Docker: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 1: | Line 1: | ||
< | <syntaxhighlight lang="bash"> | ||
sudo usermod -aG docker $USER | sudo usermod -aG docker $USER | ||
newgrp docker | newgrp docker | ||
Line 9: | Line 9: | ||
sudo systemctl daemon-reload | sudo systemctl daemon-reload | ||
sudo systemctl restart docker.service | sudo systemctl restart docker.service | ||
</ | </syntaxhighlight> | ||
==Windows 10 Home== | ==Windows 10 Home== | ||
< | <syntaxhighlight lang="powershell"> | ||
# powershell | # powershell | ||
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart | dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart | ||
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart | dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart | ||
wsl --set-default-version 2 | wsl --set-default-version 2 | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="powershell"> | ||
# powershell | # powershell | ||
docker pull hello-world | docker pull hello-world | ||
docker run -it --rm --name hello hello-world:latest | docker run -it --rm --name hello hello-world:latest | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
# gitbash | # gitbash | ||
winpty docker pull hello-world | winpty docker pull hello-world | ||
winpty docker run -it --rm --name hello hello-world:latest | winpty docker run -it --rm --name hello hello-world:latest | ||
</ | </syntaxhighlight> | ||
==Networking== | ==Networking== | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="json"> | ||
cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null | cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null | ||
{ | { | ||
Line 46: | Line 46: | ||
} | } | ||
EOF | EOF | ||
</ | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="json"> | ||
cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null | cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null | ||
{ | { | ||
Line 61: | Line 61: | ||
} | } | ||
EOF | EOF | ||
</ | </syntaxhighlight> | ||
|} | |} | ||
< | <syntaxhighlight lang="bash"> | ||
apt install -y iputils | apt install -y iputils | ||
iptables -t nat -S | iptables -t nat -S | ||
Line 76: | Line 76: | ||
docker run --rm --detach --publish 1983:80 --net=ckn.b00 --ip 10.20.15.10 nginx | docker run --rm --detach --publish 1983:80 --net=ckn.b00 --ip 10.20.15.10 nginx | ||
docker run --rm --detach --publish 1983:80 --net=ckn.b01 --ip 10.20.16.10 nginx | docker run --rm --detach --publish 1983:80 --net=ckn.b01 --ip 10.20.16.10 nginx | ||
</ | </syntaxhighlight> | ||
===Bridge=== | ===Bridge=== | ||
< | <syntaxhighlight lang="bash"> | ||
docker network create \ | docker network create \ | ||
--driver bridge \ | --driver bridge \ | ||
Line 89: | Line 89: | ||
--opt com.docker.network.bridge.host_binding_ipv4=0.0.0.0 \ | --opt com.docker.network.bridge.host_binding_ipv4=0.0.0.0 \ | ||
--opt com.docker.network.bridge.name=ckn.b00 ckn.b00 | --opt com.docker.network.bridge.name=ckn.b00 ckn.b00 | ||
</ | </syntaxhighlight> | ||
---- | ---- | ||
===MAC VLAN=== | ===MAC VLAN=== | ||
'''Bridge mode''' | '''Bridge mode''' | ||
< | <syntaxhighlight lang="bash"> | ||
docker network create \ | docker network create \ | ||
--driver macvlan \ | --driver macvlan \ | ||
Line 100: | Line 100: | ||
--subnet 10.20.20.0/24 \ | --subnet 10.20.20.0/24 \ | ||
--opt parent=wlan0 ckn.v00 | --opt parent=wlan0 ckn.v00 | ||
</ | </syntaxhighlight> | ||
'''802.1q trunk bridge mode''' | '''802.1q trunk bridge mode''' | ||
< | <syntaxhighlight lang="bash"> | ||
docker network create \ | docker network create \ | ||
--driver macvlan \ | --driver macvlan \ | ||
Line 110: | Line 110: | ||
--ip-range 10.20.20.240/28 \ | --ip-range 10.20.20.240/28 \ | ||
--opt parent=wlan0.01 ckn.v01 | --opt parent=wlan0.01 ckn.v01 | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker network inspect ckn.v00 | docker network inspect ckn.v00 | ||
