FEATURE
Empower Docker to Make
Sufficient Infrastructure
Available Effectively as well
as Efficiently for Learning
and Development
1. Introduction
Thanks to open source era, which ensured technology
changes to take place rapidly in Information Technology
(IT) industries. In order to embrace these new technologies,
companies rollout numerous initiatives. Every initiative re-
quires investments from time and money both standpoints
for skill building as well as competency development.
To build competencies and skills for various levels, techni-
cal trainings play a vital role. Usually the mode of train-
ings start from in-house class room based Instructor Led
Trainings (ILT), computer based trainings, online trainings,
on-job trainings with simulated project environment that is
achieved through developing of virtual projects.
To provide infrastructure for different types of training to do
hands-on is always a challenge. Each training needs specific
lab setup including different installation of operating sys-
tem along with necessary other package or application. The
54
By Dr B Thangaraju and Rajesh Srivastava
Operating System (OS) can be either Linux or Windows or
even other flavors of Linux (RHEL, Fedora, Ubuntu, Cen-
tOS etc.). Thanks to concepts of Virtualization such as VM-
WARE or Virtual Box or Kernel Virtual Machine (KVM)
due to which we could create virtual machines with the re-
quired operating system irrespective of host operating sys-
tem. However, installing VM is not only a very time con-
suming exercise but number of VM creation is limited also
because each VM consumes considerable amount of system
resources.
Today, online trainings replace the class room based train-
ings since it gives more convenience, flexibility and domi-
nance. However, it is always a face many issues to conduct
as well as monitor hands-on for the participants over online
trainings. Though commercial cloud Infra is available today
to provide lab environment for online trainings on the fly but
it comes with an additional cost. Apart from cost, flexibility
becomes a bottleneck as compared to tailor made develop-
ment environment in our local system.
DeveloperIQ | March 2016

This article describes step by step implementation proce-
dure to create Linux containers for system administration
trainings. The learning mode may be either Instructor lead
class room training or online WebEx trainings. It also dem-
onstrates to check participants hands-on activity through
online.
2. Evolution of Infrastructure Path
Let us dwell a little on evolution that has taken place in In-
frastructure space gradually.
Days are gone when one dedicated full loaded machine is
needed to perform feats in Linux world. It has been always
a topic of research to provide hands-on experience to the all
participants with appropriate infrastructure. Evolution has
always been a key. In the world of expensive infrastructures,
evolution is to provide same infrastructure and experience
with less investment.
It has not been possible to provide a dedicated and fully
loaded machine for getting hands on experience to the par-
ticipants in majority of the trainings, especially when there
are various technologies are involved as depicted in Figure
1. For every technology, a different set of infrastructural re-
quirement is needed.
Therefore, it becomes significant to optimize infrastructure
to cater to various technologies and make it available to all
participants to practice through hands-on exercises. The
evolution can be described in two tranches as follows:
2.1 Evolution Tranche 1
Keeping this into mind, hardware virtualization came into
existence that helped in big way as depicted in Figure 2.
DeveloperIQ | March 2016
FEATURE
Virtual Machines (VMs) had been solving a great problem
of costly machines through providing one server and con-
necting through VM sessions. Virtual Machine emulates
dedicated hardware. Apart from big cost saving, virtualiza-
tion has several other important advantages:
a) High Scalability through increased RAM, Disk Space
or CPU
b) Zero waiting period for new hardware
c) Simple layout from cable and wiring standpoints
d) Real Estate saving
2.2 Evolution Tranche 2
However, the biggest challenge with Hardware Virtualiza-
tion was that the system processes in VM used 90% of re-
sources. Hence, what is left for applications to use?
Yes, you are right. Just 10% resources are used by
application(s).
As we all know, necessity is the mother of invention. To
overcome this challenge, concept of Linux container came
into picture. Container focuses on Software level Virtualiza-
tion. While keeping the advantages of hardware virtualiza-
tion intact, the virtualization was done at Operating System
level. Figure 3 depicts many users with one system through
Docker container.
55
FEATURE
Software level virtualization has helped every participant to
have a clone of real system from all technical standpoints
to perform hands-on exercises. Also faculty or admin can
monitor each and every participant from remote.
2.3 Evolution Journey
Journey of hardware and software level virtualizations to
maximize utilization is depicted Figure 4 as its transformed
over a period of time.
3. How does it work - Detail
3.1 Docker An Open Source Tool
With the arrival of Linux containers, it is made possible to
spin off an isolated Linux system from a Linux host. Real
life hands-on based Linux trainings will surely help in solv-
ing real-world practical issues and practice to work in a
software project or product in open source arena. However,
creating individual system to do practical exercises is a her-
culean task that requires good amount of time, effort and
money. It requires many systems either virtual or physical
machines.
Thanks to Docker to solve this problem in a perfect way!
Docker is a Linux based container management tool and
each container is isolated from others in a server. We can
create required number of user accounts and allocate con-
tainer for each user dynamically. Each user will have expe-
rience as if they have their own individual system with root
privileges for their hands-on exercises.
56
Traditionally Docker is used mainly for service oriented
tasks such as executing a service with a dedicated contain-
er. For example, to run a Web Server, container based web
server replaces the full fledge Linux server efficiently. Effi-
cient in the sense that in general when we run a VM or Phys-
ical system, more than 200 processes run once the system
is up for use. These processes are mostly system processes,
needed to present GUI working environment for a user. But
to run a single service, this setup is redundant. Docker runs
in Linux host as a process i.e. inside the container only one
process runs. That means, if we launch a container in an in-
teractive mode, only shell will be running that allows us to
run a container with less consumption of system resources
compared to VM. Consequently we can run large number of
Docker containers in a server.
Figure 5 and Figure 6 show the screen shot of top command
output of virtual machine and Docker container respectively.
Figure 5. Top command screen shot in Linux Server
Figure 6. Top command output in Docker container
From the figures, you can make out, only 2 processes are
running in the container bash and top command, which
we execute in the bash shell. Whereas, the Figure 5, there
are 211 processes are running even though we havent run
any applications.
The advantage of using containers in simple term is agility.
DeveloperIQ | March 2016

