Build the newest Docker environment

This tutorial explains how to build the newest Docker environment. My host is Ubuntu 16.04.1, and it is already shipped withDocker 1.12.0:

# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/docker.service.d
   Active: active (running) since Tue 2016-08-09 03:49:08 EDT; 3min 24s ago
 Main PID: 30465 (dockerd)
Tasks: 26
   Memory: 36.5M
  CPU: 2.394s
   CGroup: /system.slice/docker.service
   ├─30465 /usr/bin/dockerd -H fd://
   └─30473 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics

Aug 09 03:49:08 ubuntu dockerd[30465]: time="2016-08-09T03:49:08.114671045-04:00" level=info msg="Graph migration to content-addressability
# docker version
 Version:  1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:Thu Jul 28 22:11:10 2016
 OS/Arch:  linux/amd64

 Version:  1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:Thu Jul 28 22:11:10 2016
 OS/Arch:  linux/amd64

(1) The prerequisite is the Go environment is ready on your host, and GOPATH environment variable is also set. If not, please follow thisdocument to setup.

(2) Download the newest Docker code:

# go get -d -u
package no buildable Go source files in /go/src/

Build the Docker:

# cd $GOPATH/src/
# make DOCKER_BUILD_ARGS="--build-arg http_proxy= --build-arg https_proxy=" DOCKER_DEBUG=1

Because my host works behind proxy, I need to specify proxy address in command line. Whether adding DOCKER_DEBUG or not depends on your personal flavor.

(3) After above building process succeeds, backup old Docker files:

# systemctl stop docker
# cd /usr/bin
# mkdir backup_docker
# mv docker* backup_docker

(4) Change back to $GOPATH/src/, and copy new Docker binaries:

# cd $GOPATH/src/
# cd bundles/latest/
# ls
binary-client  binary-daemon

binary-client contains Docker executable file:

# cd binary-client/
# ls
docker  docker-1.13.0-dev  docker-1.13.0-dev.md5  docker-1.13.0-dev.sha256
# cp docker /usr/bin/

Then copy Docker daemon related files:

# cd ../binary-daemon/
# ls
docker-containerd             docker-containerd.sha256       dockerd-1.13.0-dev         docker-proxy-1.13.0-dev.md5
docker-containerd-ctr         docker-containerd-shim         dockerd-1.13.0-dev.md5     docker-proxy-1.13.0-dev.sha256
docker-containerd-ctr.md5     docker-containerd-shim.md5     dockerd-1.13.0-dev.sha256  docker-runc
docker-containerd-ctr.sha256  docker-containerd-shim.sha256  docker-proxy               docker-runc.md5
docker-containerd.md5         dockerd                        docker-proxy-1.13.0-dev    docker-runc.sha256
# cp docker-containerd docker-containerd-ctr docker-containerd-shim docker-runc dockerd docker-proxy /usr/bin/

(5) Restart Docker and check it:

# systemctl start docker
# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/docker.service.d
   Active: active (running) since Tue 2016-08-09 04:26:16 EDT; 9s ago
 Main PID: 4961 (dockerd)
    Tasks: 24
   Memory: 13.6M
      CPU: 367ms
   CGroup: /system.slice/docker.service
           ├─4961 /usr/bin/dockerd -H fd://
           └─4968 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-

Aug 09 04:26:15 ubuntu dockerd[4961]: time="2016-08-09T04:26:15.795281048-04:00" level=info msg="Graph migration to content-addressability
# docker version
 Version:      1.13.0-dev
 API version:  1.25
 Go version:   go1.6.3
 Git commit:   b2b41b2
 Built:        Tue Aug  9 07:49:54 2016
 OS/Arch:      linux/amd64

 Version:      1.13.0-dev
 API version:  1.25
 Go version:   go1.6.3
 Git commit:   b2b41b2
 Built:        Tue Aug  9 07:49:54 2016
 OS/Arch:      linux/amd64

Now you are playing the freshest Docker! Enjoy it!


