with 8x RTX 2080Ti 11GB RAM Insufficient cooling: Automatic server shutdown possibly without warning Openstack – what it is
Most used open source IaaS platform o based on python, sql, messaging, http REST APIs, … o started by NASA & Rackspace, currently involved Companies: Red Hat/Ubuntu/Mirantis/... o commercially used (Telekom, …): Projects, Quotas o 2 major releases a year
Multiple Services/Components o required: Keystone(Identity), Nova(Compute), Neutron(Network), Glance(Image) o optional: Horizon(Dashboard), Cinder(Blockstorage), Heat(Orchestration), Magnum(Container Orchestration), Barbican(Key Management), Swift(Objectstorage), …
Some cons … o complex installation & configuration o sometimes confusing documentation o updates & long term support (-->Sardina) Openstack – How it works Openstack – ML-Cloud Storage - Quobyte
LDAP
Load - balancers
Switches Openstack – how to use/access it
• WebGUI: https://mlcloud.uni-tuebingen.de
• Commandline tools: (apt|yum) install python-openstackclient openstack help
• python modules (python-openstacksdk)
• or the http API itself https://mlcloud.uni-tuebingen.de/identity/v3/auth/tokens POST { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "admin", "domain": { "name": "Default" }, "password": "devstacker" } } } } } General Basics - SSH
• secure shell • connecting to remote machine • Being able to work on remote machine as you were sitting right in front of it • Linux: $ ssh • Windows: use e.g Putty Client Generating ssh keys (Linux)
• If you are using a Linux machine, open a terminal and enter the following: • $ ssh-keygen -t rsa -b 2048 • This creates a new ssh key. When you're prompted to "Enter a file in which to save the key," press Enter. • > Enter a file in which to save the key (/home/you/.ssh/id_rsa): [ Press Enter ] • At the next prompt, type a secure passphrase. • > Enter passphrase (empty for no passphrase): [Type a passphrase] • > Enter same passphrase again: [Type passphrase again] • Now you have created a public ssh key which can be found in /home/you/.ssh/id_rsa.pub • The public key is pasted into Openstack. Generating ssh keys (Windows)
• If using Windows, use puttygen.exe to generate ssh keys. • Select "RSA" as type of key and enter "2048" or more for number of bits. • Click on generate. Generating ssh keys (Windows)
• Enter a secure passphrase. • Click on "Save public key" to save the key on your disk. • Click on "Save private key" to save it in .ppk format on your disk. • You will use these keys with Putty to open a ssh session. • Now copy the generated public key and paste it into Openstack. General Basics - SSH
You are using Windows: You are using Linux or MacOS:
1. Start Putty # generate key 2. Go to Session and type Hostname ssh-keygen -f cloud-key 3. Get IP from Openstack Dashboard 4. You can save a session and use it again # login ssh -i cloud-key centos@
[email protected] General Basics - port tunneling (OpenSSH)
Route
Network A Network B some host/jumphost • IP = 134.2.168.180 • Ssh connect via [email protected] VM
Your workstation Machine/VM you want to login to --> localhost with Port 8444 open • Not in your network • IP = 192.168.212.46 • Connection to Website over HTTPS (Port 443)
ssh –L PORT_LOCALHOST:IP_YOU_WANT_TO_BE_CONNECTED_WITH:PORT_ON_THAT_MACHINE jumphost • ssh –L 8444:192.168.212.46:443 [email protected] • Open a browser & enter: https://localhost:8444 General Basics - port tunneling (Putty)
1. Start Putty. 2. Go to Session and type Hostname/IP of the jump host. 3. You can save a session and use it again later. 4. Go to Connection > SSH > Tunnels 5. Enter a port of your choice in Source Port 6. Enter the destination address (the machine accessible from the jump host but not your local machine) along with the port on the destination server. 7. Click Add to add it to the list of tunnels. 8. Click Open to start ssh tunnel. 9. Type in the password for your ssh keypair when prompted. General Basics - Shell
man
Users deploying VMs must take care of them:
VM owners must harden their VMs to avoid/prevent abuse.
No password or ssh-key sharing!
Errors, flaws or loopholes must be reported.