docker network connect ckn.v00 nginx | docker network connect ckn.v00 nginx | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker exec -it nginx ls -lah /sys/class/net/ | docker exec -it nginx ls -lah /sys/class/net/ | ||
docker exec -it nginx cat /etc/resolv.conf | docker exec -it nginx cat /etc/resolv.conf | ||
Line 126: | Line 126: | ||
curl -v http://localhost:1983 | curl -v http://localhost:1983 | ||
curl -v http://10.20.20.240 | curl -v http://10.20.20.240 | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker network disconnect bridge nginx | docker network disconnect bridge nginx | ||
docker network disconnect ckn.v00 nginx | docker network disconnect ckn.v00 nginx | ||
</ | </syntaxhighlight> | ||
---- | ---- | ||
===IP VLAN=== | ===IP VLAN=== | ||
< | <syntaxhighlight lang="bash"> | ||
docker network create -d ipvlan \ | docker network create -d ipvlan \ | ||
--subnet=10.20.1.0/24 \ | --subnet=10.20.1.0/24 \ | ||
Line 143: | Line 143: | ||
--gateway=10.20.2.254 \ | --gateway=10.20.2.254 \ | ||
--opt ipvlan_mode=l2 ckn.i00 | --opt ipvlan_mode=l2 ckn.i00 | ||
</ | </syntaxhighlight> | ||
==Cache or Mirror== | ==Cache or Mirror== | ||
< | <syntaxhighlight lang="properties"> | ||
mkdir -p /etc/docker/registry | mkdir -p /etc/docker/registry | ||
cat <<EOF > /etc/docker/registry/config.yml | cat <<EOF > /etc/docker/registry/config.yml | ||
Line 154: | Line 154: | ||
password: sadaqah! | password: sadaqah! | ||
EOF | EOF | ||
</ | </syntaxhighlight> | ||
==Add Tag & Push == | ==Add Tag & Push == | ||
< | <syntaxhighlight lang="properties"> | ||
RFIND_FILL="s|docker.chorke.com|docker.chorke.org|";\ | RFIND_FILL="s|docker.chorke.com|docker.chorke.org|";\ | ||
OLD_IMAGES="$(docker images --format 'table {{.Repository}}:{{.Tag}}'|grep chorke)";\ | OLD_IMAGES="$(docker images --format 'table {{.Repository}}:{{.Tag}}'|grep chorke)";\ | ||
Line 167: | Line 167: | ||
docker rmi ${OLD_IMAGE};\ | docker rmi ${OLD_IMAGE};\ | ||
done | done | ||
</ | </syntaxhighlight> | ||
==Troubleshoot== | ==Troubleshoot== | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash"> | ||
docker run --rm --net=host busybox nslookup google.com | docker run --rm --net=host busybox nslookup google.com | ||
docker run --rm --net=host alpine cat /etc/resolv.conf | docker run --rm --net=host alpine cat /etc/resolv.conf | ||
Line 181: | Line 181: | ||
docker run --rm --net=host alpine ip addr | docker run --rm --net=host alpine ip addr | ||
docker run --rm --net=host alpine route | docker run --rm --net=host alpine route | ||
</ | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash"> | ||
docker run --rm busybox nslookup google.com | docker run --rm busybox nslookup google.com | ||
docker run --rm alpine cat /etc/resolv.conf | docker run --rm alpine cat /etc/resolv.conf | ||
Line 193: | Line 193: | ||
docker run --rm alpine ip addr | docker run --rm alpine ip addr | ||
docker run --rm alpine route | docker run --rm alpine route | ||
</ | </syntaxhighlight> | ||
|- | |- | ||
Line 200: | Line 200: | ||
|- | |- | ||
| valign="top" colspan="2"| | | valign="top" colspan="2"| | ||
< | <syntaxhighlight lang="bash"> | ||
docker run --add-host=host.docker.internal:host-gateway\ | docker run --add-host=host.docker.internal:host-gateway\ | ||
-it --rm alpine ping host.docker.internal | -it --rm alpine ping host.docker.internal | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker run --add-host=host.docker.internal:host-gateway\ | docker run --add-host=host.docker.internal:host-gateway\ | ||
-it --rm alpine sh | -it --rm alpine sh | ||
</ | </syntaxhighlight> | ||
docker logs crawler | docker logs crawler | ||
Line 215: | Line 215: | ||
|} | |} | ||
< | <syntaxhighlight lang="bash"> | ||
export DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --iptables=false --ip-forward=false" | export DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --iptables=false --ip-forward=false" | ||
firewall-cmd --permanent --zone=trusted --change-interface=docker0 | firewall-cmd --permanent --zone=trusted --change-interface=docker0 | ||
firewall-cmd --reload | firewall-cmd --reload | ||
systemctl restart docker | systemctl restart docker | ||
</ | </syntaxhighlight> | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash"> | ||
systemctl stop docker | systemctl stop docker | ||
rm -fr /var/lib/docker | rm -fr /var/lib/docker | ||
rm -fr /etc/docker | rm -fr /etc/docker | ||
pkill docker | pkill docker | ||
</ | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash"> | ||
iptables -t nat -F | iptables -t nat -F | ||
ifconfig docker0 down | ifconfig docker0 down | ||
brctl delbr docker0 | brctl delbr docker0 | ||
systemctl start docker | systemctl start docker | ||
</ | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash"> | ||
vim /etc/selinux/config | vim /etc/selinux/config | ||
shutdown -r now | shutdown -r now | ||
setenforce 0 | setenforce 0 | ||
sestatus | sestatus | ||
</ | </syntaxhighlight> | ||
|} | |} | ||
Line 256: | Line 256: | ||
==Images Path== | ==Images Path== | ||
< | <syntaxhighlight lang="properties"> | ||
Ubuntu: /var/lib/docker/ | Ubuntu: /var/lib/docker/ | ||
Fedora: /var/lib/docker/ | Fedora: /var/lib/docker/ | ||
Line 262: | Line 262: | ||
Windows: C:\ProgramData\DockerDesktop | Windows: C:\ProgramData\DockerDesktop | ||
MacOS: ~/Library/Containers/com.docker.docker/Data/vms/0/ | MacOS: ~/Library/Containers/com.docker.docker/Data/vms/0/ | ||
</ | </syntaxhighlight> | ||
==Knowledge== | ==Knowledge== | ||
< | <syntaxhighlight lang="bash"> | ||
docker network ls | docker network ls | ||
docker network prune | docker network prune | ||
Line 272: | Line 272: | ||
docker inspect nginx|grep "IPAddress" | docker inspect nginx|grep "IPAddress" | ||
docker network inspect bridge|grep "Gateway" | docker network inspect bridge|grep "Gateway" | ||
</ | </syntaxhighlight> | ||
docker rm $(docker ps -a -q) | docker rm $(docker ps -a -q) | ||
docker stop $(docker ps -a -q) | docker stop $(docker ps -a -q) | ||
< | <syntaxhighlight lang="bash"> | ||
docker inspect nginx | docker inspect nginx | ||
docker update --restart=no nginx | docker update --restart=no nginx | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker run --rm -dit --network \ | docker run --rm -dit --network \ | ||
none --name alpine alpine:latest ash;\ | none --name alpine alpine:latest ash;\ | ||
docker exec -it alpine ip link show | docker exec -it alpine ip link show | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker network create --driver bridge \ | docker network create --driver bridge \ | ||
--opt com.docker.network.bridge.name=ckn.b00 ckn.b00 | --opt com.docker.network.bridge.name=ckn.b00 ckn.b00 | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker network connect ckn.b00 nginx | docker network connect ckn.b00 nginx | ||
docker exec -it nginx cat /etc/hosts | docker exec -it nginx cat /etc/hosts | ||
Line 301: | Line 301: | ||
docker run --add-host=host.docker.internal:host-gateway\ | docker run --add-host=host.docker.internal:host-gateway\ | ||
--rm alpine ping host.docker.internal | --rm alpine ping host.docker.internal | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker cp ~/.m2/settings.xml alpine:/root/.m2/settings.xml | docker cp ~/.m2/settings.xml alpine:/root/.m2/settings.xml | ||
docker cp alpine:/root/.m2/settings.xml ~/.m2/settings.xml | docker cp alpine:/root/.m2/settings.xml ~/.m2/settings.xml | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker network disconnect bridge nginx | docker network disconnect bridge nginx | ||
docker network disconnect ckn.b00 nginx | docker network disconnect ckn.b00 nginx | ||
