Docker

From SME Server
Jump to navigation Jump to search
Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


Placeholder for anything to do with Docker (https://docker.com)

Important.png Note:
All info is based on SME Server 9 only.

Your host server must have internet access.

All testing below has been done on a virtual SME9 under Virtualbox. Yes, Docker also run on VM's :-)

By NO means this is an official thing or even applicable at all. Tinkering phase only here!


About

 

Docker is an open-source project that automates the deployment of applications inside software containers, providing that way an additional layer of abstraction and automatization of operating system–level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.

Why Docker on SME Server?

Docker containers hold one or more applications (and all it's dependecies) and can be started and stopped at will. The containers, when activated, use the Linux kernel namespaces and are operating isolated from the rest of your server, except for storage/mount points and networking, depending on the configuration of the container. Some applications require special PHP versions or other modifications to your server settings that are not desirable and may effect yum updates and upgrades. Docker containers is a way to have such an application packed with all it's dependencies and run it isolated. You can have multiple containers running, depending on your server hardware capacity.

Examples:

  • ownCloud running in a container with a higher version of PHP then SME Server provides
  • A postgres application running in a container without having to install Postgres on SME Server
  • Service on demand, you can start/start (even scripted) a container when you need the service within the container
  • Move containers from one SME Server to another (Back-up or production) without installing the application itself
  • Time based service e.g. cron jobs. Only have an application running when you need it.
  • Keep SME Server's stock stability, security and flexibility, yet run exotic applications


Considerations

  • Storage of image library (local/NAS)
  • Storage of Docker application data (local/NAS)
  • Networking e.g. bridged with host, new bridge with host or port mapping
  • Stand alone all-in-on docker or linked containers
  • Security
  • Only use TRUSTED repo's with images. Who build the image, what's in it?
  • Naming convention of images to identify source(person or repo), SME version, application and version. e.g.:
owncloud-7.0.1-smeserver-9.0-john
wordpress-3.9.1-smeserver-8.1-mary
ehour-1.4.1-smeserver-9.0-richard
sharedfolders-2.1.1-smeserver-9.0-fws
frontaccounting-3.2.1-smeserver-8.1-contribsorg
  • Verification (checksum) of available images
  • Setting up trusted docker repo's
  • disable docker repo's enabled by default at installation and come up with a command that enables them a la Yum


Challenges

  • How to interact with localhost PAM or LDAP from within a container?
  • Many more...

Installation

Docker requires some RPM's that are not available in the default upstream repo's. So we need to enable the epel repo first. See epel

Then we can install Docker and it's dependencies:

yum install docker-io --enablerepo=epel
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S95docker
chkconfig docker on
service docker start

and then

docker

to see the available command line options. But first and foremost read the excellent Docker documentation


  • Note: Although we've linked the docker as service in runlevel 7, it will not pick up the config files /etc/sysconfig/docker. So Shipyard will not be able to connect to docker. Why?


Building your images


Setting up a (Private) Docker repository

TBA


Docker notes

Loose notes:

docker=service
access=public
status=enabled


Shipyard

Shipyard is a separate GUI project hosted on Github. It will allow you to manage Docker instances and images from your browser. It is not required to use and run Docker containers, for all Docker commands can be issued from the command line.

For Shipyard to be able to connect to the Docker deamon, the file /etc/sysconfig/docker has to be adjusted to enable socket support and TCP.

Templated /etc/sysconfig/docker based on below db settings

/etc/sysconfig/docker:

other_args="-H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock"

127.0.0.1 (localhost) or 0.0.0.0 (public) based on db key shipyard Access

The restart the Docker deamon:

service docker restart

For Shipyard to be able to manage (multiple) hosts, each and every hosts will need to have shipyard-agent installed.


Installation

Shipyard can be installed as a Docker application itself. We will use this way of installing Shipyard.

Issue the follwoing command as root:

docker run -i -t -v /var/run/docker.sock:/docker.sock shipyard/deploy setup

This will make Docker pull the various layers and images and combine it into fully functional webserver with the Shipyard application installed.

Loose notes:

shipyard=service
TCPPort=4243
access=public
status=enabled


Shipyard agent

About


Installation

TBA

Loose notes

shipyard-agent=service
TCPPort=8000;4500
access=public
status=enabled


Related articles of interest


Things to do