Docker kasutamine operatsioonisüsteemiga Ubuntu - rootless
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Ettevalmistamine
Paigaldada docker-ce tavalisel viisil ning lülitada nö süsteemne käivitamine välja, parem teha ka reboot
# systemctl disable --now docker.service docker.socket # reboot
Kasutajaks on sobiv minna käsuga
# machinectl shell imre@
imre@ubu2020:~$ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/imre/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/imre/.config/systemd/user/docker.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2021-08-08 17:02:05 UTC; 3s ago
Docs: https://docs.docker.com/go/rootless/
Main PID: 10710 (rootlesskit)
CGroup: /user.slice/user-1001.slice/user@1001.service/docker.service
├─10710 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─10722 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─10743 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 10722 tap0
├─10750 dockerd
└─10769 containerd --config /run/user/1001/docker/containerd/containerd.toml --log-level info
...
+ DOCKER_HOST=unix:///run/user/1001/docker.sock /usr/bin/docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:54:08 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:16 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
+ systemctl --user enable docker.service
Created symlink /home/imre/.config/systemd/user/default.target.wants/docker.service → /home/imre/.config/systemd/user/docker.service.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger imre`
[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH
export DOCKER_HOST=unix:///run/user/1001/docker.sock
Selleks, et kasutaja dockerindus ärkaks peale rebooti automaatselt sobib öelda
# loginctl enable-linger imre
Tulemusena moodustatakse oluline fail
root@ubu2020:~# ls -ld /var/lib/systemd/linger/* -rw-r--r-- 1 root root 0 Jun 28 2020 /var/lib/systemd/linger/imre
Kasutaja lingering olekut näeb käsu väljundist (sobib pigem anda kasutajana)
# loginctl user-status imre
Passt
TODO
Kasutamine
Konteineri töötamisega kaasnevad protsessid
$ ps aux | egrep "imre|1000" imre 936 0.2 1.1 20076 11136 ? Ss 16:10 0:00 /usr/lib/systemd/systemd --user imre 937 0.0 0.3 22416 3744 ? S 16:10 0:00 (sd-pam) imre 945 0.0 1.3 1608472 13440 ? Ssl 16:10 0:00 rootlesskit --state-dir=/run/user/1115/dockerd-rootless --net=pasta --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=implicit --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh imre 958 0.0 1.1 1607064 11008 ? Sl 16:10 0:00 /proc/self/exe --state-dir=/run/user/1115/dockerd-rootless --net=pasta --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=implicit --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh imre 984 0.0 3.0 73584 29800 ? Ss 16:10 0:00 pasta --stderr --ns-ifname=tap0 --mtu=65520 --config-net --address=10.0.2.100 --netmask=24 --gateway=10.0.2.2 --dns-forward=10.0.2.3 --no-map-gw --ipv4-only --tcp-ports=auto --udp-ports=auto 958 imre 987 0.1 8.5 1930876 84460 ? Sl 16:10 0:00 dockerd imre 1100 0.1 4.7 1720300 46976 ? Ssl 16:10 0:00 containerd --config /run/user/1115/docker/containerd/containerd.toml imre 1322 0.0 1.1 1235348 11004 ? Sl 16:10 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 59bf861c8c1cdc0aeb71ae2f34728d856a5c7abe7699ae6e82979c504971d32b -address /run/user/1115/docker/containerd/containerd.sock imre 1342 0.0 0.5 9544 5120 ? Ss 16:10 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only imre 1351 0.0 0.1 2692 1280 ? Ss 16:10 0:00 /usr/bin/tini -- nsd -d -c /etc/nsd/nsd.conf imre 1384 0.0 0.4 1525276 4480 ? Sl 16:10 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 1153 -container-ip 172.18.0.2 -container-port 53 -use-listen-fd imre 1397 0.0 0.4 1599008 4608 ? Sl 16:10 0:00 /usr/bin/docker-proxy -proto udp -host-ip 0.0.0.0 -host-port 1153 -container-ip 172.18.0.2 -container-port 53 -use-listen-fd 100099 1417 0.0 1.1 33216 11392 ? S 16:10 0:00 nsd -d -c /etc/nsd/nsd.conf 100099 1419 0.0 3.5 45484 34908 ? S 16:10 0:00 nsd -d -c /etc/nsd/nsd.conf 100099 1420 0.0 0.5 61404 4976 ? S 16:10 0:00 nsd -d -c /etc/nsd/nsd.conf root 1455 0.1 0.9 15016 9060 ? Ss 16:10 0:00 sshd: imre [priv] imre 1563 0.2 0.7 15176 7432 ? S 16:10 0:00 sshd: imre@pts/0 imre 1566 0.0 0.6 12688 6272 pts/0 Ss 16:10 0:00 -bash
Kasutamine
TODO
