859
edits
Changes
Jump to navigation
Jump to search
Line 55:
Line 55: − + − + + + + + + + + + + + + − Uses config entries+ Line 71:
Line 82: − + + + − + Line 86:
Line 99: − And test:+ − − docker run hello-world − − docker ps -a − docker rm <id> − − docker images − docker rmi <id> − + Line 114:
Line 119: + + + + + + + + + + + + + + + + + + + + + + + + + Line 177:
Line 207: − + − Line 187:
Line 216: + + + + + + + + + + + + + + + + + + + + + + + + + Line 217:
Line 271: − − − Line 229:
Line 280: − Line 303:
Line 353: − − ==Challenges== − * How to interact with localhost PAM or LDAP from within a container? − − I think that you can access localhost services by adding: − − --net="host" to docker run − − This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below. − − * Many more... − Line 338:
Line 376: − ==More Old Notes=== − − The following are old notes. − − https://docs.docker.com/engine/install/centos/ − − Don't use the extras repo to install − − https://download.docker.com/linux/centos/docker-ce.repo
→config entries
===Contrib===
===Contrib===
yum --enablerepo=extras install epel-release.
yum install smeserver-extrarepositories-docker-ce
yum install smeserver-extrarepositories-docker-ce
signal-event yum-modify
signal-event yum-modify
yum --enablerepo=smecontribs install smeserver-docker
yum --enablerepo=smecontribs,extras,epel install smeserver-docker
signal-event post-upgrade;signal-event reboot
(Note the contrib is still in smetest)
(Note the contrib is still in smetest)
====Avoiding conflicts====
docker-compose templates used:
smeserver-docker
01version
10HelloWorldTest
smeserver-rocketchat
20rocketchat
====config entries====
config setprop docker iptables false/true - default false
config setprop docker iptables false/true - default false
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.
config setprop docker DockerNetwork [IP range eg 192.168.100.0/24] - defaults to dockers own choice. Range is not yet checked for validity.
There is an action smeserver-docker-update
There is an action to update the core files:
smeserver-docker-update
{{Note box: Note to self - probably needs quotes around "false" for iptables}}
{{Note box| Note to self - probably needs quotes around "false" for iptables}}
config show docker
config show docker
systemctl status docker
systemctl status docker
====Testing====
We can also use docker-compose:
We can run docker directly but the preferred method is to use compose
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml
/etc/e-smith/templates-custom/home/e-smith/files/docker/configs/docker-compose.yml
To expand the template:
signal-event smeserver-docker-compose-update
signal-event smeserver-docker-compose-update
cd /home/e-smith/files/docker/configs
cd /home/e-smith/files/docker/configs
docker-compose up -d my_hello
docker-compose up -d my_hello
Using plain docker:
docker run hello-world
Other commands:
docker ps -a
docker rm <id>
docker images
docker rmi <id>
==Things to do==
==Things to do==
Plenty
Plenty
===Challenges===
* How to interact with localhost PAM or LDAP from within a container?
I think that you can access localhost services by adding:
--net="host" to docker run
This means any services on the docker container are equally valid 'localhost' services accessible from the server itself so you need to ensure the server is properly firewalled. See Issues below.
* Many more...
If permitted, most containers can be logged into using this:
If permitted, most containers can be logged into using this:
docker exec -t -i -u root <container_name> /bin/bash
docker exec -t -i -u root <container_name> /bin/bash
===SME Server specifics===
===SME Server specifics===
'''/home/e-smith/files/docker'''
'''/home/e-smith/files/docker'''
===File permissions===
You may have issues writing to local filesystems from Docker images.
First add something like this to your compose file
volumes:
- /opt/uploads/:/opt/uploads/
You may need to find out what permissions are required.
In RocketChat I had to add a dummy user and group like this
mkdir -p /opt/uploads
chmod 0777 /opt/uploads
I then could upload and check the ID that docker users. I thins case it was 65533
So I then did:
groupadd -g 65553 rocketchat
useradd -s /sbin/nologin -u 65533 -d /dev/null -g rocketchat rocketchat
chmod 0744 /opt/uploads
And then test again.
===Using a Docker image===
===Using a Docker image===
* Start/restart and stop syntax of the application
* Start/restart and stop syntax of the application
* Configure cron
* Configure cron
==General old notes==
==General old notes==
docker search centos
docker search centos
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.
You will be flooded with available images from the Docker hub. This is because everyone can have a free account on Docker hub and create one repository for him/herself. We limit our testing to the official Centos repo. With all the other images, you are on your own and usage is at your own risk.
===Downloading a docker image===
===Downloading a docker image===
Or you could add directly from the command line
Or you could add directly from the command line
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash
docker run -i -t -dns 208.67.220.220 -dns 208.67.220.222 sme9_real:6.5 /bin/bash
===Docker Compose===
===Docker Compose===
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.
If you don't use host networking, you use the internal IP address set with docker, but this address is unknown as a local network to SME and it will block any queries emanating from the container. I am looking at this with the contrib.
===Repo setup===
===Repo setup===