Talk:Docker

From SME Server
Jump to navigation Jump to search

Make use of /etc/docker/daemon.json

we currently use

  • data-root: "/home/e-smith/files/docker/data/"
  • dns: $docker{'DNS'} || ${LocalIP}
  • bip: $docker{'DockerNetwork'} (Specify network bridge IP)
  • iptables:false

we could play with

  • default-gateway
  • defaul-address-pools
  • ip
  • bridge if we require smeserver-bridge-interface or is present
  • tls                                   Use TLS; implied by --tlsverify
  • tlscacert string                     Trust certs signed only by this CA (default "~/.docker/ca.pem")
  • tlscert string                        Path to TLS certificate file (default "~/.docker/cert.pem")
  • tlskey string                         Path to TLS key file (default "~/.docker/key.pem")
  • tlsverify                             Use TLS and verify the remote
{
  "allow-nondistributable-artifacts": [],
  "api-cors-header": "",
  "authorization-plugins": [],
  "bip": "",
  "bridge": "",
  "cgroup-parent": "",
  "cluster-advertise": "",
  "cluster-store": "",
  "cluster-store-opts": {},
  "containerd": "/run/containerd/containerd.sock",
  "containerd-namespace": "docker",
  "containerd-plugin-namespace": "docker-plugins",
  "data-root": "",
  "debug": true,
  "default-address-pools": [
    {
      "base": "172.30.0.0/16",
      "size": 24
    },
    {
      "base": "172.31.0.0/16",
      "size": 24
    }
  ],
  "default-cgroupns-mode": "private",
  "default-gateway": "",
  "default-gateway-v6": "",
  "default-runtime": "runc",
  "default-shm-size": "64M",
  "default-ulimits": {
    "nofile": {
      "Hard": 64000,
      "Name": "nofile",
      "Soft": 64000
    }
  },
  "dns": [],
  "dns-opts": [],
  "dns-search": [],
  "exec-opts": [],
  "exec-root": "",
  "experimental": false,
  "features": {},
  "fixed-cidr": "",
  "fixed-cidr-v6": "",
  "group": "",
  "hosts": [],
  "icc": false,
  "init": false,
  "init-path": "/usr/libexec/docker-init",
  "insecure-registries": [],
  "ip": "0.0.0.0",
  "ip-forward": false,
  "ip-masq": false,
  "iptables": false,
  "ip6tables": false,
  "ipv6": false,
  "labels": [],
  "live-restore": true,
  "log-driver": "json-file",
  "log-level": "",
  "log-opts": {
    "cache-disabled": "false",
    "cache-max-file": "5",
    "cache-max-size": "20m",
    "cache-compress": "true",
    "env": "os,customer",
    "labels": "somelabel",
    "max-file": "5",
    "max-size": "10m"
  },
  "max-concurrent-downloads": 3,
  "max-concurrent-uploads": 5,
  "max-download-attempts": 5,
  "mtu": 0,
  "no-new-privileges": false,
  "node-generic-resources": [
    "NVIDIA-GPU=UUID1",
    "NVIDIA-GPU=UUID2"
  ],
  "oom-score-adjust": -500,
  "pidfile": "",
  "raw-logs": false,
  "registry-mirrors": [],
  "runtimes": {
    "cc-runtime": {
      "path": "/usr/bin/cc-runtime"
    },
    "custom": {
      "path": "/usr/local/bin/my-runc-replacement",
      "runtimeArgs": [
        "--debug"
      ]
    }
  },
  "seccomp-profile": "",
  "selinux-enabled": false,
  "shutdown-timeout": 15,
  "storage-driver": "",
  "storage-opts": [],
  "swarm-default-advertise-addr": "",
  "tls": true,
  "tlscacert": "",
  "tlscert": "",
  "tlskey": "",
  "tlsverify": true,
  "userland-proxy": false,
  "userland-proxy-path": "/usr/libexec/docker-proxy",
  "userns-remap": ""
}
  Warning:
You cannot set options in daemon.json that have already been set on daemon startup as a flag. On systems that use systemd to start the Docker daemon, -H is already set, so you cannot use the hosts key in daemon.json to add listening addresses. See “custom Docker daemon options” for how to accomplish this task with a systemd drop-in file.



use of jq to get and use info

list all networks id

# docker network ls|awk '(NR!=1) {print $1 }'
823d8b3f95b5
7a659867acde
8dc3ef802bb3
226506b91494

list all network names

# docker network ls|awk '(NR!=1) {print $2 }'
bridge
dockeronly_default
host
none

list all Network and Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'
{
  "Subnet": "172.17.0.0/16",
  "Gateway": "172.17.0.1"
}
{
  "Subnet": "172.18.0.0/16",
  "Gateway": "172.18.0.1"
}

list all subnet

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Subnet'
"172.17.0.0/16"
"172.18.0.0/16"

list all Gateway

# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[]'|jq ".Gateway"
"172.17.0.1"
"172.18.0.1"
# docker network inspect `docker network ls|awk '(NR!=1) {print $1 }'`|jq '.[].IPAM.Config[].Gateway'
"172.17.0.1"
"172.18.0.1"

from there we could check if all the network are indeed in db network of SME

usefull command for users

connect to a container with bash invite

docker exec -it onlyoffice bash


sources