docker exec -it nginx ls -lah /sys/class/net/ | docker exec -it nginx ls -lah /sys/class/net/ | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker run -itd --network=ckn.b00 nginx | docker run -itd --network=ckn.b00 nginx | ||
docker network disconnect ckn.b00 nginx | docker network disconnect ckn.b00 nginx | ||
docker network connect --alias db --alias mysql ckn.b00 mysql | docker network connect --alias db --alias mysql ckn.b00 mysql | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq) | docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq) | ||
docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" | docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" | ||
Line 328: | Line 328: | ||
docker ps --format "{{.ID}}: {{.Command}}" | docker ps --format "{{.ID}}: {{.Command}}" | ||
docker ps --filter publish=80/udp | docker ps --filter publish=80/udp | ||
</ | </syntaxhighlight> | ||
==Reference== | ==Reference== | ||
Line 447: | Line 447: | ||
* [[Proxmox]] | * [[Proxmox]] | ||
* [[Juju]] | * [[Juju]] | ||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
* [[Dockerized PostgreSQL|Docker » PostgreSQL]] | |||
| valign="top" | | |||
| valign="top" | | |||
|} | |} |
Revision as of 07:39, 11 August 2024
sudo usermod -aG docker $USER
newgrp docker
mkdir "$HOME/.docker"
sudo chown "$USER":"$USER" "$HOME/.docker" -R
sudo chmod g+rwx "$HOME/.docker" -R
sudo systemctl daemon-reload
sudo systemctl restart docker.service
Windows 10 Home
# powershell
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
wsl --set-default-version 2
# powershell
docker pull hello-world
docker run -it --rm --name hello hello-world:latest
# gitbash
winpty docker pull hello-world
winpty docker run -it --rm --name hello hello-world:latest
Networking
cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
"bip" : "10.20.13.1/24",
"mtu" : 1500,
"dns" : [
"10.19.83.100",
"10.19.83.1"
],
"debug": true
}
EOF
|
cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
"mtu" : 1500,
"debug" : true,
"experimental": false,
"default-address-pools" :[{
"base" : "10.20.0.0/16",
"size" : 24
}]
}
EOF
|
apt install -y iputils
iptables -t nat -S
service docker stop
service docker start
docker run --rm --detach --publish 1983:80 nginx
docker run --rm --detach --net=host nginx
docker run --rm --detach --publish 1983:80 --net=ckn.b00 --ip 10.20.15.10 nginx
docker run --rm --detach --publish 1983:80 --net=ckn.b01 --ip 10.20.16.10 nginx
Bridge
docker network create \
--driver bridge \
--gateway 10.20.15.1 \
--subnet 10.20.15.0/24 \
--opt com.docker.network.driver.mtu=1500 \
--opt com.docker.network.bridge.enable_icc=true \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
--opt com.docker.network.bridge.host_binding_ipv4=0.0.0.0 \
--opt com.docker.network.bridge.name=ckn.b00 ckn.b00
MAC VLAN
Bridge mode
docker network create \
--driver macvlan \
--gateway 10.20.20.1 \
--subnet 10.20.20.0/24 \
--opt parent=wlan0 ckn.v00
802.1q trunk bridge mode
docker network create \
--driver macvlan \
--gateway 10.20.20.1 \
--subnet 10.20.20.0/24 \
--ip-range 10.20.20.240/28 \
--opt parent=wlan0.01 ckn.v01
docker network inspect ckn.v00
docker network connect ckn.v00 nginx
docker exec -it nginx ls -lah /sys/class/net/
docker exec -it nginx cat /etc/resolv.conf
docker inspect nginx|grep "IPAddress"
docker exec -it nginx cat /etc/hosts
curl -v http://10.20.20.240:1983
curl -v http://localhost:1983
curl -v http://10.20.20.240
docker network disconnect bridge nginx
docker network disconnect ckn.v00 nginx
IP VLAN
docker network create -d ipvlan \
--subnet=10.20.1.0/24 \
--subnet=10.20.2.0/24 \
--gateway=10.20.1.254 \
--gateway=10.20.2.254 \
--opt ipvlan_mode=l2 ckn.i00
Cache or Mirror
mkdir -p /etc/docker/registry
cat <<EOF > /etc/docker/registry/config.yml
proxy:
remoteurl: https://hub.chorke.org
username: academia
password: sadaqah!
