Difference between revisions of "Talk:Docker"

From SME Server
Jump to navigationJump to search
Line 152: Line 152:
  
 
list all Network and Gateway
 
list all Network and Gateway
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
+
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
+
{
  "Subnet": "172.17.0.0/16",
+
  "Subnet": "172.17.0.0/16",
  "Gateway": "172.17.0.1"
+
  "Gateway": "172.17.0.1"
}
+
}
{
+
{
  "Subnet": "172.18.0.0/16",
+
  "Subnet": "172.18.0.0/16",
  "Gateway": "172.18.0.1"
+
  "Gateway": "172.18.0.1"
}
+
}
 
list all subnet
 
list all subnet
 
  # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
 
  # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
Line 173: Line 173:
 
  "172.18.0.1"
 
  "172.18.0.1"
 
from there we could check if all the network are indeed in db network of SME
 
from there we could check if all the network are indeed in db network of SME
 
  
 
== usefull command for users ==
 
== usefull command for users ==

Revision as of 21:00, 10 August 2022

Make use of /etc/docker/daemon.json

we currently use

  • data-root: "/home/e-smith/files/docker/data/"
  • dns: $docker{'DNS'} || ${LocalIP}
  • bip: $docker{'DockerNetwork'} (Specify network bridge IP)
  • iptables:false

we could play with

  • default-gateway
  • defaul-address-pools
  • ip
  • bridge if we require smeserver-bridge-interface or is present
  • tls                                   Use TLS; implied by --tlsverify
  • tlscacert string                     Trust certs signed only by this CA (default "~/.docker/ca.pem")
  • tlscert string                        Path to TLS certificate file (default "~/.docker/cert.pem")
  • tlskey string                         Path to TLS key file (default "~/.docker/key.pem")
  • tlsverify                             Use TLS and verify the remote
{
  "allow-nondistributable-artifacts": [],
  "api-cors-header": "",
  "authorization-plugins": [],
  "bip": "",
  "bridge": "",
  "cgroup-parent": "",
  "cluster-advertise": "",
  "cluster-store": "",
  "cluster-store-opts": {},
  "containerd": "/run/containerd/containerd.sock",
  "containerd-namespace": "docker",
  "containerd-plugin-namespace": "docker-plugins",
  "data-root": "",
  "debug": true,
  "default-address-pools": [
    {
      "base": "172.30.0.0/16",
      "size": 24
    },
    {
      "base": "172.31.0.0/16",
      "size": 24
    }
  ],
  "default-cgroupns-mode": "private",
  "default-gateway": "",
  "default-gateway-v6": "",
  "default-runtime": "runc",
  "default-shm-size": "64M",
  "default-ulimits": {
    "nofile": {
      "Hard": 64000,
      "Name": "nofile",
      "Soft": 64000
    }
  },
  "dns": [],
  "dns-opts": [],
  "dns-search": [],
  "exec-opts": [],
  "exec-root": "",
  "experimental": false,
  "features": {},
  "fixed-cidr": "",
  "fixed-cidr-v6": "",
  "group": "",
  "hosts": [],
  "icc": false,
  "init": false,
  "init-path": "/usr/libexec/docker-init",
  "insecure-registries": [],
  "ip": "0.0.0.0",
  "ip-forward": false,
  "ip-masq": false,
  "iptables": false,
  "ip6tables": false,
  "ipv6": false,
  "labels": [],
  "live-restore": true,
  "log-driver": "json-file",
  "log-level": "",
  "log-opts": {
    "cache-disabled": "false",
    "cache-max-file": "5",
    "cache-max-size": "20m",
    "cache-compress": "true",
    "env": "os,customer",
    "labels": "somelabel",
    "max-file": "5",
    "max-size": "10m"
  },
  "max-concurrent-downloads": 3,
  "max-concurrent-uploads": 5,
  "max-download-attempts": 5,
  "mtu": 0,
  "no-new-privileges": false,
  "node-generic-resources": [
    "NVIDIA-GPU=UUID1",
    "NVIDIA-GPU=UUID2"
  ],
  "oom-score-adjust": -500,
  "pidfile": "",
  "raw-logs": false,
  "registry-mirrors": [],
  "runtimes": {
    "cc-runtime": {
      "path": "/usr/bin/cc-runtime"
    },
    "custom": {
      "path": "/usr/local/bin/my-runc-replacement",
      "runtimeArgs": [
        "--debug"
      ]
    }
  },
  "seccomp-profile": "",
  "selinux-enabled": false,
  "shutdown-timeout": 15,
  "storage-driver": "",
  "storage-opts": [],
  "swarm-default-advertise-addr": "",
  "tls": true,
  "tlscacert": "",
  "tlscert": "",
  "tlskey": "",
  "tlsverify": true,
  "userland-proxy": false,
  "userland-proxy-path": "/usr/libexec/docker-proxy",
  "userns-remap": ""
}
Warning.png Warning:
You cannot set options in daemon.json that have already been set on daemon startup as a flag. On systems that use systemd to start the Docker daemon, -H is already set, so you cannot use the hosts key in daemon.json to add listening addresses. See “custom Docker daemon options” for how to accomplish this task with a systemd drop-in file.



use of jq to get and use info

list all networks id

# docker network ls|awk '(NR!=1) {print $1 }'
823d8b3f95b5
7a659867acde
8dc3ef802bb3
226506b91494

list all network names

# docker network ls|awk '(NR!=1) {print $2 }'
bridge
dockeronly_default
host
none

list all Network and Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
  "Subnet": "172.17.0.0/16",
  "Gateway": "172.17.0.1"
}
{
  "Subnet": "172.18.0.0/16",
  "Gateway": "172.18.0.1"
}

list all subnet

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
"172.17.0.0/16"
"172.18.0.0/16"

list all Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway"
"172.17.0.1"
"172.18.0.1"
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway'
"172.17.0.1"
"172.18.0.1"

from there we could check if all the network are indeed in db network of SME

usefull command for users

connect to a container with bash invite

docker exec -it onlyoffice bash


sources