Changes

Jump to navigation Jump to search
2,117 bytes added ,  12:53, 27 August 2021
Line 358: Line 358:  
     status disabled
 
     status disabled
   −
signal-event yum-modify
+
signal-event yum-modify
   −
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli
+
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli
 +
 
 +
So we get a service in /etc/systemd/system-preset/49-koozali.preset
 +
 
 +
config set docker service status enabled
 +
config set containerd service status enabled
 +
mkdir -p /home/e-smith/files/docker
 +
mkdir -p /home/e-smith/files/docker/configs
 +
 
 +
 
 +
Startup options
 +
 
 +
The big issue is getting this to work correctly with the firewall.
 +
 
 +
https://docs.docker.com/compose/compose-file/compose-file-v3
 +
 
 +
Host mode where the container has the same IP as the server and the service runs the same as any other host service, and can talk to other local host services easily, but exposes the container more.
 +
 
 +
Bridge mode where the container is on it's own internal docker network that is bridged to the local machine, but then queries emanating from the container will have the internal docker IP and can be refused by real 'local' services eg AD/MySQL etc. unless the firewall or other services can be adjusted.
 +
 
 +
 
 +
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode
 +
 
 +
network_mode: "bridge"
 +
network_mode: "host"
 +
network_mode: "none"
 +
network_mode: "service:[service name]"
 +
network_mode: "container:[container name/id]"
 +
 
 +
 
 +
https://docs.docker.com/compose/compose-file/compose-file-v3/#ports
 +
 
 +
Port mapping is incompatible with network_mode: host
 +
 
 +
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
 +
 
 +
We can add startup options via /etc/docker/daemon.json
    
===Files to modify?===
 
===Files to modify?===
   −
systemd unit file
+
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml
 +
 
 +
 
 +
/etc/e-smith/templates/usr/lib/systemd/system/docker.service.d/50koozali.conf
 +
 
 +
40service
 +
 
 +
[Service]
 +
Type=notify
 +
# the default is not to use systemd for cgroups because the delegate issues still
 +
# exists and systemd currently does not support the cgroup feature set required
 +
# for containers run by docker
 +
# docker home set to /home/e-smith/files/docker
 +
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -g /home/e-smith/files/docker
 +
ExecReload=/bin/kill -s HUP $MAINPID
 +
TimeoutSec=0
 +
RestartSec=2
 +
Restart=always
 +
 
 +
80install
 +
 
 +
[Install]
 +
WantedBy=sme-server.target
 +
 
 +
 
 +
=== Old Unit file ===
 +
Previous unit file for ref
    
  [Unit]
 
  [Unit]
Line 413: Line 475:  
  [Install]
 
  [Install]
 
  WantedBy=multi-user.target
 
  WantedBy=multi-user.target
 +
 +
 +
 
   
 
   
 
  [[Category:Containers]]
 
  [[Category:Containers]]
 
   
 
   
 
  [[Category:Containers:Docker]]
 
  [[Category:Containers:Docker]]

Navigation menu