Galileo Labs

User Tools

Site Tools

You are here: start » projects » zibaldone » linux » docker
projects:zibaldone:linux:docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
projects:zibaldone:linux:docker [2021/12/17 09:00] – [install] scipioprojects:zibaldone:linux:docker [2023/04/19 08:08] (current) – [docker registry (public)] sscipioni
Line 3: Line 3:
 ===== install ===== ===== install =====
  
-<code> +<code | ubuntu
-apt-get install ca-certificates curl gnupg lsb-release+apt-get install -y ca-certificates curl gnupg lsb-release
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt update apt update
-apt-get install docker-ce docker-ce-cli containerd.io+apt-get install -y docker-ce docker-ce-cli containerd.io
 mkdir /usr/local/lib/docker/cli-plugins -p mkdir /usr/local/lib/docker/cli-plugins -p
 curl -SL https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose curl -SL https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
Line 19: Line 19:
 usermod -aG docker hass usermod -aG docker hass
 </code> </code>
 +
 +/etc/docker/daemon.json
 +<code | download>
 +{
 +  "default-address-pools":
 +  [
 +    {"base":"172.16.0.0/21","size":26}
 +  ]
 +}
 +</code>
 +
 +===== reset to factory and restart =====
 +
 +<code | download>
 +# if swarm
 +docker swarm leave --force
 +
 +systemctl stop docker
 +rm -fR /var/lib/docker/
 +ip l delete docker_gwbridge
 +ip l delete docker0
 +# and other bridges
 +systemctl start docker
 +</code>
 +
 ===== deploy ===== ===== deploy =====
  
Line 130: Line 155:
 docker run --rm -it -v <old_volume>:/from -v <new_volume>:/to alpine ash -c "cd /from ; cp -av . /to" docker run --rm -it -v <old_volume>:/from -v <new_volume>:/to alpine ash -c "cd /from ; cp -av . /to"
 docker volume rm <old_volume> docker volume rm <old_volume>
 +</code>
 +
 +===== multi platform build =====
 +
 +Multi platform build need a docker registry, local or remote (see below)
 +
 +create a docker builder or use existing one
 +<code>
 +NAME=builder1
 +docker buildx use $NAME || docker buildx create --use --name $NAME --driver-opt network=host
 +</code>
 +
 +build from a Dockerfile and push to local registry
 +<code>
 +REGISTRY=localhost:5000
 +docker buildx build --platform=linux/amd64,linux/arm64 -t $REGISTRY/yololab/helloworld --push .
 +</code>
 +===== docker registry (private) =====
 +
 +create local image and tag with remote registry url
 +<code>
 +# get image from official docker registry
 +docker pull docker.io/hello-world
 +
 +# tag
 +docker tag hello-world docker.csgalileo.org/hello-world
 +</code>
 +
 +create credentials in ~/.docker/config.json
 +<code>
 +docker login docker.csgalileo.org
 +</code>
 +
 +push
 +<code>
 +docker push docker.csgalileo.org/hello-world
 +</code>
 +
 +get remote info with aur/reg arch program
 +<code>
 +reg ls docker.csgalileo.org
 +reg digest docker.csgalileo.org/charta/httprest
 +</code>
 +
 +docker registry on localhost
 +<file yaml docker-compose.yml>
 +services:
 +  registry:
 +    restart: no
 +    image: registry:2
 +    ports:
 +      - 5000:5000
 +    volumes:
 +      - ./data:/var/lib/registry
 +</file>
 +
 +===== docker registry (public) =====
 +
 +retag local builded image to remote image
 +<code | download>
 +docker tag galileo/trac:1.4.3 scipioit/trac:1.4.3
 +</code> 
 +
 +push to docker.io
 +<code | download>
 +docker push scipioit/trac:1.4.3
 +</code>
 +
 +===== remote display via ssh =====
 +
 +scenario: connect to remote docker host via ssh and run X11 GUI on client ssh
 +
 +on docker host sshd edit /etc/ssh/sshd_config
 +<code>
 +X11Forwarding yes
 +X11DisplayOffset 10
 +X11UseLocalhost no
 +</code>
 +
 +on docker host create this helper script 
 +<code bash | set-display.sh>
 +XAUTH=/tmp/Xauthority
 +HOSTIP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
 +
 +AUTH_COOKIE=$(xauth list ${DISPLAY} | awk '{print $3}')
 +DISPLAY_NUMBER=$(echo $DISPLAY | cut -d. -f1 | cut -d: -f2)
 +export DISPLAY=${HOSTIP}:${DISPLAY_NUMBER}
 +touch $XAUTH
 +xauth -f $XAUTH add ${DISPLAY} MIT-MAGIC-COOKIE-1 ${AUTH_COOKIE}
 +</code>
 +
 +session from client
 +<code bash>
 +ssh -X <hostip>
 +source set-display.sh
 +docker run --rm -e DISPLAY=$DISPLAY -v $XAUTH:/root/.Xauthority  -t beezu/xeyes
 </code> </code>
  