EOF
Add Tag & Push
RFIND_FILL="s|docker.chorke.com|docker.chorke.org|";\
OLD_IMAGES="$(docker images --format 'table {{.Repository}}:{{.Tag}}'|grep chorke)";\
for OLD_IMAGE in ${OLD_IMAGES};do\
NEW_IMAGE="$(echo ${OLD_IMAGE}|sed ${RFIND_FILL})";\
docker tag ${OLD_IMAGE} ${NEW_IMAGE} &&\
docker push ${NEW_IMAGE} &&\
docker rmi ${NEW_IMAGE} &&\
docker rmi ${OLD_IMAGE};\
done
Troubleshoot
docker run --rm --net=host busybox nslookup google.com
docker run --rm --net=host alpine cat /etc/resolv.conf
docker run --rm --net=host alpine nslookup google.com
docker run --rm --net=host alpine ping google.com
docker run --rm --net=host alpine cat /etc/hosts
docker run --rm --net=host alpine ifconfig
docker run --rm --net=host alpine ip addr
docker run --rm --net=host alpine route
|
docker run --rm busybox nslookup google.com
docker run --rm alpine cat /etc/resolv.conf
docker run --rm alpine nslookup google.com
docker run --rm alpine ping google.com
docker run --rm alpine cat /etc/hosts
docker run --rm alpine ifconfig
docker run --rm alpine ip addr
docker run --rm alpine route
|
| |
docker run --add-host=host.docker.internal:host-gateway\
-it --rm alpine ping host.docker.internal
docker run --add-host=host.docker.internal:host-gateway\
-it --rm alpine sh
docker logs crawler docker logs -f crawler |
export DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --iptables=false --ip-forward=false"
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --reload
systemctl restart docker
systemctl stop docker
rm -fr /var/lib/docker
rm -fr /etc/docker
pkill docker
|
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
systemctl start docker
|
vim /etc/selinux/config
shutdown -r now
setenforce 0
sestatus
|
devil most things for docker0 bridge sudo apt remove netscript-2.4 sudo apt purge netscript-2.4 sudo apt autoremove
Ryzen AMD-V
Yes, AMD Ryzen 9 3900x supports virtualization. Almost every processors released since a long time have Virtualization. For Windows it's Vt-x or SVM(in some AMD motherboard vtx is renamed as SVM).
Images Path
Ubuntu: /var/lib/docker/
Fedora: /var/lib/docker/
Debian: /var/lib/docker/
Windows: C:\ProgramData\DockerDesktop
MacOS: ~/Library/Containers/com.docker.docker/Data/vms/0/
Knowledge
docker network ls
docker network prune
docker network rm ckn.b00 ckn.b01
docker inspect nginx|grep "IPAddress"
docker network inspect bridge|grep "Gateway"
docker rm $(docker ps -a -q) docker stop $(docker ps -a -q)
docker inspect nginx
docker update --restart=no nginx
docker run --rm -dit --network \
none --name alpine alpine:latest ash;\
docker exec -it alpine ip link show
docker network create --driver bridge \
--opt com.docker.network.bridge.name=ckn.b00 ckn.b00
docker network connect ckn.b00 nginx
docker exec -it nginx cat /etc/hosts
docker inspect nginx|grep "IPAddress"
docker exec -it nginx cat /etc/resolv.conf
docker exec -it nginx ls -lah /sys/class/net/
docker run --add-host=host.docker.internal:host-gateway\
--rm alpine ping host.docker.internal
docker cp ~/.m2/settings.xml alpine:/root/.m2/settings.xml
docker cp alpine:/root/.m2/settings.xml ~/.m2/settings.xml
docker network disconnect bridge nginx
docker network disconnect ckn.b00 nginx
docker exec -it nginx ls -lah /sys/class/net/
docker run -itd --network=ckn.b00 nginx
docker network disconnect ckn.b00 nginx
docker network connect --alias db --alias mysql ckn.b00 mysql
docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
docker ps --format "table {{.ID}}\t{{.Labels}}"
docker ps --format '{{.Names}}\t{{.Image}}'
docker ps --format "{{.ID}}: {{.Command}}"
docker ps --filter publish=80/udp