Docker

Docker, The Linux container engine is an open source project to pack, ship and run any application as a lightweight container.

Have look at Docker getting started.

1. kernel with USER_NS, USER_NET, etc.
2. vserver patch disabled (docker exec will fail otherwise):
   1. https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg
   2. http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html

Minimal PLD Linux base images are built every Friday and published in GitLab:

• https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images

There's also available base images from Th snapshots:

• https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images

$ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux
hello pld linux

To build your own base image, you can use contrib/mkimage-pld.sh as base.

Additionally PHP base images are provided:

• https://gitlab.com/pld-linux/php

Easiest way is to install libcgroup package and enable all cgroup types:

# install libcgroup and enable mounts
poldek -u --noask libcgroup
sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf
service cgconfig start 

IPv4 packet forwarding is disabled by default in PLD Linux, so internet access from inside the container will not work unless net.ipv4.ip_forward is enabled:

 WARNING: IPv4 forwarding is disabled.

To fix, run:

 sudo sysctl -w net.ipv4.ip_forward=1

Or, to enable it more permanently, enable it on the host's /etc/sysctl.conf:

 net.ipv4.ip_forward=1

Don't run docker as root. Add your user to docker group in host to be able to run from your own user.

Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way.

Getting rid of stopped containers

docker ps -f status=exited
docker ps -q -f status=exited | xargs -r docker rm

Getting rid of unused images

docker images --filter dangling=true
docker images --filter dangling=true --quiet | xargs -r docker rmi

Getting rid of unused volumes

docker volume ls -f dangling=true
docker volume ls -qf dangling=true | xargs -r docker volume rm

For Docker < 1.9, see docker-cleanup-volumes tool.

For Docker >= 1.13 use docker {container,image,volume,network} prune subcommands.

To play around inside vagrant, create Vagrantfile and run vagrant up followed by vagrant ssh:

mkdir test
cd test
# use curl or wget
curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 || \
wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4
vagrant up
vagrant ssh

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :
 
BOX_NAME = ENV['BOX_NAME'] || "pld64"
BOX_URI = ENV['BOX_URI'] || "ftp://ftp.pld-linux.org/people/glen/vm/pld64.box"
 
hostname = File.basename(File.dirname(__FILE__))
print "\033k#{hostname}\033\\"
 
Vagrant::Config.run do |config|
  # Setup virtual machine box. This VM configuration code is always executed.
  config.vm.box = BOX_NAME
  config.vm.box_url = BOX_URI
 
  # Provision docker and new kernel if deployment was not done
  if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
    pkg_cmd = "set -xe; "
 
    # install libcgroup and enable mounts
    pkg_cmd << "poldek -u --noask libcgroup; "
    pkg_cmd << "sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf; "
    pkg_cmd << "service cgconfig start; "
 
    # ensure ip forward is enabled
    pkg_cmd << "sed -i -e '/^net.ipv4.ip_forward/ s/0/1/' /etc/sysctl.conf; "
    pkg_cmd << "sysctl -p; "
 
    # Add docker package and start it
    pkg_cmd << "poldek -u --noask lxc-docker; "
    pkg_cmd << "service lxc-docker start; "
    pkg_cmd << "usermod -A docker vagrant; "
 
    # Add glibc locales
    pkg_cmd << "poldek -u glibc-localedb-all; "
 
    # Make some more space for containers
    pkg_cmd << "poldek -u xfsprogs; ldconfig; "
    pkg_cmd << "lvextend --size=+3G /dev/sys/rootfs; xfs_growfs /; "
 
    config.vm.provision :shell, :inline => pkg_cmd
  end
end
 
 
# Providers were added on Vagrant >= 1.1.0
Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
  config.vm.provider :virtualbox do |vb|
    config.vm.box = BOX_NAME
    config.vm.box_url = BOX_URI
 
    # ssh agent forwarding can be useful
    #config.ssh.forward_agent = true
 
    # Make VM accessible outside VM itself, and use eth1 device
    #config.vm.network :public_network, { bridge: 'eth1', auto_config: true }
  end
end