Difference between revisions of "Talk:Docker"
From SME Server
Jump to navigationJump to searchUnnilennium (talk | contribs) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | == Install on Rocky 8/9 == | ||
+ | |||
+ | You can install docker but beware. | ||
+ | |||
+ | '''This conflicts with podman which does the same thing''' | ||
+ | |||
+ | sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo | ||
+ | sudo dnf install docker-ce | ||
+ | |||
+ | |||
== Make use of /etc/docker/daemon.json == | == Make use of /etc/docker/daemon.json == | ||
Latest revision as of 16:27, 9 October 2024
Install on Rocky 8/9
You can install docker but beware.
This conflicts with podman which does the same thing
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo dnf install docker-ce
Make use of /etc/docker/daemon.json
we currently use
- data-root: "/home/e-smith/files/docker/data/"
- dns: $docker{'DNS'} || ${LocalIP}
- bip: $docker{'DockerNetwork'} (
Specify network bridge IP)
- iptables:false
we could play with
- default-gateway
- defaul-address-pools
- ip
- bridge if we require smeserver-bridge-interface or is present
- tls Use TLS; implied by --tlsverify
- tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem")
- tlscert string Path to TLS certificate file (default "~/.docker/cert.pem")
- tlskey string Path to TLS key file (default "~/.docker/key.pem")
- tlsverify Use TLS and verify the remote
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
"cgroup-parent": "",
"cluster-advertise": "",
"cluster-store": "",
"cluster-store-opts": {},
"containerd": "/run/containerd/containerd.sock",
"containerd-namespace": "docker",
"containerd-plugin-namespace": "docker-plugins",
"data-root": "",
"debug": true,
"default-address-pools": [
{
"base": "172.30.0.0/16",
"size": 24
},
{
"base": "172.31.0.0/16",
"size": 24
}
],
"default-cgroupns-mode": "private",
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-shm-size": "64M",
"default-ulimits": {
"nofile": {
"Hard": 64000,
"Name": "nofile",
"Soft": 64000
}
},
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"features": {},
"fixed-cidr": "",
"fixed-cidr-v6": "",
"group": "",
"hosts": [],
"icc": false,
"init": false,
"init-path": "/usr/libexec/docker-init",
"insecure-registries": [],
"ip": "0.0.0.0",
"ip-forward": false,
"ip-masq": false,
"iptables": false,
"ip6tables": false,
"ipv6": false,
"labels": [],
"live-restore": true,
"log-driver": "json-file",
"log-level": "",
"log-opts": {
"cache-disabled": "false",
"cache-max-file": "5",
"cache-max-size": "20m",
"cache-compress": "true",
"env": "os,customer",
"labels": "somelabel",
"max-file": "5",
"max-size": "10m"
},
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"max-download-attempts": 5,
"mtu": 0,
"no-new-privileges": false,
"node-generic-resources": [
"NVIDIA-GPU=UUID1",
"NVIDIA-GPU=UUID2"
],
"oom-score-adjust": -500,
"pidfile": "",
"raw-logs": false,
"registry-mirrors": [],
"runtimes": {
"cc-runtime": {
"path": "/usr/bin/cc-runtime"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
"seccomp-profile": "",
"selinux-enabled": false,
"shutdown-timeout": 15,
"storage-driver": "",
"storage-opts": [],
"swarm-default-advertise-addr": "",
"tls": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"tlsverify": true,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"userns-remap": ""
}
use of jq to get and use info
list all networks id
# docker network ls|awk '(NR!=1) {print $1 }' 823d8b3f95b5 7a659867acde 8dc3ef802bb3 226506b91494
list all network names
# docker network ls|awk '(NR!=1) {print $2 }' bridge dockeronly_default host none
list all Network and Gateway
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]' { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" }
list all subnet
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet' "172.17.0.0/16" "172.18.0.0/16"
list all Gateway
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway" "172.17.0.1" "172.18.0.1" # docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway' "172.17.0.1" "172.18.0.1"
from there we could check if all the network are indeed in db network of SME
usefull command for users
connect to a container with bash invite
docker exec -it onlyoffice bash
sources
- https://gist.github.com/melozo/6de91558242fb8ca4212e4a73fbddde6
- https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
- https://docs.docker.com/engine/reference/commandline/dockerd/#daemon
- https://github.com/moby/moby/blob/2c7c092e279062b93d638edd4c88f21643f0c4ef/daemon/config/config.go#L144