User Tools
packages:docker
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
packages:docker [2013-09-16 22:48] glen [Vagrant] fix v2 config |
packages:docker [2019-02-01 12:29] glen say hello |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== LXC Docker ====== | + | ====== Docker ====== |
| [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container. | [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container. | ||
| - | Have look at Docker [[https://www.docker.io/gettingstarted/|getting started]]. | + | Have look at Docker [[https://docs.docker.com/linux/|getting started]]. |
| + | |||
| + | ===== Prerequisites ===== | ||
| + | |||
| + | - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. | ||
| + | - vserver patch disabled (''docker exec'' will fail otherwise): | ||
| + | - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg | ||
| + | - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html | ||
| + | |||
| + | ===== PLD Linux Base images ===== | ||
| + | |||
| + | Minimal PLD Linux base images are built every Friday and published in GitLab: | ||
| + | |||
| + | * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images | ||
| + | |||
| + | There's also available base images from Th snapshots: | ||
| + | * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images | ||
| + | |||
| + | <code> | ||
| + | $ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux | ||
| + | hello pld linux | ||
| + | </code> | ||
| + | |||
| + | To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base. | ||
| + | |||
| + | |||
| + | ==== Setup Cgroups ==== | ||
| + | |||
| + | Easiest way is to install [[package>libcgroup]] package and enable all cgroup types: | ||
| + | |||
| + | <code> | ||
| + | # install libcgroup and enable mounts | ||
| + | poldek -u --noask libcgroup | ||
| + | sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf | ||
| + | service cgconfig start | ||
| + | </code> | ||
| ===== Network Configuration ===== | ===== Network Configuration ===== | ||
| Line 19: | Line 54: | ||
| Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**: | Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**: | ||
| - | net.ipv4.ip_forward=1 | + | net.ipv4.ip_forward=1 |
| - | ===== PLD Base image ===== | + | ===== Rights ===== |
| - | Simple script to create new base image for pld: | + | Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user. |
| - | <code bash mkimage-pld.sh> | + | <note tip> |
| - | #!/bin/sh | + | By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]]. |
| - | set -e | + | </note> |
| - | ROOTFS=~/root | + | Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way. |
| - | IMAGE=pld | + | ===== How To ===== |
| - | # to clean up: | + | ==== Maintenance ==== |
| - | docker rmi $IMAGE | + | |
| - | # build | + | Getting rid of stopped containers |
| - | rpm -r $ROOTFS --initdb | + | |
| - | poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek | + | |
| - | # cleanups | + | <code> |
| - | PKGS="cracklib-dicts ca-certificates" | + | docker ps -f status=exited |
| - | for pkg in $PKGS; do | + | docker ps -q -f status=exited | xargs -r docker rm |
| - | rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps | + | </code> |
| - | done | + | |
| - | # and import | + | Getting rid of unused images |
| - | tar -C $ROOTFS -cf- . | docker import - $IMAGE | + | |
| - | # and test | + | <code> |
| - | docker run -i -u root $IMAGE /bin/echo Success. | + | docker images --filter dangling=true |
| + | docker images --filter dangling=true --quiet | xargs -r docker rmi | ||
| </code> | </code> | ||
| - | <file> | + | Getting rid of unused volumes |
| - | # sh -x /vagrant/mkimage-pld.sh | + | <code> |
| - | + rpm -r /home/vagrant/root --initdb | + | docker volume ls -f dangling=true |
| - | + poldek -r root --up -u bash iproute2 | + | docker volume ls -qf dangling=true | xargs -r docker volume rm |