All illegal activities will lead to legal measures. General Basics – DNS/TLS
Domain Name Service
• Translates IP addresses to domain names and vice versa • Not 1 DNS but many hierarchically ordered: *.mlcloud.uni-tuebingen.de controlled by ZDV networkers (DFN: no wildcards) • domain records only make real sense with TLS certificates
Transport Layer Security
• Secures network traffic • Use TLS 1.2 or 1.3: previous versions are unsafe/deprecated • TLS certificates used for HTTPS and other protocols(not ssh) • Provides authentification (and starts encryption) • Certificate are associated with one or more domains (incl. wildcards) • requireDNS entries • DFN > lets-encrypt > own CA > self-signed > no encrytion General Basics - Security
SSH Keys • Use ssh keys with password, encrytion type = rsa and encryption depth ≥ 2048bit ssh-keygen -t rsa -b 4096 • Keep your private key secret! Do not share it with other people!
Networks & Firewalls • Use whitelistingin every context with firewalls (security groups) --> block everything and allow only connections from and to Ports / IP-address-ranges you need
Downloads • Downloads only from reliable sites, whenever possible use https • If available: check (GPG) signatures after downloadingrepos, software, etc.
Regularly perform security updates Stop and deactivate services and containers you no longer need Openstack Basics Projects
• Permissions • Users/Members • Ownership & Quotas
Flavors Images Hardware setup of your VM Software setup of your VM
• defines ressources --> • Linux distributionswe support: • CPUs • CentOS • GPUs (names) • Ubuntu LTS • RAM • we can create additional flavors on • Your own images demand. • Public/Private/Shared Openstack Basics - Networks local_network 192.168.0.0/24 We use ... • a physical 40G network: Openstack, Storage • VLANs for securing the physical network by dividing it into separate virtual networks. bmprov Openstack Networks 192.168.212.0/22 • VXLAN: self-service, storage limitations, no BM • FLAT/VLAN: provider - can be set up for groups and sensitive projects individually, fast qbstorage local (not routed) IPv4 networks 192.168.128.0/22 • 10.0.0.0/8: 10.0.0.0 – 10.255.255.255 • 172.16.0.0/12: 172.16.0.0 – 172.31.255.255 • 192.168.0.0/16: 192.168.0.0 – 192.168.255.255 osprovider public IPv4 network: osprovider 134.2.168.0/24 Openstack Basics - Access
Floating IPs: "Direct" Access Jumphost: "Indirect" Access
• IP of specific network: public/bmprov • Specific VM with a public IP for access
• Quota: Each project has a limited amount • May have the only purpose of getting access to other VMs or baremetal machines you cannot • Can be allocated to a project reach directly for security or other reasons
• Can be associated and disassociated to VMs: • Different access methods: The VM doesnt know about it 1. ssh to Jumphost via Floating IP, then ssh to internal machine • Used for direct access from remote host / 2. port forwarding different network 3. proxy internal ports onto public ip of the jumphost • Not working for baremetal machines Openstack Basics - Security Groups
• Using security groups you restrict access to your VMs • A security group consists of multiple network access rules • A simplified firewall for VMs: filter source/protocols/ports
• When you launch an instance, you can assign one or more security groups to it. • If you do not specify security groups, new instances are automatically assigned to the default security group.
You are in charge to secure your VMs!
• Create new security groups. • Add or delete rules to existing security groups (be aware of other machines) • Whitelisting: Only allow what you really need, block the rest. Project > Network > Security Groups Security Groups
Protocol: e.g. TCP for SSH, ICMP for ping or UDP.
Destination port on virtual machine: Define a port range. To open a single port only, enter the same value twice. ICMP does not support ports; instead, you enter values to define the codes and types of ICMP traffic to be allowed.
Source of traffic: Enable traffic to instances from • Networks (IP Ranges) • Members of other security groups: Separate VMs within the same network Security Groups
• Security groups are project specific • The default security group contains ssh&icmp and is managed by admins
• VMs can use multiple security groups. It can cause problems if the rules of different security groups overlap: e.g. if outgoing IPv4 connections are allowed in multiple used security groups.
