Difference between revisions of "Talk:Docker"

From SME Server
Jump to navigationJump to search
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
== Install on Rocky 8/9 ==
 +
 +
You can install docker but beware.
 +
 +
'''This conflicts with podman which does the same thing'''
 +
 +
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
 +
sudo dnf install docker-ce
 +
 +
 
== Make use of /etc/docker/daemon.json ==
 
== Make use of /etc/docker/daemon.json ==
  
Line 152: Line 162:
  
 
list all Network and Gateway
 
list all Network and Gateway
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
+
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
+
{
  "Subnet": "172.17.0.0/16",
+
  "Subnet": "172.17.0.0/16",
  "Gateway": "172.17.0.1"
+
  "Gateway": "172.17.0.1"
}
+
}
{
+
{
  "Subnet": "172.18.0.0/16",
+
  "Subnet": "172.18.0.0/16",
  "Gateway": "172.18.0.1"
+
  "Gateway": "172.18.0.1"
}
+
}
 
list all subnet
 
list all subnet
 
  # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
 
  # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
Line 173: Line 183:
 
  "172.18.0.1"
 
  "172.18.0.1"
 
from there we could check if all the network are indeed in db network of SME
 
from there we could check if all the network are indeed in db network of SME
 
  
 
== usefull command for users ==
 
== usefull command for users ==

Latest revision as of 16:27, 9 October 2024

Install on Rocky 8/9

You can install docker but beware.

This conflicts with podman which does the same thing

sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install docker-ce


Make use of /etc/docker/daemon.json

we currently use

  • data-root: "/home/e-smith/files/docker/data/"
  • dns: $docker{'DNS'} || ${LocalIP}
  • bip: $docker{'DockerNetwork'} (Specify network bridge IP)
  • iptables:false

we could play with

  • default-gateway
  • defaul-address-pools
  • ip
  • bridge if we require smeserver-bridge-interface or is present
  • tls                                   Use TLS; implied by --tlsverify
  • tlscacert string                     Trust certs signed only by this CA (default "~/.docker/ca.pem")
  • tlscert string                        Path to TLS certificate file (default "~/.docker/cert.pem")
  • tlskey string                         Path to TLS key file (default "~/.docker/key.pem")
  • tlsverify                             Use TLS and verify the remote
{
  "allow-nondistributable-artifacts": [],
  "api-cors-header": "",
  "authorization-plugins": [],
  "bip": "",
  "bridge": "",
  "cgroup-parent": "",
  "cluster-advertise": "",
  "cluster-store": "",
  "cluster-store-opts": {},
  "containerd": "/run/containerd/containerd.sock",
  "containerd-namespace": "docker",
  "containerd-plugin-namespace": "docker-plugins",
  "data-root": "",
  "debug": true,
  "default-address-pools": [
    {
      "base": "172.30.0.0/16",
      "size": 24
    },
    {
      "base": "172.31.0.0/16",
      "size": 24
    }
  ],
  "default-cgroupns-mode": "private",
  "default-gateway": "",
  "default-gateway-v6": "",
  "default-runtime": "runc",
  "default-shm-size": "64M",
  "default-ulimits": {
    "nofile": {
      "Hard": 64000,
      "Name": "nofile",
      "Soft": 64000
    }
  },
  "dns": [],
  "dns-opts": [],
  "dns-search": [],
  "exec-opts": [],
  "exec-root": "",
  "experimental": false,
  "features": {},
  "fixed-cidr": "",
  "fixed-cidr-v6": "",
  "group": "",
  "hosts": [],
  "icc": false,
  "init": false,
  "init-path": "/usr/libexec/docker-init",
  "insecure-registries": [],
  "ip": "0.0.0.0",
  "ip-forward": false,
  "ip-masq": false,
  "iptables": false,
  "ip6tables": false,
  "ipv6": false,
  "labels": [],
  "live-restore": true,
  "log-driver": "json-file",
  "log-level": "",
  "log-opts": {
    "cache-disabled": "false",
    "cache-max-file": "5",
    "cache-max-size": "20m",
    "cache-compress": "true",
    "env": "os,customer",
    "labels": "somelabel",
    "max-file": "5",
    "max-size": "10m"
  },
  "max-concurrent-downloads": 3,
  "max-concurrent-uploads": 5,
  "max-download-attempts": 5,
  "mtu": 0,
  "no-new-privileges": false,
  "node-generic-resources": [
    "NVIDIA-GPU=UUID1",
    "NVIDIA-GPU=UUID2"
  ],
  "oom-score-adjust": -500,
  "pidfile": "",
  "raw-logs": false,
  "registry-mirrors": [],
  "runtimes": {
    "cc-runtime": {
      "path": "/usr/bin/cc-runtime"
    },
    "custom": {
      "path": "/usr/local/bin/my-runc-replacement",
      "runtimeArgs": [
        "--debug"
      ]
    }
  },
  "seccomp-profile": "",
  "selinux-enabled": false,
  "shutdown-timeout": 15,
  "storage-driver": "",
  "storage-opts": [],
  "swarm-default-advertise-addr": "",
  "tls": true,
  "tlscacert": "",
  "tlscert": "",
  "tlskey": "",
  "tlsverify": true,
  "userland-proxy": false,
  "userland-proxy-path": "/usr/libexec/docker-proxy",
  "userns-remap": ""
}
Warning.png Warning:
You cannot set options in daemon.json that have already been set on daemon startup as a flag. On systems that use systemd to start the Docker daemon, -H is already set, so you cannot use the hosts key in daemon.json to add listening addresses. See “custom Docker daemon options” for how to accomplish this task with a systemd drop-in file.



use of jq to get and use info

list all networks id

# docker network ls|awk '(NR!=1) {print $1 }'
823d8b3f95b5
7a659867acde
8dc3ef802bb3
226506b91494

list all network names

# docker network ls|awk '(NR!=1) {print $2 }'
bridge
dockeronly_default
host
none

list all Network and Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
  "Subnet": "172.17.0.0/16",
  "Gateway": "172.17.0.1"
}
{
  "Subnet": "172.18.0.0/16",
  "Gateway": "172.18.0.1"
}

list all subnet

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
"172.17.0.0/16"
"172.18.0.0/16"

list all Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway"
"172.17.0.1"
"172.18.0.1"
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway'
"172.17.0.1"
"172.18.0.1"

from there we could check if all the network are indeed in db network of SME

usefull command for users

connect to a container with bash invite

docker exec -it onlyoffice bash


sources