Wget only recognizes http_proxy, not https_proxy

My Ubuntu 16.04 LTS works behind proxy. I have set HTTP_PROXY and HTTPS_PROXY environmental variables:


But wget can’t work:

# wget -P /tmp
--2016-07-14 22:51:12--
Resolving (
Connecting to (||:443... connected.
ERROR: cannot verify's certificate, issued by ‘O=Fortinet Ltd.,CN=FG3K6C3A15800021’:
  Self-signed certificate encountered.
    ERROR: certificate common name ‘FG3K6C3A15800021’ doesn't match requested host name ‘’.
To connect to insecurely, use `--no-check-certificate'.
root@ubuntu:~# wget --no-check-certificate -P /tmp

After setting http_proxy and https_proxy:


Now wget works:

# wget -P /tmp     --2016-07-14 22:57:30--
Resolving (
Connecting to (||:8080... connected.
Proxy request sent, awaiting response... 302 Found

So we can conclude that wget is picky about uppercase and lowercase words.


Deploy Docker Swarm cluster on one host

Sometimes, you just want to learn the internal mechanics of Docker Swarm, but unfortunately there is only one Linux box at hand, and you don’t want to bother to install Virtual Machines on it. In this scenario, you certainly can build a Docker Swarm cluster on one host, and this tutorial will provide a detailed guide:

(1) Make sure the Go environment has been ready on your system, if not, please follow this document to setup it. Also remember add$GOPATH/bin into $PATH environment variable.

(2) Install Docker Swarm:

# go get -u

Execute swarm command to check whether Docker Swarm is well equipped:

# swarm
Usage: swarm [OPTIONS] COMMAND [arg...]

A Docker-native clustering system

Version: 1.2.3 (HEAD)

  --debug                       debug mode [$DEBUG]
  --log-level, -l "info"        Log level (options: debug, info, warn, error, fatal, panic)
  --experimental                enable experimental features
  --help, -h                    show help
  --version, -v                 print the version

(3) Modify the Docker configuration file. E.g., on my RHEL 7, the file is /etc/sysconfig/docker:

# systemctl show docker
EnvironmentFile=/etc/sysconfig/docker (ignore_errors=yes)

Add “-H tcp://” in OPTIONS field:

# cat /etc/sysconfig/docker
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled -H tcp:// -H unix:///var/run/docker.sock'

Restart Docker, and check whether the new OPTIONS takes effect:

# systemctl restart docker
# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2016-06-08 12:32:19 CST; 10s ago
 Main PID: 14429 (sh)
   CGroup: /system.slice/docker.service
           ├─14429 /bin/sh -c /usr/bin/docker-current daemon $OPTIONS            $DOCKER_STORAGE_OPTIONS            $DOCKER_NETWORK_OPTI...
           ├─14430 /usr/bin/docker-current daemon --selinux-enabled -H tcp:// -H unix:///var/run/docker.sock --add-registr...
           └─14431 /usr/bin/forward-journald -tag docker

(4) Run “swarm create” command to create token for the cluster:

# swarm create

(5) Execute swarm join to create a Docker Swarm node:

# swarm join --addr token://d10eacbda9763b0740548a2a4c2f1a59
INFO[0000] Registering on the discovery service every 1m0s...  addr= discovery=token://d10eacbda9763b0740548a2a4c2f1a59

You should notice that the argument of --addr option is the IP and port of the Docker engine on this host. Since we have set theOPTIONS in Docker configuration file in step 3, the IP should be whilst port is 2375.

(6) Open a new terminal, and create the manager of the cluster. Because port 2375 is occupied by Docker engine, we use another available port:

# swarm manage -H token://d10eacbda9763b0740548a2a4c2f1a59
INFO[0000] Listening for HTTP                            addr= proto=tcp
INFO[0001] Registered Engine localhost.localdomain at

Through the log, you can see the node and manager have communicated successfully.

Now, you can think a Docker engine is listening on tcp://, but actually, there is one Docker cluster behindtcp://, even though the cluster has only one node. You can play docker client commands now, such as get the cluster info:

# docker -H tcp:// info
Containers: 0
Images: 5
Server Version: swarm/1.2.3
Role: primary
Strategy: spread
Filters: health, port, containerslots, dependency, affinity, constraint
Nodes: 1
  └ Status: Healthy
  └ Containers: 0 (0 Running, 0 Paused, 0 Stopped)
  └ Reserved CPUs: 0 / 8
  └ Reserved Memory: 0 B / 12.1 GiB
  └ Labels: executiondriver=native-0.2, kernelversion=3.10.0-327.el7.x86_64, operatingsystem=Red Hat Network, storagedriver=devicemapper
  └ UpdatedAt: 2016-06-08T04:58:05Z
  └ ServerVersion: 1.9.1
Kernel Version: 3.10.0-327.el7.x86_64

Or run a container:

# docker -H tcp:// run hello-world

Hello from Docker.
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.

