Does dockstore-tool-samtools-index have GATK/BAM/Chromwell already configured? - google-api

Just wanted to know if the docker image with name dockstore-tool-samtools-index which is available here "https://quay.io/repository/cancercollaboratory/dockstore-tool-samtools-index"
and given as an input to the Google Genomics API (pipelines.create) contains the genome tools such as GATK/BWA or Cromwell.
Any help regarding this will be appreciated.
Thanks.

It does not appear to contain those additional tools: https://github.com/CancerCollaboratory/dockstore-tool-samtools-index/blob/master/Dockerfile
Here's how to check:
Find the docker container on https://dockstore.org/search-containers.
Click on the "GitHub" link in the row with the container of interest.
Read the contents of the Dockerfile to see what the image will contain.

One aspect of Docker images is that they usually try to have only one specific tool installed on them. This way the images are kept as small as possible with the idea that they can be used like modules.
There are images listed in the Dockstore search link provided by Nicole above which have BWA installed. Cromwell usually launches Docker containers rather than being installed on a Docker image, since it is more of workflow management system. You are always welcome to create your own custom image with the preferred installed software packages to fit what you need.
Hope it helps,
Paul

Related

How to enforce Trusted Docker base images

I've seen quite a few posts relating to Docker security and especially with supply chain attacks in the news recently about limiting your Docker base images to images that you trust.
However, I'm finding it difficult to find information on how to actually do this other than maybe some kinda of Dockerfile parsing. Perhaps we could inspect an image and find that one of the layers contains a sha256 of a base image we trust.
What about in multistage builds? Whatever image we used to build our package should be trusted as well.
Does anyone have any suggestions or experiences or tools to help ensure that only images that have been approved can be used as a base image for a final image and in multistage builds as well? Basically any "FROM" should be from an image that we can approve.
You can enable content trust for docker build which should verify base image integrity.
https://docs.docker.com/engine/security/trust/trust_automation/#build-with-content-trust

How can I write a Dockerfile to merge two or more docker images into one?

I am trying to integrate three things into one docker image.
The first image is: https://github.com/opencv/gst-video-analytics
The second image is: https://github.com/domoritz/streamlit-docker
The third image is: http://blog.feabhas.com/2020/02/running-the-eclipse-mosquitto-mqtt-broker-in-a-docker-container/
Can someone guide me on how can I integrate these three images into one on docker in Windows 10?
Operating system: Windows 10
Docker version 19.03.1
I did something similar with docker-combos. You basically just include all the lines from all three Dockerfile files, but only one FROM line. Then start correcting errors as they come up. You may have a bunch of errors because the FROM lines aren't the same (one is Ubuntu, one is Alpine so you have to change apk add to apt-get install).
You can also consider not using a single Docker container for all these and go with docker-compose. It lets you bring up multiple containers all together and link their network for easy access.

How to build Docker image own image

Currently I'm doing POC in docker for Windows 2016. I just want to know how to build an own image.
Currently we are using
docker pull microsoft/windowsservercore
to pull base image but due to security reason we should not download images from public repository. So we should build our own Windows images.
Is it possible to build our own image with out downloading? If yes, means how we can build our own Windows server images.
There are plenty of ways to build a base image you can use tar or scratch
Below is the example:
FROM scratch
ADD helloworld.sh /usr/local/bin/hellowworld.sh
CMD ["/usr/local/bin/helloworld.sh"]
see the link to get more information
I think you've to setup your own company docker registry. After setting it up you can "import" the windowsservercore image to the private registry. See this link for further explanation.
You can use one downloaded image as the base image and then customize that image as per your needs. You should refer to Dockerfile for information regarding configuring your own image.

Obtaining a docker image's parent images

Is there a way to obtain the docker parent image tree for a given image? I know
docker history IMG_NAME will provide an image id for the current image you're working with but everything else is missing. I've read this was taken out in v1.10 for security concerns but it seems to be a larger concern not being able to verify the tree of images that a final image was created from.
The other other thing I've found is docker save IMG_NAME -o TAR_OUTPUT.tar which will let you view all of the files in each layer but that seems pretty tedious.
How can I be assured that the only things modified in a given image for a piece of software is the installation and configuration of the software itself. It seems that being able to see the changes in the Dockerfiles used to generated each successive image would be an easy way to verify this.
Apart from has been said by chintan thakar, you will have to iterate maybe several times.
An example should clarify this
Suppose you want to dig into an image, and the Dockerfile to create this image starts with
FROM wordpress
so you go to
https://hub.docker.com/_/wordpress/
have a look at the Dockerfile, and you notice that
https://github.com/docker-library/wordpress/blob/0a5405cca8daf0338cf32dc7be26f4df5405cfb6/php5.6/apache/Dockerfile
starts with
FROM php:5.6-apache
so you go to the PHP 5.6 reference at
https://github.com/docker-library/php/blob/eadc27f12cfec58e270f8e37cd1b4ae9abcbb4eb/5.6/apache/Dockerfile
and you find the Dockerfile starts with
FROM debian:jessie
so you go to the Dockerfile of Debian jessie at
https://github.com/debuerreotype/docker-debian-artifacts/blob/af5a0043a929e0c87f7610da93bfe599ac40f29b/jessie/Dockerfile
and notice that this image is built like this
FROM scratch
ADD rootfs.tar.xz /
CMD ["bash"]
So you will need to do this if you want to see from where all the files come.
If there is a security issue notified, you will also need to do this, in order to know if you are concerned or not.

How do I move where Docker Images are stored under Windows 2016

I've automated creation of VMs for my developers, and I want to distribute this base image, and script the creation of the secondary drive to as large as they want for container storage.
I can't figure out how to change the default docker image folder from the C: drive to the E: Data drive.
Hopefully someone has already figured this one out and can point me in the right direction.
Used the correct google search terms and found the answer myself: Docker Engine On Windows.
Create a file daemon.json and put it in installation folder. Example: C:\ProgramData\docker\config\daemon.json
Inside that file use the graph keyword
{
"graph": "e:\\docker_containers"
}
Please note that you must have an extra CRLF added to the end of this file, or when you start the service it will crash with its parser.

Resources