This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
packages:docker [2016-01-27 00:10] glen [Prerequisites] |
packages:docker [2020-10-24 16:21] (current) glen add php images link |
||
---|---|---|---|
Line 3: | Line 3: | ||
[[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container. | [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container. | ||
- | Have look at Docker [[https://www.docker.io/gettingstarted/|getting started]]. | + | Have look at Docker [[https://docs.docker.com/linux/|getting started]]. |
===== Prerequisites ===== | ===== Prerequisites ===== | ||
- | [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. | + | - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. |
+ | - vserver patch disabled (''docker exec'' will fail otherwise): | ||
+ | - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg | ||
+ | - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html | ||
+ | |||
+ | ===== PLD Linux Base images ===== | ||
+ | |||
+ | Minimal PLD Linux base images are built every Friday and published in GitLab: | ||
+ | |||
+ | * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images | ||
+ | |||
+ | There's also available base images from Th snapshots: | ||
+ | * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images | ||
+ | |||
+ | <code> | ||
+ | $ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux | ||
+ | hello pld linux | ||
+ | </code> | ||
+ | |||
+ | To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base. | ||
+ | |||
+ | |||
+ | Additionally PHP base images are provided: | ||
+ | * https://gitlab.com/pld-linux/php | ||
+ | |||
+ | ==== Setup Cgroups ==== | ||
+ | |||
+ | Easiest way is to install [[package>libcgroup]] package and enable all cgroup types: | ||
+ | |||
+ | <code> | ||
+ | # install libcgroup and enable mounts | ||
+ | poldek -u --noask libcgroup | ||
+ | sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf | ||
+ | service cgconfig start | ||
+ | </code> | ||
===== Network Configuration ===== | ===== Network Configuration ===== | ||
Line 23: | Line 57: | ||
Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**: | Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**: | ||
- | net.ipv4.ip_forward=1 | + | net.ipv4.ip_forward=1 |
- | ===== PLD Base image ===== | + | ===== Rights ===== |
- | Simple script to create new base image for pld: | + | Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user. |
- | <code bash mkimage-pld.sh> | + | <note tip> |
- | #!/bin/sh | + | By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]]. |
- | set -e | + | </note> |
- | ROOTFS=~/root | + | Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way. |
- | IMAGE=pld | + | ===== How To ===== |
- | # to clean up: | + | ==== Maintenance ==== |
- | docker rmi $IMAGE | + | |
- | # build | + | Getting rid of stopped containers |
- | rpm -r $ROOTFS --initdb | + | |
- | install -d $ROOTFS/dev/pts | + | <code> |
- | mknod $ROOTFS/dev/random c 1 8 -m 644 | + | docker ps -f status=exited |
- | mknod $ROOTFS/dev/urandom c 1 9 -m 644 | + | docker ps -q -f status=exited | xargs -r docker rm |
- | mknod $ROOTFS/dev/full c 1 7 -m 666 | + | </code> |
- | mknod $ROOTFS/dev/null c 1 3 -m 666 | + | |
- | mknod $ROOTFS/dev/zero c 1 5 -m 666 | + | |
- | mknod $ROOTFS/dev/console c 5 1 -m 660 | + | |
- | poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek | + | Getting rid of unused images |
- | # cleanups | + | <code> |
- | PKGS="cracklib-dicts ca-certificates" | + | docker images --filter dangling=true |
- | for pkg in $PKGS; do | + | docker images --filter dangling=true --quiet | xargs -r docker rmi |
- | rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps | + | </code> |
- | done | + | |
- | + | ||
- | # and import | + | |
- | tar -C $ROOTFS -cf- . | docker import - $IMAGE | + | |
- | # and test | + | Getting rid of unused volumes |
- | docker run -i -u root $IMAGE /bin/echo Success. | + | <code> |
+ | docker volume ls -f dangling=true | ||
+ | docker volume ls -qf dangling=true | xargs -r docker volume rm | ||
</code> | </code> | ||
- | <file> | + | For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool. |
- | # sh -x /vagrant/mkimage-pld.sh | + | |
- | + rpm -r /home/vagrant/root --initdb | + | |
- | + poldek -r root --up -u bash iproute2 | + | |
- | + docker import - pld | + | |
- | # docker run -i -t pld bash | + | |
- | WARNING: IPv4 forwarding is disabled. | + | |
- | [root@e8d2bb1215c2 /]# id | + | |
- | uid=0(root) gid=0(root) groups=0(root) | + | |
- | </file> | + | |
- | You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]]. | + | For Docker >= 1.13 use ''docker {container,image,volume,network} prune'' subcommands. |
- | + | ||
- | also, you can try [[people:glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image: | + | |
- | <code bash> | + | |
- | vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash | + | |
- | root@ae0aac5de155 ~# | + | |
- | </code> | + | |
===== Vagrant ===== | ===== Vagrant ===== |