Differences

This shows you the differences between two versions of the page.

--- packages:docker [2014-07-16 10:02] – glen
+++ packages:docker [2020-10-24 16:21] (current) – add php images link glen
@@ Line 3: / Line 3: @@
 [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container.
-Have look at Docker [[https://www.docker.io/gettingstarted/|getting started]].
+Have look at Docker [[https://docs.docker.com/linux/|getting started]].
+===== Prerequisites =====
+  - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc.
+  - vserver patch disabled (''docker exec'' will fail otherwise):
+    - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg
+    - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html
+===== PLD Linux Base images =====
+Minimal PLD Linux base images are built every Friday and published in GitLab:
+  * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images
+There's also available base images from Th snapshots:
+  * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images
+<code>
+$ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux
+hello pld linux
+</code>
+To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base.
+Additionally PHP base images are provided:
+  * https://gitlab.com/pld-linux/php
+==== Setup Cgroups ====
+Easiest way is to install [[package>libcgroup]] package and enable all cgroup types:
+<code>
+# install libcgroup and enable mounts
+poldek -u --noask libcgroup
+sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf
+service cgconfig start
+</code>
 ===== Network Configuration =====
@@ Line 19: / Line 57: @@
 Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**:
-    net.ipv4.ip_forward=1
+   net.ipv4.ip_forward=1
-===== PLD Base image =====
+===== Rights =====
-Simple script to create new base image for pld:
+Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user.
-<code bash mkimage-pld.sh>
+<note tip>
-#!/bin/sh
+By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]].
-set -e
+</note>
-ROOTFS=~/root
+Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way.
-IMAGE=pld
+===== How To =====
-# to clean up:
+==== Maintenance ====
-docker rmi $IMAGE
-# build
+Getting rid of stopped containers
-rpm -r $ROOTFS --initdb
-install -d $ROOTFS/dev/pts
+<code>
-mknod $ROOTFS/dev/random c 1 8 -m 644
+docker ps -f status=exited
-mknod $ROOTFS/dev/urandom c 1 9 -m 644
+docker ps -q -f status=exited | xargs -r docker rm
-mknod $ROOTFS/dev/full c 1 7 -m 666
+</code>
-mknod $ROOTFS/dev/null c 1 3 -m 666
-mknod $ROOTFS/dev/zero c 1 5 -m 666
-mknod $ROOTFS/dev/console c 5 1 -m 660
-poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek
+Getting rid of unused images
-# cleanups
+<code>
-PKGS="cracklib-dicts ca-certificates"
+docker images --filter dangling=true
-for pkg in $PKGS; do
+docker images --filter dangling=true --quiet | xargs -r docker rmi
-    rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps
+</code>
-done
-# and import
-tar -C $ROOTFS -cf- . | docker import - $IMAGE
-# and test
+Getting rid of unused volumes
-docker run -i -u root $IMAGE /bin/echo Success.
+<code>
+docker volume ls -f dangling=true
+docker volume ls -qf dangling=true | xargs -r docker volume rm
 </code>
-<file>
+For Docker < 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool.
-# sh -x /vagrant/mkimage-pld.sh
-+ rpm -r /home/vagrant/root --initdb
-+ poldek -r root --up -u bash iproute2
-+ docker import - pld
-# docker run -i -t pld bash
-WARNING: IPv4 forwarding is disabled.
-[root@e8d2bb1215c2 /]# id
-uid=0(root) gid=0(root) groups=0(root)
-</file>
-You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]].
+For Docker >= 1.13 use ''docker {container,image,volume,network} prune'' subcommands.
-also, you can try [[.:people:glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image:
-<code bash>
-vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash
-root@ae0aac5de155 ~#
-</code>
 ===== Vagrant =====
@@ Line 89: / Line 105: @@
 cd test
 # use curl or wget
-curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/lxc-docker?codeblock=4 || \
+curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 || \
-wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/lxc-docker?codeblock=4
+wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4
 vagrant up
 vagrant ssh
@@ Line 123: / Line 139: @@
     pkg_cmd << "sysctl -p; "
-    # Add lxc-docker package and start it
+    # Add docker package and start it
     pkg_cmd << "poldek -u --noask lxc-docker; "
     pkg_cmd << "service lxc-docker start; "