User Tools

Site Tools


packages:docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
packages:docker [2016-02-09 07:48]
glen [Network Configuration]
packages:docker [2020-10-24 16:21] (current)
glen add php images link
Line 8: Line 8:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-[[packages:​kernel]] with ''​USER_NS'',​ ''​USER_NET'',​ etc.+  - [[packages:​kernel]] with ''​USER_NS'',​ ''​USER_NET'',​ etc. 
 +  - vserver patch disabled (''​docker exec''​ will fail otherwise):​ 
 +    - https://​groups.google.com/​forum/#​!topic/​docker-user/​U3j7ykSceNg 
 +    - http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2014-January/​023786.html 
 + 
 +===== PLD Linux Base images ===== 
 + 
 +Minimal PLD Linux base images are built every Friday and published in GitLab: 
 + 
 +  * https://​gitlab.com/​pld-linux/​pld#​pld-linux-base-docker-images 
 + 
 +There'​s also available base images from Th snapshots:​ 
 +  * https://​gitlab.com/​pld-linux/​pld/​blob/​master/​README.md#​snapshot-images 
 + 
 +<​code>​ 
 +$ docker run --rm -it registry.gitlab.com/​pld-linux/​pld echo hello pld linux 
 +hello pld linux 
 +</​code>​ 
 + 
 +To build your own base image, you can use [[https://​github.com/​moby/​moby/​blob/​master/​contrib/​mkimage-pld.sh|contrib/​mkimage-pld.sh]] as base. 
 + 
 + 
 +Additionally PHP base images are provided: 
 +  * https://​gitlab.com/​pld-linux/​php 
 + 
 +==== Setup Cgroups ==== 
 + 
 +Easiest way is to install [[package>​libcgroup]] package and enable all cgroup types: 
 + 
 +<​code>​ 
 +# install libcgroup and enable mounts 
 +poldek -u --noask libcgroup 
 +sed -i -e '/​^#​mount/,​$ s/​^#//'​ /​etc/​cgconfig.conf 
 +service cgconfig start  
 +</​code>​
 ===== Network Configuration =====  ===== Network Configuration ===== 
  
Line 25: Line 59:
    ​net.ipv4.ip_forward=1    ​net.ipv4.ip_forward=1
  
-===== How To =====  
  
-==== Getting rid of unused images ​====+===== Rights =====
  
-<​code>​ +Don't run docker ​as ''​root''​. Add your user to ''​docker''​ group in host to be able to run from your own user.
-docker ​rmi $(docker ​images --filter dangling=true --quiet) +
-</​code>​ +
-===== PLD Base image =====+
  
-Simple script ​to create new base image for pld:+<note tip> 
 +By adding yourself ​to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://​www.andreas-jung.com/​contents/​on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]]. 
 +</​note>​
  
-<code bash mkimage-pld.sh> +Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way
-#!/bin/sh +===== How To ===== 
-set -e+
  
-ROOTFS=~/root +==== Maintenance ====
-IMAGE=pld+
  
-# to clean up: +Getting rid of stopped containers
-docker rmi $IMAGE+
  
-# build +<​code>​ 
-rpm -r $ROOTFS ​--initdb+docker ps -f status=exited 
 +docker ps --f status=exited | xargs -r docker rm 
 +</​code>​
  
-install -d $ROOTFS/​dev/​pts +Getting rid of unused images
-mknod $ROOTFS/​dev/​random c 1 8 -m 644 +
-mknod $ROOTFS/​dev/​urandom c 1 9 -m 644 +
-mknod $ROOTFS/​dev/​full c 1 7 -m 666 +
-mknod $ROOTFS/​dev/​null c 1 3 -m 666 +
-mknod $ROOTFS/​dev/​zero c 1 5 -m 666 +
-mknod $ROOTFS/​dev/​console c 5 1 -m 660+
  
-poldek ​-r $ROOTFS ​--up -u bash iproute2 coreutils poldek+<​code>​ 
 +docker images ​--filter dangling=true 
 +docker images ​--filter dangling=true --quiet | xargs -r docker rmi 
 +</​code>​
  
-# cleanups +Getting rid of unused volumes 
-PKGS="​cracklib-dicts ca-certificates"​ +<​code>​ 
-for pkg in $PKGS; do +docker volume ls -f dangling=true 
-    rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps +docker volume ls -qf dangling=true ​xargs -docker ​volume rm
-done +
- +
-# and import +
-tar -C $ROOTFS -cf- . docker import ​$IMAGE +
- +
-# and test +
-docker ​run -i -u root $IMAGE /bin/echo Success.+
 </​code>​ </​code>​
  
-<file> +For Docker ​1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool.
-# sh -x /vagrant/mkimage-pld.sh  +
-+ rpm -r /home/vagrant/​root ​--initdb +
-+ poldek -r root --up -u bash iproute2 +
-docker ​import ​pld +
-# docker run -i -t pld bash +
-WARNING: IPv4 forwarding is disabled. +
-[root@e8d2bb1215c2 /]# id +
-uid=0(root) gid=0(root) groups=0(root) +
-</​file>​+
  
-You can see more available samples in [[https://​github.com/​dotcloud/​docker/​tree/​master/​contrib|docker/​contrib/​]]. +For Docker >= 1.13 use ''​docker ​{container,image,​volume,​network} prune'' subcommands.
- +
-alsoyou can try [[people:​glen|glen's]] [[https://​index.docker.io/​u/​glen/​pld/​|pld test]] image: +
-<code bash> +
-vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash +
-root@ae0aac5de155 ~#  +
-</​code>​+
  
 ===== Vagrant ===== ===== Vagrant =====
packages/docker.1455000500.txt.gz · Last modified: 2016-02-09 07:48 by glen