Docker lets you package up software as self-sufficient containers that share their host’s kernel but look and feel like independent VMs. The software within runs with near-native performance. This makes Docker containers a great way to safely try out new packages without installing them “bare metal” on your machine. Here’s some of the techniques you can use.

Why Use Docker to Try Software?

Installing directly from a package manager isn’t always desirable when you’re trying software for the first time. You might not want to run an unproven daemon or network service on your hardware. Some uninstallers won’t remove every file connected to their package, leaving your machine cluttered with orphaned configs if you decide you won’t use the software long-term.

In a worst case scenario, the package you download could even be malicious or compromised. Opting for a bare metal installation puts your data at risk. By the time you’re aware of a problem, attackers could already have gleaned sensitive information from their nefarious install script.

Docker containers give you an isolated sandbox where you can install new packages without worrying about these concerns. Compared to spinning up a whole new VM, Docker is lighter and quicker but offers a similar level of security when configured for safe execution.

Packages you install within a container will modify that container’s filesystem, leaving your host’s data intact. Malicious packages will have a much tougher time compromising your system as they’ll need to break out of the container to reach your host. Installers that go looking for interesting config files from other packages will see a fresh filesystem instead of your user data.

If it turns out a package isn’t right for you, “uninstall” it by simply deleting your sandboxed Docker container. There’ll be no trace of it left on your system.

Finding Docker Images

When you’re looking to try something new, it’s best to first search Docker Hub and see whether there’s already a container image for your chosen package. Images provide ready-to-use deployments of specific software, similar to a VM ISO that’s been preconfigured with a set of packages.

Many popular projects now offer official Docker images as part of their releases. These are clearly marked on Docker Hub with a green “Official Image” badge.

Sometimes you might find an unofficial image that provides the package you’re looking for but is published by a community member. It’s worth checking the download stats first to assess whether others are successfully using it.

You should also make sure the image has a variant for the software version you want. Images will distinguish different versions using Docker tags, such as mongo:5 for MongoDB 5 and mongo:4 for MongoDB 4. Use Docker Hub’s Tags view to see the options available and when they were last updated.

Using an Image

Once you’ve found an image, start a container from it. You should refer to your image’s description on Docker Hub to get specific instructions for the software you’ve selected.

In general, images packaging an interactive application can be started using this sequence:

Start images that provide background processes with the -d flag instead:

The docker run command starts a container using the specified image. Your software is now running in an isolated environment with its own filesystem. You can run several independent instances simultaneously by starting multiple containers from the image.

What If There’s No Image?

The absence of an official – or unofficial – Docker image for your chosen software package isn’t the end of your try-with-Docker journey. In this situation, create a container from an operating system base image to host your isolated environment. You can then run the software’s regular installation procedure to get it into your container.

Here’s an example that starts a fresh Ubuntu environment in Docker:

The -it flags mean you’ll be dropped into an interactive shell running within the terminal. Now you can use apt, curl, wget, or any other necessary steps to install and try your target package.

If you’ll want to repeat these steps again in the future, write a Dockerfile that lets you build your own image:

Build your image:

Now use your image to start a container that automatically runs the example-package binary added to the Ubuntu base image:

This works because the binary is set as the Docker image’s command in your Dockerfile. It’ll run automatically when the container starts, receiving the flags you pass to docker run.

Taking Snapshots

Another benefit of using Docker to try new software is its ability to create snapshots of a container’s current state. This is useful when you’re trialing different settings and want to backup a specific configuration so you can easily return to it later.

Use the docker commit command to create a new image from a container’s filesystem:

You should substitute my-container with the ID or name of your container. You can get these details by running docker ps which shows all running containers in the order they were started. The command will tag the snapshotted image as package-snapshot:latest.

Now you can apply any changes you need to your existing container without worrying about breaking your current state. If you want to rollback, use docker run to start another container from the package-snapshot:latest image.

Cleaning Up

When you’ve finished experimenting, Docker makes it easy to “uninstall” your software without leaving a trace. First delete your containers:

Then clear the images you’ve downloaded:

You’re now back to a clean state. As anything related to the software existed only inside your container, your host’s filesystem will be left unaltered.

Persistent Data

One challenge you might encounter is when you want to pause your trials and resume them later. Docker containers reset their state when they’re stopped so any filesystem changes you’ve made, such as adding config files, will be lost.

You can solve this by mounting volumes into the container so that important files are persisted on your host. Use the -v flag with docker run for this.

Volumes outlive individual containers so you can restore your files into a new container by supplying the same -v flags. Delete volumes with the docker volume rm command.

Conclusion

Docker is a quick and easy way to safely try out software without polluting your host machine’s environment. It lets you triage new packages ahead of introducing them to sensitive systems and bare metal hardware.

Using Docker provides an opportunity to scan software before you run it. The built-in Docker Scan component identifies vulnerabilities in the packages within an image, giving you an overview of the security implications. Use docker scan example-package:latest to scan downloaded images.

You could choose to keep using your Dockerized software installation after your initial experimentation. Alternatively, you can use what you’ve learned to set up a functioning bare metal install with increased confidence that the package does what it claims to.