Enjoy Docker Swarm now!

Swarm docs;
Docker Swarm Tutorial and Examples.


The tips of learning Linux kernel

As the Linux kernel has become one of the most gigantic and complex software project in the world, its complication scare many novices away. In this post, I will give some personal experience on how to learn Linux kernel, and hope these tips can offer some help to newcomers.

(1) Download vanilla kernel and install it.

Yes, I suggest you can find a physical machine, or if you really don’t have one at hand, virtual machine is also OK. Download the newest vanilla kernel from, then build and install it. This process isn’t too hard and makes you conquer the fear of Linux kernel. After your first successful setting up of Linux kernel, and read the release version number from uname -r output:

# uname -r

I think this will enable you gain more confidence.

(2) Study the elementary skills of Linux kernel programming.

Looking back when you begin user-space C programming on *nix platform, you need to know allocating memory through malloc; opening file through fopen/open; using pthread library to construct concurrent program, and so on. Linux is nothing more than a platform, and you also need to study the rules of playing with it. For example, you should be familiar with how to tweak list (list.h); giving out memory should use kmalloc, etc. There are many classical books and tutorials elaborate these knowledge. Although some posts seem outdated (the version of kernel is still 2.6.x.), but they are also applicable to current.

(3) Dive into one module.

Once you get the basic expertise of Linux kernel programming, you should focus on one aspect of the kernel. If you are a full-time kernel programmer, congratulations! You should concentrate on your work area and try to be the expert of this domain. If kernel is just your hobby, you should select one module which you have great interest on. I.e., if you are curious about debugging, kdump should be your taste; if you pay close attention to dynamic tracing, BPF will be the right stuff which you want to find. After picking out the part you want to contribute, you should dig into the code and attempt to master every detail of it. You should also subscribe the related mailing list to acquaint the newest progress. The final goal is to check in meaningful patches for kernel, from a trivial typo to an enhanced feature. Think your code will run on millions of thousands of devices, it is really amazing!

(4) Others

When you meet an issue, you can try to get help from mailing list or forums. You can also try to take part in local community to recognize people in the same camp. Anyway, Endeavor to utilize all the resource you can find.

Happy hacking!


Install docker on Ubuntu 14.04

If you want to play docker on Ubuntu 14.04, please pay attention to the installation instruction: it is “apt-get install“, not “apt-get install docker“. You can find the difference between them by following command:

# apt-cache search docker
docker - System tray for KDE3/GNOME2 docklet applications
...... - Linux container runtime

OK! Since you have set up docker successfully, you can check its process now:

# ps -ef | grep docker
root       4715      1  0 13:22 ?        00:00:00 /usr/bin/docker -d
root       4857   4691  0 13:50 pts/0    00:00:00 grep --color=auto docker
# pstree -ps 4715

You can use “service start docker” and “service stop docker” to start and stop docker daemon.

If your host runs behind proxy, you may meet problems when pulling image:

# docker run hell-world
Unable to find image 'hell-world:latest' locally
Pulling repository hell-world
FATA[0005] Get x509: certificate is valid for FG3K6C3A15800021, not

The solution is add proxy configurations in /etc/default/docker:

# If you need Docker to use an HTTP proxy, it can also be specified here.
export http_proxy=""
export https_proxy=""

Then you can download images successfully:

# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from hello-world
d59cd4c39e50: Pull complete
f1d956dc5945: Pull complete
Digest: sha256:4f32210e234b4ad5cac92efacc0a3d602b02476c754f13d517e1ada048e5a8ba
Status: Downloaded newer image for hello-world:latest

Hello from Docker.
This message shows that your installation appears to be working correctly.

Now that all the preparations are ready, please enjoy playing docker!