User Tools
packages:docker
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
packages:docker [2016-05-31 07:50] glen [Getting rid of unused images] |
packages:docker [2019-02-01 12:29] glen say hello |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| ===== Prerequisites ===== | ===== Prerequisites ===== | ||
| - | [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. | + | - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. |
| + | - vserver patch disabled (''docker exec'' will fail otherwise): | ||
| + | - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg | ||
| + | - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html | ||
| + | |||
| + | ===== PLD Linux Base images ===== | ||
| + | |||
| + | Minimal PLD Linux base images are built every Friday and published in GitLab: | ||
| + | |||
| + | * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images | ||
| + | |||
| + | There's also available base images from Th snapshots: | ||
| + | * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images | ||
| + | |||
| + | <code> | ||
| + | $ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux | ||
| + | hello pld linux | ||
| + | </code> | ||
| + | |||
| + | To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base. | ||
| ==== Setup Cgroups ==== | ==== Setup Cgroups ==== | ||
| Line 36: | Line 56: | ||
| net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
| + | |||
| + | ===== Rights ===== | ||
| + | |||
| + | Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user. | ||
| + | |||
| + | <note tip> | ||
| + | By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]]. | ||
| + | </note> | ||
| + | |||
| + | Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way. | ||
| ===== How To ===== | ===== How To ===== | ||
| ==== Maintenance ==== | ==== Maintenance ==== | ||
| + | |||
| + | Getting rid of stopped containers | ||
| + | |||
| + | <code> | ||
| + | docker ps -f status=exited | ||
| + | docker ps -q -f status=exited | xargs -r docker rm | ||
| + | </code> | ||
| Getting rid of unused images | Getting rid of unused images | ||
| Line 44: | Line 81: | ||
| <code> | <code> | ||
| docker images --filter dangling=true | docker images --filter dangling=true | ||
| - | docker rmi $(docker images --filter dangling=true --quiet) | + | docker images --filter dangling=true --quiet | xargs -r docker rmi |
| </code> | </code> | ||
| Getting rid of unused volumes | Getting rid of unused volumes | ||
| <code> | <code> | ||
| - | $ docker volume ls -qf dangling=true | + | docker volume ls -f dangling=true |
| - | $ docker volume ls -qf dangling=true | xargs -r docker volume rm | + | docker volume ls -qf dangling=true | xargs -r docker volume rm |
| </code> | </code> | ||
| For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool. | For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool. | ||
| - | ===== PLD Base image ===== | ||
| - | Simple script to create new base image for pld: | + | For Docker >= 1.13 use ''docker {container,image,volume,network} prune'' subcommands. |
| - | + | ||
| - | <code bash mkimage-pld.sh> | + | |
| - | #!/bin/sh | + | |
| - | set -e | + | |
| - | + | ||
| - | ROOTFS=~/root | + | |
| - | IMAGE=pld | + | |
| - | + | ||
| - | # to clean up: | + | |
| - | docker rmi $IMAGE | + | |
| - | + | ||
| - | # build | + | |
| - | rpm -r $ROOTFS --initdb | + | |
| - | + | ||
| - | install -d $ROOTFS/dev/pts | + | |
| - | mknod $ROOTFS/dev/random c 1 8 -m 644 | + | |
| - | mknod $ROOTFS/dev/urandom c 1 9 -m 644 | + | |
| - | mknod $ROOTFS/dev/full c 1 7 -m 666 | + | |
| - | mknod $ROOTFS/dev/null c 1 3 -m 666 | + | |
| - | mknod $ROOTFS/dev/zero c 1 5 -m 666 | + | |
| - | mknod $ROOTFS/dev/console c 5 1 -m 660 | + | |
| - | + | ||
| - | poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek | + | |
| - | + | ||
| - | # cleanups | + | |
| - | PKGS="cracklib-dicts ca-certificates" | + | |
| - | for pkg in $PKGS; do | + | |
| - | rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps | + | |
| - | done | + | |
| - | + | ||
| - | # and import | + | |
| - | tar -C $ROOTFS -cf- . | docker import - $IMAGE | + | |
| - | + | ||
| - | # and test | + | |
| - | docker run -i -u root $IMAGE /bin/echo Success. | + | |
| - | </code> | + | |
| - | + | ||
| - | <file> | + | |
| - | # sh -x /vagrant/mkimage-pld.sh | + | |
| - | + rpm -r /home/vagrant/root --initdb | + | |
| - | + poldek -r root --up -u bash iproute2 | + | |
| - | + docker import - pld | + | |
| - | # docker run -i -t pld bash | + | |
| - | WARNING: IPv4 forwarding is disabled. | + | |
| - | [root@e8d2bb1215c2 /]# id | + | |
| - | uid=0(root) gid=0(root) groups=0(root) | + | |
| - | </file> | + | |
| - | + | ||
| - | You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]]. | + | |
| - | + | ||
| - | also, you can try [[people:glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image: | + | |
| - | <code bash> | + | |
| - | vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash | + | |
| - | root@ae0aac5de155 ~# | + | |
| - | </code> | + | |
| ===== Vagrant ===== | ===== Vagrant ===== | ||
packages/docker.txt · Last modified: 2020-10-24 16:21 by glen
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