Line 138: Line 259:
   * [[https://blog.nuvotex.de/docker-swarm-preserve-client-ip-on-incoming-connections/|docker routing mesh, SNAT]]   * [[https://blog.nuvotex.de/docker-swarm-preserve-client-ip-on-incoming-connections/|docker routing mesh, SNAT]]
  
-init+/etc/docker/daemon.json
 <code> <code>
-docker swarm init --advertise-addr 185.91.188.93+
 +  "default-address-pools": 
 +  [ 
 +    {"base":"172.16.0.0/21","size":26} 
 +  ] 
 +}
  
 </code> </code>
  
 +
 +init
 +<code>
 +docker swarm init --advertise-addr 10.244.0.5 --default-addr-pool 172.16.8.0/21 --default-addr-pool-mask-length 26
 +</code>
  
 convert web network scoped "local" to swarm scope convert web network scoped "local" to swarm scope
-<code | download>+<code>
 docker network rm web docker network rm web
 docker network create -d overlay web docker network create -d overlay web
Line 152: Line 283:
  
 deploy compose as swarm deploy compose as swarm
-<code | download>+<code>
 cd ~/traefik cd ~/traefik
 docker stack deploy -c docker-compose.yml hosting3 docker stack deploy -c docker-compose.yml hosting3
Line 167: Line 298:
 # on manager check nodes # on manager check nodes
 docker node ls docker node ls
- 
 </code> </code>
- 
- 
  
 assign label to nodes assign label to nodes
Line 178: Line 306:
 n4z6nb6c8xi6el63a6b0vflyv *   ujitsi-dev   Ready     Active         Leader           20.10.7 n4z6nb6c8xi6el63a6b0vflyv *   ujitsi-dev   Ready     Active         Leader           20.10.7
 jen361j71yr6k96zrhx7x7b6a     ujitsireg3   Ready     Active                          20.10.12 jen361j71yr6k96zrhx7x7b6a     ujitsireg3   Ready     Active                          20.10.12
- 
  
 docker node update --label-add type=jibri jen361j71yr6k96zrhx7x7b6a docker node update --label-add type=jibri jen361j71yr6k96zrhx7x7b6a
Line 200: Line 327:
 docker service update --constraint-add 'node.labels.type == jvb' meet2_jvb docker service update --constraint-add 'node.labels.type == jvb' meet2_jvb
 </code> </code>
- 
  
 show docker services across nodes show docker services across nodes
Line 211: Line 337:
 docker node ls -q | xargs docker node inspect -f '{{ .ID }} [{{ .Description.Hostname }}]: {{ range $k, $v := .Spec.Labels }}{{ $k }}={{ $v }} {{end}}' docker node ls -q | xargs docker node inspect -f '{{ .ID }} [{{ .Description.Hostname }}]: {{ range $k, $v := .Spec.Labels }}{{ $k }}={{ $v }} {{end}}'
  
 +</code>
 +
 +show service status across nodes
 +<code>
 +alias lsd='docker stack ls --format "{{.Name}}" | xargs -n1 docker stack ps --format "{{.Node}}\t{{.CurrentState}}\t{{.Name}}\t\t{{.Error}}" -f "desired-state=running"'
 +</code>
 +
 +rebalance services across nodes after a node outage
 +<code>
 +alias rebalance='docker service ls --format "{{.ID}}" | xargs -n1  docker service update --force'
 +</code>
 +
 +drain a node from containers and migrate to others
 +<code>
 +docker node update --availability drain <node>
 +
 +# re-enable node after maintenance
 +docker node update --availability active <node>
 +</code>
 +
 +get services using a particular network 'web'
 +<code>
 +docker network inspect --verbose web | jq '.[].Services | keys[]'
 +</code>
 +
 +get ip allocation in docker networks
 +<code>
 +docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker/ip-util-check
 </code> </code>
  
projects/zibaldone/linux/docker.1639728035.txt.gz · Last modified: by scipio

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki