859
edits
Changes
Jump to navigation
Jump to search
Line 55:
Line 55: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − yum --enablerepo=smecontribs,epel install smeserver-docker + + − We looking at building an updated docker-compose rpm and using the docker-ce-stable repo+ − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − https://wiki.contribs.org/Extrarepositories − + Line 74:
Line 167: + + + + + + + + + Line 86:
Line 188: − + Line 101:
Line 203: − ==== Login to container====+ − + − − ====Configuration==== − − config show docker − status enabled/disabled - enabled by default − iptables true/false - false by default to prevent docker manipulating iptables − − config show containerd − status enabled/disabled - enabled by default − ====SME Server specifics====+ Line 123:
Line 216: − We now have systemd config files+ − Note to self:+ − It is ''important'' that you adjust the config file ''before'' you start using docker otherwise it will create it's default storage location in /var/lib/docker. − You can still change the storage location in a later stage by copying all data to the new location you've defined with the -g argument.+ − Or just restart with the new location.+ + − systemctl status docker + − systemctl status containerd + + + + + + + + + + + + + + − + − The compose file is templated and makes managing docker images much easier. − A fragment needs adding here:+ + + + + + + + + + + + + + − /etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml − Each template fragment needs to be JSON compliant to work+ + + + + + + − + Line 157:
Line 280: − Line 232:
Line 354: − + − * How to interact with localhost PAM or LDAP from within a container? − − I think that you can access localhost services by adding: − − --net="host" to docker run − − This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below. − − * Many more... − − − ==Building your own images== − * Notes − Manual, or.. − https://github.com/docker/fig − − ==='Proposal test image:'=== − An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM. − All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself. − − * Building the image based on centos6 − * Configure networking, bridges and ports − * Start/restart and stop syntax of the application − * Configure cron − − − ==Setting up a (Private) Docker repository== − TBA − − * https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/ − − − ==Docker Compose== Line 272:
Line 361: − + − + − * [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size] − − − ==Things to do== − − − Line 294:
Line 376: − ==Koozai SME v10== − − See above for contrib that is being developed. The following are old notes. − − https://docs.docker.com/engine/install/centos/ − − Don't use the extras repo to install − − https://download.docker.com/linux/centos/docker-ce.repo Line 313:
Line 386: − + + + + + + Line 433:
Line 511: + + + + + + + + + + + + + Line 506:
Line 597: + + + + + + + + + + + + + + + + + − +
→config entries
===Contrib===
===Contrib===
yum --enablerepo=extras install epel-release.
yum install smeserver-extrarepositories-docker-ce
signal-event yum-modify
yum --enablerepo=smecontribs,extras,epel install smeserver-docker
signal-event post-upgrade;signal-event reboot
(Note the contrib is still in smetest)
====Avoiding conflicts====
docker-compose templates used:
smeserver-docker
01version
10HelloWorldTest
smeserver-rocketchat
20rocketchat
====config entries====
config setprop docker iptables false/true - default false
config setprop docker DNS [192,168.10.1,8.8.8.8] - defaults to LocalIP
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.
There is an action to update the core files:
smeserver-docker-update
{{Note box| Note to self - probably needs quotes around "false" for iptables}}
config show docker
status enabled/disabled - enabled by default
iptables true/false - false by default to prevent docker manipulating iptables
config show containerd
status enabled/disabled - enabled by default - called and used by docker
See if it works:
We have added the docker repo to Extarepositories
systemctl status docker
====Testing====
We can run docker directly but the preferred method is to use compose
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
chgrp docker /usr/local/bin/docker-compose
A test compose file is installed.
cd /home/e-smith/files/docker/configs
docker-compose up -d hello_world
Add your own templates to:
/etc/e-smith/templates/home/e-smith/files/docker/configs/docker-compose.yml
or:
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml
To expand the template:
signal-event smeserver-docker-compose-update
cd /home/e-smith/files/docker/configs
docker-compose up -d my_hello
Using plain docker:
docker run hello-world
Other commands:
docker ps -a
docker rm <id>
docker images
docker rmi <id>
==Things to do==
Plenty
===Challenges===
* How to interact with localhost PAM or LDAP from within a container?
I think that you can access localhost services by adding:
--net="host" to docker run
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.
* Many more...
==Notes==
====Networking====
====Networking====
{{WIP box | This is still a work in progress. the following are notes fro reference only}}
{{WIP box | This is still a work in progress. the following are notes for reference only}}
Docker attempts to guess what network to use and sets a bridged interface for it.
Docker attempts to guess what network to use and sets a bridged interface for it.
