Docker kasutamine operatsioonisüsteemiga Debian - rootless: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Resümee puudub
27. rida: 27. rida:
 
</pre>
  
</pre>
   
  +
Paigaldame-seadistame-käivitame rootless docker lahenduse
TODO
  
  +
  +
<pre>
  +
kasutaja@dh-minio-01:~$ dockerd-rootless-setuptool.sh install
  +
[INFO] Creating /home/kasutaja/.config/systemd/user/docker.service
  +
[INFO] starting systemd service docker.service
  +
+ systemctl --user start docker.service
  +
+ sleep 3
  +
+ systemctl --user --no-pager --full status docker.service
  +
● docker.service - Docker Application Container Engine (Rootless)
  +
Loaded: loaded (/home/kasutaja/.config/systemd/user/docker.service; disabled; preset: enabled)
  +
Active: active (running) since Mon 2026-04-13 14:40:20 EEST; 3s ago
  +
Invocation: 8f913ff96e234029b5789105d9cdeb2b
  +
Docs: https://docs.docker.com/go/rootless/
  +
Main PID: 963 (rootlesskit)
  +
Tasks: 34
  +
Memory: 148M (peak: 148.5M)
  +
CPU: 279ms
  +
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/docker.service
  +
├─ 963 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
  +
├─ 974 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
  +
├─ 995 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 974 tap0
  +
├─1003 dockerd
  +
└─1024 containerd --config /run/user/1000/docker/containerd/containerd.toml
  +
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010977863+03:00" level=warning msg="WARNING: No io.max (rbps) support"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010983413+03:00" level=warning msg="WARNING: No io.max (wbps) support"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010988243+03:00" level=warning msg="WARNING: No io.max (riops) support"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010992940+03:00" level=warning msg="WARNING: No io.max (wiops) support"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011008069+03:00" level=info msg="Docker daemon" commit=daa0cb7 containerd-snapshotter=true storage-driver=overlayfs version=29.4.0
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011096574+03:00" level=info msg="Initializing buildkit"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.147325130+03:00" level=info msg="Completed buildkit initialization"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154119507+03:00" level=info msg="Daemon has completed initialization"
  +
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154203253+03:00" level=info msg="API listen on /run/user/1000/docker.sock"
  +
Apr 13 14:40:20 dh-minio-01 systemd[803]: Started docker.service - Docker Application Container Engine (Rootless).
  +
+ DOCKER_HOST=unix:///run/user/1000/docker.sock /usr/bin/docker version
  +
Client: Docker Engine - Community
  +
Version: 29.4.0
  +
API version: 1.54
  +
Go version: go1.26.1
  +
Git commit: 9d7ad9f
  +
Built: Tue Apr 7 08:35:38 2026
  +
OS/Arch: linux/amd64
  +
Context: default
  +
  +
Server: Docker Engine - Community
  +
Engine:
  +
Version: 29.4.0
  +
API version: 1.54 (minimum version 1.40)
  +
Go version: go1.26.1
  +
Git commit: daa0cb7
  +
Built: Tue Apr 7 08:35:38 2026
  +
OS/Arch: linux/amd64
  +
Experimental: false
  +
containerd:
  +
Version: v2.2.2
  +
GitCommit: 301b2dac98f15c27117da5c8af12118a041a31d9
  +
runc:
  +
Version: 1.3.4
  +
GitCommit: v1.3.4-0-gd6d73eb8
  +
docker-init:
  +
Version: 0.19.0
  +
GitCommit: de40ad0
  +
rootlesskit:
  +
Version: 2.3.6
  +
ApiVersion: 1.1.1
  +
NetworkDriver: slirp4netns
  +
PortDriver: builtin
  +
StateDir: /run/user/1000/dockerd-rootless
  +
slirp4netns:
  +
Version: 1.2.1
  +
GitCommit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
  +
+ systemctl --user enable docker.service
  +
Created symlink '/home/kasutaja/.config/systemd/user/default.target.wants/docker.service' → '/home/kasutaja/.config/systemd/user/docker.service'.
  +
[INFO] Installed docker.service successfully.
  +
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
  +
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger kasutaja`
  +
  +
[INFO] Creating CLI context "rootless"
  +
Successfully created context "rootless"
  +
[INFO] Using CLI context "rootless"
  +
Current context is now "rootless"
  +
  +
[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
  +
export PATH=/usr/bin:$PATH
  +
  +
[INFO] Some applications may require the following environment variable too:
  +
export DOCKER_HOST=unix:///run/user/1000/docker.sock
  +
</pre>
   