• We therefore recommended to use one base security group like default and additional extending security groups that add functionality: e.g. +http, https which would only whitelist tcp port 80 and 443. • Be descriptive, distinguish extending security groups from base groups e.g. add + to the name VM Basics
Login to Openstack https://mlcloud.uni-tuebingen.de/dashboard/auth/login/
Unified Identity Management • LDAP credentials for • Nextcloud • Gitlab • Openstack
• Use your LDAP credentials (initially set new password via Nextcloud) • Openstack: use Domain "ldap" Switch to English Adding ssh keys to Openstack
• Go to Project > Compute > Key Pairs • Click on "Import Public Key". • Either paste the public key manually or load it from the public key file you created. • /home/you/.ssh/id_rsa.pub VM Basics
• A VM behaves like a remote Linux machine • It is accessible through its public IP and ssh using keys VM Basics – how to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Details… • Source… • Flavor... • Networks... • Security Groups... • Key Pair... VM Basics – how to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Details --> VM Basics – how to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Source --> VM Basics – how to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Flavor --> VM Basics - How to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Networks --> VM Basics - How to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Security Groups --> VM Basics - How to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Key Pair --> VM Basics – how to create a VM
--> Project / Compute / Instances
• 'Launch Instance' • Details • Source • Flavor • Networks • Security Groups • Key Pair
--> Launch VM Basics – how to connect to a VM
1. Associate a Floating IP with your VM
2. Connect via ssh
Within a VM as ubuntu/centosuser you have passwordless sudo access
1. Update OS • CentOS: sudo yum update • Ubuntu: sudo apt-get update && sudo apt-get upgrade
2. Install software • CentOS: sudo yum install ... • Ubuntu: sudo apt-get install ...
3. Have a look on security groups and network/ports 1. Check Openstack security groups 2. Restrict everything and only allow what is necessary: White-listing
4. Make snapshots/backupsof your well-configured VM. (Be aware of databases.)
Once a VM is deployed we (the admins) cannot modify it: Everyone is responsible for her / his VMs! VM Hardening – some practices
• Secure your virtual machines just the way you would secure a physical server. • Regularly update • Do not open unsecure access points • Do not mess with default ssh settings, potentially use fail2ban • Do not leave sessions open unless required. • Do not store unprotected credentials on disk. • Disable/remove unused or unnecessary services/software in the OS. • Maintain proper logging to backtrack the origin of unusual activity. • For the paranoid: • Use log rotation to protect against DoS attacks that cause log files to grow. • Install antivirus agents, spyware filters, firewalls on the guest OS and keep them up to date. • Intrusion detection: tripwire, track /etc with signed git-commits, … Baremetal servers
What it is?
What is the differenceto a VM?
Why are we going to use it?
When are we going to use it?
First steps & how to create a baremetal instance
Attention for baremetal instances Differences VM vs. Baremetal
Type 2 Hypervisor: VMs deployed with libvirt/qemu-kvm Baremetal
VM 1 VM 2 VM 3
App 1 App 2 App 3
Host operating system
Infrastructure Differences VM vs. Baremetal
VM (Virtual Machine) Baremetal
• Virtual instance --> Running on a • Physical machine --> physical instance Hypervisor managed by Openstack Nova • Apps are running directly on top of OS • Apps are running within VM • All resources of the machine are accessible • Owned by specific users for all users on that machine
• Created & managed by user • Owned by group of people
• Accessible via Floating IP • Created & managed by Openstack Ironic and admins
• Only accessible via JumpHost Baremetal
• Why are we using baremetal?
We will have Custom GPUs from NVIDIA
Custom GPUs (e.g. RTX 2080) from NVIDIA cannot be virtualized --> cannot be used within VMs!!!
+ Device pass-through prohibited by NVIDIA technically within virtualization environments + EULA restrictions for data-centers, not allowed to use Custom GPUs (GeForce)
• We use Openstack Ironic for realizing access to those GPUs / servers • Grown out of Openstack Nova service for VMs • For VMs are totally different in their structure the deployment process of baremetal nodes is partly problematic • Not established very well yet --> BUT getting better with time/releases Baremetal
When will baremetal servers be available?