| - | + docker import - pld | + | </code> |
| - | # docker run -i -t pld bash | + | |
| - | WARNING: IPv4 forwarding is disabled. | + | |
| - | [root@e8d2bb1215c2 /]# id | + | |
| - | uid=0(root) gid=0(root) groups=0(root) | + | |
| - | </file> | + | |
| - | You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]]. | + | For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool. |
| - | also, you can try [[/people/glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image: | + | For Docker >= 1.13 use ''docker {container,image,volume,network} prune'' subcommands. |
| - | <code bash> | + | |
| - | vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash | + | |
| - | root@ae0aac5de155 ~# | + | |
| - | </code> | + | |
| ===== Vagrant ===== | ===== Vagrant ===== | ||
| - | To play around inside [[vagrant]], create ''Vagrantfile'' and run ''vagrant up'' followed by ''vagrant ssh''. | + | To play around inside [[vagrant]], create ''Vagrantfile'' and run ''vagrant up'' followed by ''vagrant ssh'': |
| + | |||
| + | <code bash> | ||
| + | mkdir test | ||
| + | cd test | ||
| + | # use curl or wget | ||
| + | curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 || \ | ||
| + | wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 | ||
| + | vagrant up | ||
| + | vagrant ssh | ||
| + | </code> | ||
| <code ruby Vagrantfile> | <code ruby Vagrantfile> | ||
| Line 96: | Line 128: | ||
| # install libcgroup and enable mounts | # install libcgroup and enable mounts | ||
| - | pkg_cmd << "poldek -u --noask libcgroup lxc iptables; " | + | pkg_cmd << "poldek -u --noask libcgroup; " |
| pkg_cmd << "sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf; " | pkg_cmd << "sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf; " | ||
| - | pkg_cmd << "echo 'docker -d &' >> /etc/rc.d/rc.local; " | + | pkg_cmd << "service cgconfig start; " |
| # ensure ip forward is enabled | # ensure ip forward is enabled | ||
| pkg_cmd << "sed -i -e '/^net.ipv4.ip_forward/ s/0/1/' /etc/sysctl.conf; " | pkg_cmd << "sed -i -e '/^net.ipv4.ip_forward/ s/0/1/' /etc/sysctl.conf; " | ||
| + | pkg_cmd << "sysctl -p; " | ||
| - | # Add lxc-docker package | + | # Add docker package and start it |
| - | # https://bugs.launchpad.net/poldek/+bug/1216250 | + | pkg_cmd << "poldek -u --noask lxc-docker; " |
| - | pkg_cmd << "poldek -u --noask lxc-docker --nodeps; " | + | pkg_cmd << "service lxc-docker start; " |
| - | pkg_cmd << "poldek -u glibc-localedb-all; " | + | pkg_cmd << "usermod -A docker vagrant; " |
| - | # Add 3.10 kernel | + | # Add glibc locales |
| - | pkg_cmd << "poldek -u --noask kernel; " | + | pkg_cmd << "poldek -u glibc-localedb-all; " |
| - | # Make some more space | + | # Make some more space for containers |
| pkg_cmd << "poldek -u xfsprogs; ldconfig; " | pkg_cmd << "poldek -u xfsprogs; ldconfig; " | ||
| pkg_cmd << "lvextend --size=+3G /dev/sys/rootfs; xfs_growfs /; " | pkg_cmd << "lvextend --size=+3G /dev/sys/rootfs; xfs_growfs /; " | ||
| - | # Add guest additions if local vbox VM | ||
| - | is_vbox = true | ||
| - | ARGV.each do |arg| is_vbox &&= !arg.downcase.start_with?("--provider") end | ||
| - | if is_vbox | ||
| - | pkg_cmd << "poldek -u --noask kernel-misc-vboxguest kernel-misc-vboxsf; " | ||
| - | end | ||
| - | # Activate new kernel | ||
| - | pkg_cmd << "shutdown -h now; " | ||
| config.vm.provision :shell, :inline => pkg_cmd | config.vm.provision :shell, :inline => pkg_cmd | ||
| end | end | ||
| Line 140: | Line 165: | ||
| #config.vm.network :public_network, { bridge: 'eth1', auto_config: true } | #config.vm.network :public_network, { bridge: 'eth1', auto_config: true } | ||
| end | end | ||
| - | end | + | end |
| </code> | </code> | ||
packages/docker.txt · Last modified: 2020-10-24 16:21 by glen
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
