PLD Linux Distribution

User Tools

Site Tools

Trace:
packages:docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
packages:docker [2015-04-09 16:55] – [Docker] add Prerequisites glenpackages:docker [2020-10-24 16:21] (current) – add php images link glen
Line 3: Line 3:
 [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container. [[https://www.docker.io/|Docker, The Linux container engine]] is an open source project to pack, ship and run any application as a lightweight container.
  
-Have look at Docker [[https://www.docker.io/gettingstarted/|getting started]].+Have look at Docker [[https://docs.docker.com/linux/|getting started]].
  
  
 ===== Prerequisites ===== ===== Prerequisites =====
  
-[[docs:lxc#prerequisites|LXC]] with ''USER_NS'', ''USER_NET'', etc.+  - [[packages:kernel]] with ''USER_NS'', ''USER_NET'', etc. 
 +  - vserver patch disabled (''docker exec'' will fail otherwise): 
 +    - https://groups.google.com/forum/#!topic/docker-user/U3j7ykSceNg 
 +    - http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/023786.html 
 + 
 +===== PLD Linux Base images ===== 
 + 
 +Minimal PLD Linux base images are built every Friday and published in GitLab: 
 + 
 +  * https://gitlab.com/pld-linux/pld#pld-linux-base-docker-images 
 + 
 +There's also available base images from Th snapshots: 
 +  * https://gitlab.com/pld-linux/pld/blob/master/README.md#snapshot-images 
 + 
 +<code> 
 +$ docker run --rm -it registry.gitlab.com/pld-linux/pld echo hello pld linux 
 +hello pld linux 
 +</code> 
 + 
 +To build your own base image, you can use [[https://github.com/moby/moby/blob/master/contrib/mkimage-pld.sh|contrib/mkimage-pld.sh]] as base. 
 + 
 + 
 +Additionally PHP base images are provided: 
 +  * https://gitlab.com/pld-linux/php 
 + 
 +==== Setup Cgroups ==== 
 + 
 +Easiest way is to install [[package>libcgroup]] package and enable all cgroup types: 
 + 
 +<code> 
 +# install libcgroup and enable mounts 
 +poldek -u --noask libcgroup 
 +sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf 
 +service cgconfig start  
 +</code>
 ===== Network Configuration =====  ===== Network Configuration ===== 
  
Line 23: Line 57:
 Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**: Or, to enable it more permanently, enable it on the host's **/etc/sysctl.conf**:
  
-    net.ipv4.ip_forward=1+   net.ipv4.ip_forward=1
  
  
-===== PLD Base image =====+===== Rights =====
  
-Simple script to create new base image for pld:+Don't run docker as ''root''. Add your user to ''docker'' group in host to be able to run from your own user.
  
-<code bash mkimage-pld.sh+<note tip
-#!/bin/sh +By adding yourself to the docker group you are effectively granting yourself full root permissions. For more information please read [[https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful|On Docker security: docker group considered harmful]]. 
-set -e+</note>
  
-ROOTFS=~/root +Whoever, we still consider that more secure approach than just running as root. Accidental damage to Host system is minimized this way. 
-IMAGE=pld+===== How To ===== 
  
-# to clean up: +==== Maintenance ====
-docker rmi $IMAGE+
  
-# build +Getting rid of stopped containers
-rpm -r $ROOTFS --initdb+
  
-install -d $ROOTFS/dev/pts +<code> 
-mknod $ROOTFS/dev/random c 1 8 -m 644 +docker ps -f status=exited 
-mknod $ROOTFS/dev/urandom c 1 9 -m 644 +docker ps --f status=exited | xargs -r docker rm 
-mknod $ROOTFS/dev/full c 1 7 -m 666 +</code>
-mknod $ROOTFS/dev/null c 1 3 -m 666 +
-mknod $ROOTFS/dev/zero c 1 5 -m 666 +
-mknod $ROOTFS/dev/console c 5 1 -m 660+
  
-poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek+Getting rid of unused images
  
-# cleanups +<code> 
-PKGS="cracklib-dicts ca-certificates" +docker images --filter dangling=true 
-for pkg in $PKGS; do +docker images --filter dangling=true --quiet | xargs -r docker rmi 
-    rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps +</code>
-done +
- +
-# and import +
-tar -C $ROOTFS -cf- . | docker import - $IMAGE+
  
-# and test +Getting rid of unused volumes 
-docker run --u root $IMAGE /bin/echo Success.+<code> 
 +docker volume ls -f dangling=true 
 +docker volume ls -qf dangling=true | xargs -r docker volume rm
 </code> </code>
  
-<file> +For Docker 1.9, see [[https://github.com/chadoe/docker-cleanup-volumes|docker-cleanup-volumes]] tool.
-# sh -x /vagrant/mkimage-pld.sh  +
-+ rpm -r /home/vagrant/root --initdb +
-+ poldek -r root --up -u bash iproute2 +
-docker import pld +
-# docker run -i -t pld bash +
-WARNING: IPv4 forwarding is disabled. +
-[root@e8d2bb1215c2 /]# id +
-uid=0(root) gid=0(root) groups=0(root) +
-</file>+
  
-You can see more available samples in [[https://github.com/dotcloud/docker/tree/master/contrib|docker/contrib/]]. +For Docker >= 1.13 use ''docker {container,image,volume,network} prune'subcommands.
- +
-alsoyou can try [[.:people:glen|glen's]] [[https://index.docker.io/u/glen/pld/|pld test]] image: +
-<code bash> +
-vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash +
-root@ae0aac5de155 ~#  +
-</code>+
  
 ===== Vagrant ===== ===== Vagrant =====
packages/docker.1428591352.txt.gz · Last modified: 2015-04-09 16:55 by glen
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS PLD Linux Driven by DokuWiki