Depends on following:
• servers will arrive earliest ~ April/May 2020
• configure time (~65 - 70 nodes need to be configured manually)
• Servers will be preconfigured from admins
• BIOS and firmware configuration for each server • ipmi user configuration • Ironic 1. step: Logical node creation for each server
• Done by users:
• Ironic 2. step: Instanziation of the logical nodes to baremetal instances via Dashboard • Copy ssh key from Admins to server How to create a baremetal instance
'Project' --> 'Compute' --> 'Instances' 'Launch Instance'
Details
• Availability Zone = ironic !!! How to create a baremetal instance
Source = Image
• Centos7BM for Centos • BionicBM for Ubuntu How to create a baremetal instance
Flavor
Only baremetal usable !!! How to create a baremetal instance
Network
Use bmprov as network Quobyte will be available there How to create a baremetal instance
Key Pair
Use your own Key
--> 'Launch Instance' --> launching baremetal instance needs some time! Please be patient and wait till the instance is up. First steps after creation of baremetal instance
1. Create separate small VM (=Jumphost) within bmprov network! 2. Attach a Floating IP to your newly Jump-VM-Host 3. Do $ ssh -A os_name@floating_IP , you are now logged into your Jump-VM 4. From there $ ssh os_name_baremetal@IP_baremetal_instance
--> Your logged into your baremetal server !
5. add the baremetal_admin public key to /home/OS_NAME/.ssh/authorized_keys of the baremetal server (you get the key from gitlab wiki --> Baremetal)
6. update your system --> Happy working Attention for baremetal instances
• You are NOT allowed to change any BMC settings
• You are NOT allowed to change any BIOS configurations
• You are responsiblefor all what happens on the machine
• Be aware of you are working with real hardware! E.g. Hard reboot of the machine may destroy settings
• Add our ssh-key (for zabbix-monitoring and emergencies) to the server! Otherwise we will stop the machine GPUs
Getting the drivers
CUDA – what it is
GPU usage within Docker GPUs – Driver CentOS Ubuntu • Check GPUs: $ sudo lshw -numeric -C display • Check GPUs: $ sudo lshw -numeric -C display • For Tesla V100 e.g: $ sudo wget • Download driver (RTX2080Ti): $ sudo wget http://us.download.nvidia.com/tesla/440.33.01/NVIDIA- http://us.download.nvidia.com/XFree86/Linux- Linux-x86_64-440.33.01.run x86_64/440.59/NVIDIA-Linux-x86_64-440.59.run For getting the link: You can just search for you GPU on the NVIDIA website and click • Update OS: $ sudo apt-get update youself until 'Agree and download' buttons appears. Now right click on button and copy Link.. $ sudo apt-get upgrade • Install prerequisits: $ sudo apt-get install linux-headers- • Update OS (centos): $ sudo yum update 4.15.0-70-generic • Install prerequisits: • Reboot your VM / Baremetal node 1. $ sudo yum install groupinstall "Development Tools" • Install driver: $ sudo bash NVIDIA-Linux-x86_64-* 2. $ sudo yum install kernel-devel epel-release • Test with $ sudo nvidia-smi --> GPUs should be listed within 3. $ sudo yum install dkms a table • Disable Nouveau Linux driver if it is enabled • Reboot your VM / Baremetal node • Install NVIDIA driver: $ sudo bash NVIDIA-Linux-x86_64-* • Test with $ sudo nvidia-smi --> GPUs should be listed within a table GPUs – CUDA - Compute Unified Device Architecture
What it is? • API and platform for NVIDIA GPUs and parallel Computing • Runtime-environment • Libraries • Development tools • Compiler • Allows usage of GPUs next to CPUs to let processes run in parallel on these GPUs and/or cores • C, C++, Python, Fortran... • Support for Tesla and GeForce cards
Advantages • Speed up processes by using GPUs • Optimum usage of ressources possible
Where to get? • Download from NVIDIA when not using Docker only • Docker images will have CUDA Toolkit installed (no need to install it on VM / host when only using Docker) GPUs – CUDA + Docker
• Since Docker version 19.03 NVIDIA GPUs are natively supported as Docker devices
• NVIDIA container toolkit • with Docker 19.03 + NVIDIA driver as prerequisits
• CUDA itself needs not to be installed on the VM / host itself
