projects:zibaldone:linux:docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
projects:zibaldone:linux:docker [2022/08/17 10:40] – [docker registry (private)] sscipioniprojects:zibaldone:linux:docker [2023/04/19 08:08] (current) – [docker registry (public)] sscipioni
Line 19: Line 19:
 usermod -aG docker hass usermod -aG docker hass
 </code> </code>
 +
 +/etc/docker/daemon.json
 +<code | download>
 +{
 +  "default-address-pools":
 +  [
 +    {"base":"172.16.0.0/21","size":26}
 +  ]
 +}
 +</code>
 +
 +===== reset to factory and restart =====
 +
 +<code | download>
 +# if swarm
 +docker swarm leave --force
 +
 +systemctl stop docker
 +rm -fR /var/lib/docker/
 +ip l delete docker_gwbridge
 +ip l delete docker0
 +# and other bridges
 +systemctl start docker
 +</code>
 +
 ===== deploy ===== ===== deploy =====
  
Line 132: Line 157:
 </code> </code>
  
 +===== multi platform build =====
 +
 +Multi platform build need a docker registry, local or remote (see below)
 +
 +create a docker builder or use existing one
 +<code>
 +NAME=builder1
 +docker buildx use $NAME || docker buildx create --use --name $NAME --driver-opt network=host
 +</code>
 +
 +build from a Dockerfile and push to local registry
 +<code>
 +REGISTRY=localhost:5000
 +docker buildx build --platform=linux/amd64,linux/arm64 -t $REGISTRY/yololab/helloworld --push .
 +</code>
 ===== docker registry (private) ===== ===== docker registry (private) =====
  
Line 141: Line 181:
 # tag # tag
 docker tag hello-world docker.csgalileo.org/hello-world docker tag hello-world docker.csgalileo.org/hello-world
 +</code>
 +
 +create credentials in ~/.docker/config.json
 +<code>
 +docker login docker.csgalileo.org
 </code> </code>
  
Line 147: Line 192:
 docker push docker.csgalileo.org/hello-world docker push docker.csgalileo.org/hello-world
 </code> </code>
 +
 +get remote info with aur/reg arch program
 +<code>
 +reg ls docker.csgalileo.org
 +reg digest docker.csgalileo.org/charta/httprest
 +</code>
 +
 +docker registry on localhost
 +<file yaml docker-compose.yml>
 +services:
 +  registry:
 +    restart: no
 +    image: registry:2
 +    ports:
 +      - 5000:5000
 +    volumes:
 +      - ./data:/var/lib/registry
 +</file>
  
 ===== docker registry (public) ===== ===== docker registry (public) =====
Line 159: Line 222:
 docker push scipioit/trac:1.4.3 docker push scipioit/trac:1.4.3
 </code> </code>
 +
 +===== remote display via ssh =====
 +
 +scenario: connect to remote docker host via ssh and run X11 GUI on client ssh
 +
 +on docker host sshd edit /etc/ssh/sshd_config
 +<code>
 +X11Forwarding yes
 +X11DisplayOffset 10
 +X11UseLocalhost no
 +</code>
 +
 +on docker host create this helper script 
 +<code bash | set-display.sh>
 +XAUTH=/tmp/Xauthority
 +HOSTIP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
 +
 +AUTH_COOKIE=$(xauth list ${DISPLAY} | awk '{print $3}')
 +DISPLAY_NUMBER=$(echo $DISPLAY | cut -d. -f1 | cut -d: -f2)
 +export DISPLAY=${HOSTIP}:${DISPLAY_NUMBER}
 +touch $XAUTH
 +xauth -f $XAUTH add ${DISPLAY} MIT-MAGIC-COOKIE-1 ${AUTH_COOKIE}
 +</code>
 +
 +session from client
 +<code bash>
 +ssh -X <hostip>
 +source set-display.sh
 +docker run --rm -e DISPLAY=$DISPLAY -v $XAUTH:/root/.Xauthority  -t beezu/xeyes
 +</code>
 +
 +
 +
 ===== docker swarm ===== ===== docker swarm =====
  
   * [[https://blog.nuvotex.de/docker-swarm-preserve-client-ip-on-incoming-connections/|docker routing mesh, SNAT]]   * [[https://blog.nuvotex.de/docker-swarm-preserve-client-ip-on-incoming-connections/|docker routing mesh, SNAT]]
 +
 +/etc/docker/daemon.json
 +<code>
 +{
 +  "default-address-pools":
 +  [
 +    {"base":"172.16.0.0/21","size":26}
 +  ]
 +}
 +
 +</code>
 +
  
 init init
 <code> <code>
-docker swarm init --advertise-addr 185.91.188.93+docker swarm init --advertise-addr 10.244.0.5 --default-addr-pool 172.16.8.0/21 --default-addr-pool-mask-length 26
 </code> </code>
  
Line 229: Line 337:
 docker node ls -q | xargs docker node inspect -f '{{ .ID }} [{{ .Description.Hostname }}]: {{ range $k, $v := .Spec.Labels }}{{ $k }}={{ $v }} {{end}}' docker node ls -q | xargs docker node inspect -f '{{ .ID }} [{{ .Description.Hostname }}]: {{ range $k, $v := .Spec.Labels }}{{ $k }}={{ $v }} {{end}}'
  
 +</code>
 +
 +show service status across nodes
 +<code>
 +alias lsd='docker stack ls --format "{{.Name}}" | xargs -n1 docker stack ps --format "{{.Node}}\t{{.CurrentState}}\t{{.Name}}\t\t{{.Error}}" -f "desired-state=running"'
 +</code>
 +
 +rebalance services across nodes after a node outage
 +<code>
 +alias rebalance='docker service ls --format "{{.ID}}" | xargs -n1  docker service update --force'
 +</code>
 +
 +drain a node from containers and migrate to others
 +<code>
 +docker node update --availability drain <node>
 +
 +# re-enable node after maintenance
 +docker node update --availability active <node>
 +</code>
 +
 +get services using a particular network 'web'
 +<code>
 +docker network inspect --verbose web | jq '.[].Services | keys[]'
 +</code>
 +
 +get ip allocation in docker networks
 +<code>
 +docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker/ip-util-check
 </code> </code>
  
  • projects/zibaldone/linux/docker.1660725639.txt.gz
  • Last modified: 2022/08/17 10:40
  • by sscipioni