Containers are lightweight, consume less of resources and
can be created or deleted instantly with a great performance.
In addition to this, a system administrator can monitor all
running containers resource utilization, their processes in
a specific container that enables them to debug running ap-
plication, when needed.
So while conducting technical training to provide hands-on
environments to good number of participants with Docker
container, faculty can monitor all containers effectively.
This helps faculty to take control of user systems and show
a demo or debug the faulty program.
Log file captures containers standard input, output and
errors. The log file remains in the server till we delete the
container. Container log file is captured in the server that en-
ables faculty to view participants working in offline mode
post training completion.
3.2. Container Internals
Let us discuss in brief about the internals of container. A
set of processes are called as a group. For each group, we
can set process attributes and proportionate share of sys-
tem resources like CPU, Memory, Disk space and Network
Interface. The cgroup feature takes care of allocation and
controlling of system resources for a group. The cgroup has
resource controller that monitors as well as keeps account-
ing for the resource usage. The cgroup is used by many of
its subsystems such as debug, devices, freezer, perf-event,
cpu, cpuset, cpuacct, memory, hugetlb, blkio, net-cls and
systemd. These subsystems can be viewed in /sys/fs/cgroup
directory. The process id inside the group is global therefore
it is NOT isolated from the host. However, our requirement
is to isolate each group.
Docker uses native Linux features mainly namespace and
cgroup. Namespace feature helps the group to isolate its pro-
cess ids from the host system. The isolation features are im-
plemented in mounted file system, UTS, IPC, PID, Network
and User. This way, each group is create as an isolated envi-
ronment for a user with the help of cgroup and namespace.
The interested readers can get more detail information about
DeveloperIQ | March 2016
FEATURE
cgroup from Control Groups Series by Neil Brown [1] and
namespace at Namespaces by Michael Kerrisk [2].
As illustrated earlier, virtual machines are hardware level
virtualization. One can envisage, that VM runs virtually on
hardware. Hypervisor is used in between VM and hardware
to provide virtualization capabilities. Though hypervisor
plays a role of an interface between host and VM but at a
high operating cost. Containers are operating system level
virtualization, to be more specific it is kernel level virtual-
ization that is made possible without Hypervisor.
Container runs as a user process inside the server helps mak-
ing every operation possible as it is done by a user process
such as creation, deletion, monitor, performance tuning etc.
At the same time, it is isolated from other system processes
in the server. Therefore, each container works as good as
stand-alone system. Container can have its own process ids,
mounted file systems, system resources, network and logs.
The execution of a container is achieved without adding any
overhead to the hypervisor, launching a container is miracu-
lously fast.
3.3. Lab Infra Setup for Technical Training
If one wants to communicate between two different systems
over separate networks, one needs to use socket program-
ming. Similarly communication between the host and con-
tainer is done by Docker as it is a client-server application.
The Docker daemon or client sends command to the server
and the server performs the task and returns as per clients
command.
Docker package contains command line client binary and
RESTful API. The system requirement as well as step by
step procedure for docker installation in various Linux dis-
tributions and Windows can be found in detail at [3].
The base Docker image can be downloaded from the docker
registry. The standard Linux flavors docker images is listed
in Figure 7.
57
FEATURE
In a typical training session, the system administrator will
create user accounts and share the login credentials to the
user. We keep the entire users login id in a file called as user.
txt, which is shown in Figure 9. Then we wrote a shell script
Figure 7. List of Docker base image to create container for each user and set the container name
is same as the users login id. This will help to identify the
First determine, the desired state of your system then identi-
owner of the running container. Figure 10 shows the script
fy what are the necessary packages are needed to do hands-
to create containers for each user.
on for a specific trainings. The different kinds of trainings
would be: UNIX basics and shell scripting, programming
language training courses like C, C++, JAVA, Python and
Ruby, UNIX Internals, Linux Systems Programming, Li-
nux System Administrations etc., Second, start and run the
container from the given list of Docker images based on
our choice, install the necessary packages, applications, list
of lab exercises, demo programs, manual pages, debugging
Figure 9. File to store user logins
tools, monitoring tools in the running container. Once you
verify all your lab exercises are working well in the contain-
er then commit the changes in the container and create your
own Docker image with appropriate name for example we
have run container using ubuntu base image and installed
necessary sysadmin packages and commit the changes in
the running container and created a new base image as sys-
admin as shown in Figure 8.
Figure 10. Script to create user container

Shell script can be executed by $sh <script name>, with x

option we can debug the script. Here, we used the x option
to understand how the containers are created by the script.
Figure 11 demonstrates the Docker creation steps with the
Figure 8. command to create sysadmin Docker image
user login ids.
Using these Docker images, one can launch container. The
pre-built images can be stored locally or can be download-
ed from Docker registry [4]. The Docker images contain
source code of the containers. Images are portable as well
as can be shared, stored and modified. One can build Docker
images as per specified requirement with built-in installed
packages and services.

The difference between container and image can be under-

stood as below:

a) Container is running an instance of a Docker.

b) Images are bundle of required software Figure 11. Step by Step execution of script

58 DeveloperIQ | March 2016


We can list all the created containers, which is as shown in
Figure 12.
Figure 12. List of created user containers
To monitor the computing resources utilization of the run-
ning containers, we can execute the command as: $docker
stats <container name(s)>. Figure 13 shows the resource uti-
lization output for the running users containers.
Figure 13. Monitor computing resource usage of running
containers
3.4. Monitor Progress during Training
Any user who logs in into the server, will start their own
container by executing the command:
$docker start <login id>
Then attach the container into their shell to get container
prompt:
$docker attach <login id>
After execution of the above command, the user will get the
container shell prompt to work on. This container works for
that the user as a system with supervisor mode.
As mentioned earlier as well for a faculty, it is always a chal-
lenge to monitor and debug user system remotely. Through
Docker, this challenge is overcome with ease. For example,
there are many containers are running in our system. One
DeveloperIQ | March 2016
FEATURE
of the owners for the running container is user6. if faculty
wants to see activities of user6, he or she can get static in-
formation in the corresponding container logs. Figure 14
shows the user6 logs.
Figure 14. User6 containers log file
Figure 15 shows how to monitor user6 container in real
time.
Figure 15. Monitor user6 containers activity in real time
through log file
It is always a requirement to get control of a user system to
debug their program or show a demo as needed. This feature
is easily incorporated through Docker. We need to just at-
tach to a specific container in our terminal. With an admin
privileges, a faculty can take control of participants con-
tainer to monitor or help participant as required.
Figure 16 illustrated on a faculty taking system control of
user6 through Docker attach command. Any action done by
faculty can be seen on both the systems of facultys as well
as participant (Top one is facultys systems window and the
user6s container is shown at the bottom).
59
FEATURE
Figure 16. Faculty taking system control of user6
Once the training is over, faculty can delete all the created
containers by executing the below command:
$docker rm $(ps a q)
It takes 3 minutes to delete 25 user accounts and contain-
ers.
To summarize, the evolution has taken place in two
tranches. In first one, hardware virtualization was done
through Virtual machines that provided certain advantag-
es. To overcome challenges or limitations associated with
hardware virtualization, software virtualization was done
through Docker to fetch maximum benefits of the virtual-
izations.
We discussed the steps to customize Docker image based
on your requirements, the creation of container from the
list of users, monitor the computing resource utilization of
running containers and check the user activities through
log files in both online as well as offline.
60
5. References
1. Control Groups Series by Neil Brown -- https://lwn.net/
Articles/604609/
2. Namespaces by Michael Kerrisk -- https://lwn.net/
Articles/531114/
3. The Docker Book by James Turnbull, pp. 18-47, August
16, 2015, v1.8.0, --http://www.dockerbook.com/
4. Docker Registry -- https://hub.docker.com/
6. Authors Detail
First Author: Dr B. Thangaraju re-
ceived his Ph.D. in Physics and
worked as a research associate in the
Indian Institute of Science (IISc.),
Bangalore before joining in Wipro
Technologies. His core expertise
lies in Linux kernel with knowledge
of embedded, real-time Linux, Open
Source Software (OSS) and Dev-Ops. He has published
more than 55 papers on OSS in renowned international and
national journals. Also he has presented 32 technical papers
in national and international conferences. You can reach him
at: balat.raju@wipro.com.
Second Author: Rajesh Srivas-
tava completed his engineer-
ing in computers and currently
playing a unique role i.e. Social
Officer for Talent Transforma-
tion of Wipro Technologies,
Bangalore. He is an alumnus
from Madan Mohan Malaviya
University of Technology, Gor-
akhpur and Stanford University California, USA. He has
been working with IT industry for almost two decades. He
possess versatile experience in technology and management
areas. You can reach Rajesh at rajesh.srivastava@wipro.
com
DeveloperIQ | March 2016