• Nvidia-docker2 users can upgrade to NVIDIA container toolkit Storage Infrastructure Backend: Quobyte • 11x storage servers • commercial XtreemFS fork • 2x 40G connections per server • 3x replicated OR some EC, stripes • ~1.7 PB HDD • Quotas/Locks/Georeplication • ~100 TB SSD • no encryption (yet) • (volume) access-management via certificates • maintenancejobs
Feature Cinder Native QB S3 (future) Nextcloud/ WebDAV shared ✓ ✓ ✓ docker image location ✓ hosts VM VM, BM public public self-managed volumes ✓ (probably) no ✓ ✓ backup manual: metadata snapshots metadata snapshots automatic snapshots many (small) files ☹ Storage - Cinder (Openstack)
1. Openstack dashboard Project > Volumes > Volumes: Create Volume --> Use Type "quobyte"
2. Attach volume to specific VM Project > Volumes > Volumes: Manage Attachements or Project > Compute > Instances: Attach Volume
3. Format and mount it within the VM: mkfs.xfs /dev/vdb # once per volume mount /dev/vdb /mnt/cvolume01
Volumes can only be attached to one VM at a time! Storage - native Quobyte mount For a VM within the network "qbstorage.4005". Also requires a client cfg with certificate+key we provide
• Quobyte Storage mount echo "deb http://192.168.130.6/quobyte/apt bionic main" | sudo tee -a /etc/apt/sources.list wget -qO - http://192.168.130.6/quobyte/apt/pubkey.gpg | sudo apt-key add - sudo apt update sudo apt install quobyte-client
• QB mount prep (once per VM) echo "* hard nofile 65536" | sudo tee -a /etc/security/limits.conf echo "* soft nofile 32000" | sudo tee -a /etc/security/limits.conf logout # important! # login again ...
• QB mount sudo mkdir -vp /mnt/POINT0 sudo mount.quobyte 192.168.128.1:7861,192.168.128.2:7861,192.168.128.3:7861,192.168.128.4:7861/VOLUME_NAME /mnt/POINT0
• or add following line to/etc/fstab 192.168.128.1:7861,192.168.128.2:7861,192.168.128.3:7861,192.168.128.4:7861/VOLUME_NAME /mnt/POINT0 quobyte defaults,limit-nofile=32000 0 0 Storage - S3
Amazons Simple Storage Service protocol implemented by Quobyte
• Based on http REST API • Many clients (not all are compatible to the QB implementation) • File location is a URL https://s3.mlcloud.uni-tuebingen.de/bucket-name/prefix/to/file.suffix OR https://buckt-name.s3.mlcloud.uni-tuebingen.de/prefix/to/file.suffix • Can be used to host static web content • Good: requires extra S3 credentials generated by Openstack • 2 Modes: publish QB volumes or generate isolated buckets • ACLs (per Openstack project) on individual files
• Currently unavailable until some bug/feature is fixed WebDAV
[yum|apt-get] install davfs2 usermod -aG davfs2 user01 mkdir –vp ~/nextcloud ~/.davfs2 cp /etc/davfs2/secrets ~/.davfs2/secrets chown user01:user01 ~/.davfs2/secrets chmod 600 ~/.davfs2/secrets
Append nc.mlcloud.uni-tuebingen.de/nextcloud/remote.php/dav/files/USERNAME/ user01
This requires your main ML-Cloud credentials within hosts (VMs) which should be avoided Data Handling
• VM root disks: local, fast and (sometimes) not redundant
• many small files: slow QB maintenance tasks. Imagenet Workflow: cd /local/user01/data/ tar -xf /mnt/qb/group/user01/data.tar .
• Metadata/QB Updates • Avoid watch and constant refreshing • Avoid open shells ML-Cloud Services
Nextcloud • User "home" directory • Service currently used for password management • Many different clients on many different hosts (VMs, smartphones, …) • Additional apps/features enabled on request
Gitlab • External users: Domain whitelisting for registration, if you need collaborateurs • Potentially connected to compute resources (SLURM, k8s) for CI • Additional plugins/features enabled on request
Other services • k8s, jupyterhub • SLURM cluster • Suggestions?? DB servers for experiments Docker
• Docker is a tool that allows developers, sys-admins etc. to easily deploy their applications in a sandbox (called containers) to run on the host operating system. • The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit for software development. • Docker isolates applications from each other on the same host. • Docker containers share the host OS resources. Docker - Containers vs. VMs
• Containers will only share the resources of the • VMs include a complete operating system. It will host machine in order to run its environments. work independently and act like a computer.