This allows access to any local services, and any ports in the container will appear locally
This allows access to any local services, and any ports in the container will appear locally
v1 format
--net="host"
--net="host"
v2 + format
Docker
--network host
Compose
network_mode: host
This maps container port 80 to host port 8088
This maps container port 80 to host port 8088
container.ip.add:8088
container.ip.add:8088
Using --net="host" means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.
Using --network host means it is easier to connect to the container using the local IP address. Simple port forwarding/opening will suffice.
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.
However, it exposes all ports on the container locally, and there may also be conflicts with local ports.
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.
I am working on this currently but the LocalNetworking approach doesn't work. It probably need manipulation of the firewall with templates.
=== Login to container===
If permitted, most containers can be logged into using this:
If permitted, most containers can be logged into using this:
docker exec -t -i -u root <container_name> /bin/bash
docker exec -t -i -u root <container_name> /bin/bash
===SME Server specifics===
By default Docker will store all images, containers and other data in:
By default Docker will store all images, containers and other data in:
/var/lib/docker
/var/lib/docker
'''/home/e-smith/files/docker'''
'''/home/e-smith/files/docker'''
===File permissions===
You may have issues writing to local filesystems from Docker images.
First add something like this to your compose file
volumes:
- /opt/uploads/:/opt/uploads/
You may need to find out what permissions are required.
In RocketChat I had to add a dummy user and group like this
mkdir -p /opt/uploads
chmod 0777 /opt/uploads
I then could upload and check the ID that docker users. I thins case it was 65533
So I then did:
groupadd -g 65553 rocketchat
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat
chmod 0744 /opt/uploads
And then test again.
==Using a Docker image==
===Using a Docker image===
You should generally be prefer to use docker-compose for images.
You should generally be prefer to use docker-compose for images.
==Building your own images==
* Notes
Manual, or..
https://github.com/docker/fig
==Related articles of interest==
* [http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ Container storage and (re)size]
===Setting up a (Private) Docker repository===
TBA
* https://blog.codecentric.de/en/2014/02/docker-registry-run-private-docker-image-repository/
==='Proposal test image:'===
An application that requires Java, PHP, Apache, MySQL and LDAP. The localhost MySQL and localhost LDAP should be used by the application. The application should be publicly available either on a subdomain or specific port on the FQDN. The application should only be available between 08:00AM until 19:00PM.
All application data should be incorporated by the default SME Sever backup mechanisms, including the image itself.
* Building the image based on centos6
* Configure networking, bridges and ports
* Start/restart and stop syntax of the application
* Configure cron
===general===
==General old notes==
The following methods and notes are left for reference.
The following methods and notes are left for reference.
docker search centos
docker search centos
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.
===Downloading a docker image===
===Downloading a docker image===
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash
==Challenges==
===Docker Compose===
https://github.com/docker/compose/releases/tag/1.29.2
https://github.com/docker/compose/releases/tag/1.29.2
chmod +x /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
==Shipyard web GUI==
===Shipyard web GUI===
Deprecated
Deprecated
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]
There is a separate page on how to install Shipyard, the Docker web GUI [http://wiki.contribs.org/Shipyard here]
==Related articles of interest==
===Issues===
==Issues==
This was a v9 issue. Leaving for reference.
This was a v9 issue. Leaving for reference.
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.
===Repo setup===
===Repo setup===
Name 'Docker Stable' \
Name 'Docker Stable' \
Visible yes \
Visible yes \
status disabled
status enabled
signal-event yum-modify
signal-event yum-modify
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli
yum --enablerepo=extras,docker-ce-stable install docker-ce docker-ce-cli
or to try with the smeserver-docker contrib - still modifying this
yum --enablerepo=extras,smetest install smeserver-docker
So we get a service in /etc/systemd/system-preset/49-koozali.preset
So we get a service in /etc/systemd/system-preset/49-koozali.preset
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/24 -o eth0 -j MASQUERADE
An alternative which I use on RocketChat is to proxy calls using mod_proxy_tunnel.so
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod
{
# Load wstunnel if available
if ( -e '/usr/lib64/httpd/modules/mod_proxy_wstunnel.so' ||
-e '/usr/lib/httpd/modules/mod_proxy_wstunnel.so') {
$OUT .= "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so\n";
}
}
You can then use some custom httpd templates to create a proxy pass virtual host.
===Docker Compose===
===Docker Compose===
[Install]
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target
==Bugs==
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the smeserver-docker component or use
{{BugzillaFileBug|product=SME%20Contribs|component=smeserver-docker |title=this link}}.
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |disablecache=1 |component=smeserver-docker |noresultsmessage="No open bugs found."}}
==Changelog==
Only released version in smecontrib are listed here.
{{ #smechangelog: smeserver-docker }}
[[Category:Containers]]
[[Category:Containers]]
[[Category:Contrib]]
[[Category:Containers:Docker]]
[[Category:Containers:Docker]]