Docker
Placeholder for anything to do with Docker (https://docker.com)
About
Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.
Why Docker on SME Server?
Docker containers hold one or more applications (and all it's dependecies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.
Examples:
- ownCloud running in a container with a higher version of PHP then SME Server provides
- A postgres application running in a container without having to install Postgres on SME Server
- Service on demand, you can start/start (even scripted) a container when you need the service within the container
- Move containers from one SME Server to another (Back-up or production) without installing the application itself
- Time based service e.g. cron jobs. Only have an application running when you need it.
- Keep SME Server's stock stability, security and flexibility, yet run exotic applications
Considerations
- Storage of image library (local/NAS)
- Storage of Docker application data (local/NAS)
- Networking e.g. bridged with host, new bridge with host or port mapping
- Stand alone all-in-on docker or linked containers
- Security
- Only use TRUSTED repo's with images. Who build the image, what's in it?
- Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:
owncloud-7.0.1-smeserver-9.0-john wordpress-3.9.1-smeserver-8.1-mary ehour-1.4.1-smeserver-9.0-richard sharedfolders-2.1.1-smeserver-9.0-fws frontaccounting-3.2.1-smeserver-8.1-contribsorg
- Verification (checksum) of available images
- Setting up trusted docker repo's
- disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum
Challenges
- How to interact with localhost PAM or LDAP from within a container?
Installation
Docker requires some RPM's that are not available in the default upstream repo's. So we need to enable the epel repo first. See epel
Then we can install Docker and it's dependencies:
yum install docker-io --enablerepo=epel ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S95docker chkconfig docker on service docker start
and then
docker
to see the available command line options. But first and foremost read the excellent Docker documentation
- Note: Although we've linked the docker as service in runlevel 7, it will not pick up the config files /etc/sysconfig/docker. So Shipyard will not be able to connect to docker. Why?
Building your images
- Manual, or..
- https://github.com/docker/fig
Setting up a (Private) Docker repository
TBA
Docker notes
Loose notes:
docker=service access=public status=enabled
Shipyard
Shipyard is a separate GUI project hosted on Github. It will allow you to manage Docker instances and images from your browser. It is not required to use and run Docker containers, for all Docker commands can be issued from the command line.
For Shipyard to be able to connect to the Docker deamon, the file /etc/sysconfig/docker has to be adjusted to enable socket support and TCP.
Templated /etc/sysconfig/docker based on below db settings
/etc/sysconfig/docker:
other_args="-H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock"
127.0.0.1 (localhost) or 0.0.0.0 (public) based on db key shipyard Access
The restart the Docker deamon:
service docker restart
For Shipyard to be able to manage (multiple) hosts, each and every hosts will need to have shipyard-agent installed.
Installation
Shipyard can be installed as a Docker application itself. We will use this way of installing Shipyard.
Issue the follwoing command as root:
docker run -i -t -v /var/run/docker.sock:/docker.sock shipyard/deploy setup
This will make Docker pull the various layers and images and combine it into fully functional webserver with the Shipyard application installed.
Loose notes:
shipyard=service TCPPort=4243 access=public status=enabled
Shipyard agent
About
Installation
TBA
Loose notes
shipyard-agent=service TCPPort=8000;4500 access=public status=enabled
Related articles of interest
Things to do
- Get the shipyard GUI going
- A LOT more ;-)