Difference between revisions of "Talk:Docker"
From SME Server
Jump to navigationJump to searchUnnilennium (talk | contribs) (Created page with "== Make use of /etc/docker/daemon.json == we currently use * data-root: "/home/e-smith/files/docker/data/" * dns: $docker{'DNS'} || ${LocalIP} * bip: $docker{'DockerNetwork...") |
Unnilennium (talk | contribs) |
||
| Line 135: | Line 135: | ||
</syntaxhighlight>{{Warning box|You cannot set options in daemon.json that have already been set on daemon startup as a flag. On systems that use systemd to start the Docker daemon, -H is already set, so you cannot use the hosts key in daemon.json to add listening addresses. See “custom Docker daemon options” for how to accomplish this task with a systemd drop-in file.}} | </syntaxhighlight>{{Warning box|You cannot set options in daemon.json that have already been set on daemon startup as a flag. On systems that use systemd to start the Docker daemon, -H is already set, so you cannot use the hosts key in daemon.json to add listening addresses. See “custom Docker daemon options” for how to accomplish this task with a systemd drop-in file.}} | ||
| + | |||
| + | |||
| + | ==use of jq to get and use info == | ||
| + | list all networks id | ||
| + | # docker network ls|awk '(NR!=1) {print $1 }' | ||
| + | 823d8b3f95b5 | ||
| + | 7a659867acde | ||
| + | 8dc3ef802bb3 | ||
| + | 226506b91494 | ||
| + | list all network names | ||
| + | # docker network ls|awk '(NR!=1) {print $2 }' | ||
| + | bridge | ||
| + | dockeronly_default | ||
| + | host | ||
| + | none | ||
| + | |||
| + | list all Network and Gateway | ||
| + | # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]' | ||
| + | { | ||
| + | "Subnet": "172.17.0.0/16", | ||
| + | "Gateway": "172.17.0.1" | ||
| + | } | ||
| + | { | ||
| + | "Subnet": "172.18.0.0/16", | ||
| + | "Gateway": "172.18.0.1" | ||
| + | } | ||
| + | list all subnet | ||
| + | # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet' | ||
| + | "172.17.0.0/16" | ||
| + | "172.18.0.0/16" | ||
| + | list all Gateway | ||
| + | # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway" | ||
| + | "172.17.0.1" | ||
| + | "172.18.0.1" | ||
| + | # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway' | ||
| + | "172.17.0.1" | ||
| + | "172.18.0.1" | ||
| + | from there we could check if all the network are indeed in db network of SME | ||
| + | |||
| + | |||
| + | == usefull command for users == | ||
| + | connect to a container with bash invite | ||
| + | docker exec -it onlyoffice bash | ||
| + | |||
== sources == | == sources == | ||
Revision as of 20:59, 10 August 2022
Make use of /etc/docker/daemon.json
we currently use
- data-root: "/home/e-smith/files/docker/data/"
- dns: $docker{'DNS'} || ${LocalIP}
- bip: $docker{'DockerNetwork'} (
Specify network bridge IP) - iptables:false
we could play with
- default-gateway
- defaul-address-pools
- ip
- bridge if we require smeserver-bridge-interface or is present
- tls Use TLS; implied by --tlsverify
- tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem")
- tlscert string Path to TLS certificate file (default "~/.docker/cert.pem")
- tlskey string Path to TLS key file (default "~/.docker/key.pem")
- tlsverify Use TLS and verify the remote
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
"cgroup-parent": "",
"cluster-advertise": "",
"cluster-store": "",
"cluster-store-opts": {},
"containerd": "/run/containerd/containerd.sock",
"containerd-namespace": "docker",
"containerd-plugin-namespace": "docker-plugins",
"data-root": "",
"debug": true,
"default-address-pools": [
{
"base": "172.30.0.0/16",
"size": 24
},
{
"base": "172.31.0.0/16",
"size": 24
}
],
"default-cgroupns-mode": "private",
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-shm-size": "64M",
"default-ulimits": {
"nofile": {
"Hard": 64000,
"Name": "nofile",
"Soft": 64000
}
},
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"features": {},
"fixed-cidr": "",
"fixed-cidr-v6": "",
"group": "",
"hosts": [],
"icc": false,
"init": false,
"init-path": "/usr/libexec/docker-init",
"insecure-registries": [],
"ip": "0.0.0.0",
"ip-forward": false,
"ip-masq": false,
"iptables": false,
"ip6tables": false,
"ipv6": false,
"labels": [],
"live-restore": true,
"log-driver": "json-file",
"log-level": "",
"log-opts": {
"cache-disabled": "false",
"cache-max-file": "5",
"cache-max-size": "20m",
"cache-compress": "true",
"env": "os,customer",
"labels": "somelabel",
"max-file": "5",
"max-size": "10m"
},
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"max-download-attempts": 5,
"mtu": 0,
"no-new-privileges": false,
"node-generic-resources": [
"NVIDIA-GPU=UUID1",
"NVIDIA-GPU=UUID2"
],
"oom-score-adjust": -500,
"pidfile": "",
"raw-logs": false,
"registry-mirrors": [],
"runtimes": {
"cc-runtime": {
"path": "/usr/bin/cc-runtime"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
"seccomp-profile": "",
"selinux-enabled": false,
"shutdown-timeout": 15,
"storage-driver": "",
"storage-opts": [],
"swarm-default-advertise-addr": "",
"tls": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"tlsverify": true,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"userns-remap": ""
}
use of jq to get and use info
list all networks id
# docker network ls|awk '(NR!=1) {print $1 }'
823d8b3f95b5
7a659867acde
8dc3ef802bb3
226506b91494
list all network names
# docker network ls|awk '(NR!=1) {print $2 }'
bridge
dockeronly_default
host
none
list all Network and Gateway
- docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
"Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1"
} {
"Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1"
} list all subnet
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
"172.17.0.0/16"
"172.18.0.0/16"
list all Gateway
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway"
"172.17.0.1"
"172.18.0.1"
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway'
"172.17.0.1"
"172.18.0.1"
from there we could check if all the network are indeed in db network of SME
usefull command for users
connect to a container with bash invite
docker exec -it onlyoffice bash
sources
- https://gist.github.com/melozo/6de91558242fb8ca4212e4a73fbddde6
- https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
- https://docs.docker.com/engine/reference/commandline/dockerd/#daemon
- https://github.com/moby/moby/blob/2c7c092e279062b93d638edd4c88f21643f0c4ef/daemon/config/config.go#L144
