Differences

This shows you the differences between two versions of the page.

--- packages:docker [2014-01-09 21:05]
glen base /dev
+++ packages:docker [2019-02-01 12:29]
glen say hello
@@ Line 1: / Line 1: @@
-====== LXC Docker ======
+====== Docker ======
 [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container.
-Have look at Docker [[https://www.docker.io/gettingstarted/|getting started]].
+Have look at Docker [[https://docs.docker.com/linux/|getting started]].
+===== Prerequisites =====
+  - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc.
+  - vserver patch disabled (''docker exec'' will fail otherwise):
+    - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg
+    - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html
+===== PLD Linux Base images =====
+Minimal PLD Linux base images are built every Friday and published in GitLab:
+  * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images
+There's also available base images from Th snapshots:
+  * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images
+<code>
+$ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux
+hello pld linux
+</code>
+To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base.
+==== Setup Cgroups ====
+Easiest way is to install [[package>libcgroup]] package and enable all cgroup types:
+<code>
+# install libcgroup and enable mounts
+poldek -u --noask libcgroup
+sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf
+service cgconfig start
+</code>
 ===== Network Configuration =====
@@ Line 19: / Line 54: @@
 Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**:
-    net.ipv4.ip_forward=1
+   net.ipv4.ip_forward=1
-===== PLD Base image =====
+===== Rights =====
-Simple script to create new base image for pld:
+Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user.
-<code bash mkimage-pld.sh>
+<note tip>
-#!/bin/sh
+By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]].
-set -e
+</note>
-ROOTFS=~/root
+Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way.
-IMAGE=pld
+===== How To =====
-# to clean up:
+==== Maintenance ====
-docker rmi $IMAGE
-# build
+Getting rid of stopped containers
-rpm -r $ROOTFS --initdb
-install -d $ROOTFS/dev/pts
+<code>
-mknod $ROOTFS/dev/random c 1 8 -m 644
+docker ps -f status=exited
-mknod $ROOTFS/dev/urandom c 1 9 -m 644
+docker ps -q -f status=exited | xargs -r docker rm
-mknod $ROOTFS/dev/full c 1 7 -m 666
+</code>
-mknod $ROOTFS/dev/null c 1 3 -m 666
-mknod $ROOTFS/dev/zero c 1 5 -m 666
-mknod $ROOTFS/dev/console c 5 1 -m 660
-poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek
+Getting rid of unused images
-# cleanups
+<code>
-PKGS="cracklib-dicts ca-certificates"
+docker images --filter dangling=true
-for pkg in $PKGS; do
+docker images --filter dangling=true --quiet | xargs -r docker rmi
-    rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps
+</code>
-done
-# and import
+Getting rid of unused volumes
-tar -C $ROOTFS -cf- . | docker import - $IMAGE
+<code>
+docker volume ls -f dangling=true
-# and test
+docker volume ls -qf dangling=true | xargs -r docker volume rm
-docker run -i -u root $IMAGE /bin/echo Success.
 </code>
-<file>
+For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool.
-# sh -x /vagrant/mkimage-pld.sh
-+ rpm -r /home/vagrant/root --initdb
-+ poldek -r root --up -u bash iproute2
-+ docker import - pld
-# docker run -i -t pld bash
-WARNING: IPv4 forwarding is disabled.
-[root@e8d2bb1215c2 /]# id
-uid=0(root) gid=0(root) groups=0(root)
-</file>
-You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]].
+For Docker >= 1.13 use ''docker {container,image,volume,network} prune'' subcommands.
-also, you can try [[/people/glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image:
-<code bash>
-vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash
-root@ae0aac5de155 ~#
-</code>
 ===== Vagrant =====
-To play around inside [[vagrant]], create ''Vagrantfile'' and run ''vagrant up'' followed by ''vagrant ssh''.
+To play around inside [[vagrant]], create ''Vagrantfile'' and run ''vagrant up'' followed by ''vagrant ssh'':
+<code bash>
+mkdir test
+cd test
+# use curl or wget
+curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 || \
+wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4
+vagrant up
+vagrant ssh
+</code>
 <code ruby Vagrantfile>
@@ Line 105: / Line 128: @@
     # install libcgroup and enable mounts
-    pkg_cmd << "poldek -u --noask libcgroup lxc iptables; "
+    pkg_cmd << "poldek -u --noask libcgroup; "
     pkg_cmd << "sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf; "
-    pkg_cmd << "echo 'docker -d &' >> /etc/rc.d/rc.local; "
+    pkg_cmd << "service cgconfig start; "
     # ensure ip forward is enabled
     pkg_cmd << "sed -i -e '/^net.ipv4.ip_forward/ s/0/1/' /etc/sysctl.conf; "
+    pkg_cmd << "sysctl -p; "
-    # Add lxc-docker package
+    # Add docker package and start it
-    # https://bugs.launchpad.net/poldek/+bug/1216250
+    pkg_cmd << "poldek -u --noask lxc-docker; "
-    pkg_cmd << "poldek -u --noask lxc-docker --nodeps; "
+    pkg_cmd << "service lxc-docker start; "
-    pkg_cmd << "poldek -u glibc-localedb-all; "
+    pkg_cmd << "usermod -A docker vagrant; "
-    # Add 3.10 kernel
+    # Add glibc locales
-    pkg_cmd << "poldek -u --noask kernel; "
+    pkg_cmd << "poldek -u glibc-localedb-all; "
-    # Make some more space
+    # Make some more space for containers
     pkg_cmd << "poldek -u xfsprogs; ldconfig; "
     pkg_cmd << "lvextend --size=+3G /dev/sys/rootfs; xfs_growfs /; "
-    # Add guest additions if local vbox VM
-    is_vbox = true
-    ARGV.each do |arg| is_vbox &&= !arg.downcase.start_with?("--provider") end
-    if is_vbox
-      pkg_cmd << "poldek -u --noask kernel-misc-vboxguest kernel-misc-vboxsf; "
-    end
-    # Activate new kernel
-    pkg_cmd << "shutdown -h now; "
     config.vm.provision :shell, :inline => pkg_cmd
   end
@@ Line 149: / Line 165: @@
     #config.vm.network :public_network, { bridge: 'eth1', auto_config: true }
   end
 end
 </code>

PLD Linux Distribution

User Tools

Site Tools

Differences

Page Tools