• Containers leverage OS-level virtualization. • VMs virtualize hardware for the guest OS. Docker - Advantages of Containers
• Containers are efficient in using host resources. • Containers are lightweight and fast. • Images are more portable. "Build once. Run Anywhere" • Images are easily shared among a community. Docker - Terminology
• Dockerfile - a file that describes your steps in order to create a Docker image. It's like a recipe with all ingredients and steps necessary in making your dish. • Image – The basis of a docker container. It is a template that contains the application, and all the dependencies required to run that application. • Container - The image when it is 'running'. The standard unit for app service. • Registry – Stores, distributes and manages docker images. Docker - Common commands
• docker build – build an image from a Dockerfile • docker images – list all docker images on the host • docker run – run a docker image • docker ps – list running containers • docker rm – remove containers • docker rmi – remove images Docker example – pull image from docker hub
• Pull the tensorflow image from docker hub docker pull tensorflow/tensorflow • Start a bash shell session within a TensorFlow-configured container docker run -it tensorflow/tensorflow bash
• To run a TensorFlow program developed on the host machine: docker run -it -v $PWD:/tmp -w /tmp tensorflow/tensorflow python ./script.py • -v maps host directory to the the directory inside the container (in this case /tmp) and –w specifies the working directory inside the container. Docker - build your own image
You can build your own images: • You need to create a Dockerfile that specifies what the image will contain. • using the following command docker build –t
• Use official, popular, minimal base images. • Require images to be signed. • Run containers as users with least possible privileges. Try to avoid running containers as root. • Don’t store credentials in the image. Use environment variables to store credentials. • Don’t keep containers running for a long time without security updates. Build a fresh one regularly. • Limit the directories you map into the container. • Don’t bind container ports to 0.0.0.0 Open points
• User Management → map Working Groups → OpenStack Projects?
• Images: Standard Drivers & Software, Versions, Distributions (Ubuntu LTS, CentOS) → User Input
• Resource Distribution: dynamical? → Cloud Rat
• Baremetal Ironic servers → first get hardware
• SSD Usage → Tiering or just Cinder, Input Datasets?
• Backup → What and where? Don’t Panic! It is just like with an accident when calling 911 …
1. Who are you? • Login ID • a Phone number (If it is urgent and we have to work interactively)
2. Where are you? • Dashboard, VM (ID or name), elsewhere
3. What did you do? • Precise problem description • Commands, Environment, Openstack Request ID • Logs & Error messages
4. What was the desired outcome? • Be specific, not just "it should work"
5. When were you trying to do things? • Precise time information helps a lot when looking for errors Support & Documentation
Ask Admins [email protected] [email protected] [email protected] 07071 - 29 70282
Office hours in TTR2: Wednesday morning, room 40-7/A18
Public documentation on Gitlab wiki (… will be extended over time) https://gitlab.mlcloud.uni-tuebingen.de/doku/public/-/wikis/home
Please help: • add your own documentation to it • suggest additional topics • point out errors, improvements Backup Slides Docker example - build your own image
• Build the image (called installed_mongodb) from the Dockerfile. "." tells docker build to look for the dockerfile in the present directory docker build –t install_mongodb . • List all images to see if the image was built docker images • Run the image inside a container called mongodb_container docker run --name mongodb_container -i -t install_mongodb • List all containers to see if the container mongodb_container is up and running docker ps Docker example – build your own image
• In this Dockerfile, ubuntu is set as the base image. Then necessary commands and arguments are mentioned to install MongoDB. Port 27017 is exposed to MongoDB with default container command as usr/bin/mongodb # Set the base image to Ubuntu FROM ubuntu # Update the repository sources list and install gnupg2 RUN apt-get update && apt-get install -y gnupg2 # Add the package verification key RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 # Add MongoDB to the repository sources list RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' > tee /etc/apt/sources.list.d/mongodb.list # Update the repository sources list RUN apt-get update # Install MongoDB package (.deb) RUN apt-get install -y mongodb # Create the default data directory RUN mkdir -p /data/db # Expose the default port EXPOSE 27017 # Default port to execute the entrypoint (MongoDB) CMD ["--port 27017"] # Set default container command ENTRYPOINT usr/bin/mongodb Agent forwarding using Pageant Agent forwarding using Pageant