 
===Kasulikud lisamaterjalid===
  
===Kasulikud lisamaterjalid===

Redaktsioon: 13. aprill 2026, kell 14:40

Sissejuhatus

TODO

Ettevalmistamine

Paigaldatakse Debian v. 13 ning tarkvara docker-ce tootja repost, 20260413 on v. 1.29 

# apt-get install uidmap
# modprobe nf_tables

Ning tekitamine olukorra, et arvutis on paigaldatud docker-ce tarkvara, aga ühtegi protsessi ei ole käivitatud 

# systemctl disable --now docker.service docker.socket
# rm /var/run/docker.sock
# reboot

Rootless docker kasutamine

Logitakse süsteemi sisse kasutajana (mitte 'su - kaustaja') kuna on oluline 'systemd --user' keskkonna jaoks olulised omadused, nt 

$ env | grep XDG
$ XDG_RUNTIME_DIR=/run/user/1000

Paigaldame-seadistame-käivitame rootless docker lahenduse 

kasutaja@dh-minio-01:~$ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/kasutaja/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
     Loaded: loaded (/home/kasutaja/.config/systemd/user/docker.service; disabled; preset: enabled)
     Active: active (running) since Mon 2026-04-13 14:40:20 EEST; 3s ago
 Invocation: 8f913ff96e234029b5789105d9cdeb2b
       Docs: https://docs.docker.com/go/rootless/
   Main PID: 963 (rootlesskit)
      Tasks: 34
     Memory: 148M (peak: 148.5M)
        CPU: 279ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/docker.service
             ├─ 963 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
             ├─ 974 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
             ├─ 995 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 974 tap0
             ├─1003 dockerd
             └─1024 containerd --config /run/user/1000/docker/containerd/containerd.toml

Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010977863+03:00" level=warning msg="WARNING: No io.max (rbps) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010983413+03:00" level=warning msg="WARNING: No io.max (wbps) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010988243+03:00" level=warning msg="WARNING: No io.max (riops) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010992940+03:00" level=warning msg="WARNING: No io.max (wiops) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011008069+03:00" level=info msg="Docker daemon" commit=daa0cb7 containerd-snapshotter=true storage-driver=overlayfs version=29.4.0
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011096574+03:00" level=info msg="Initializing buildkit"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.147325130+03:00" level=info msg="Completed buildkit initialization"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154119507+03:00" level=info msg="Daemon has completed initialization"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154203253+03:00" level=info msg="API listen on /run/user/1000/docker.sock"
Apr 13 14:40:20 dh-minio-01 systemd[803]: Started docker.service - Docker Application Container Engine (Rootless).
+ DOCKER_HOST=unix:///run/user/1000/docker.sock /usr/bin/docker version
Client: Docker Engine - Community
 Version:           29.4.0
 API version:       1.54
 Go version:        go1.26.1
 Git commit:        9d7ad9f
 Built:             Tue Apr  7 08:35:38 2026
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          29.4.0
  API version:      1.54 (minimum version 1.40)
  Go version:       go1.26.1
  Git commit:       daa0cb7
  Built:            Tue Apr  7 08:35:38 2026
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.2.2
  GitCommit:        301b2dac98f15c27117da5c8af12118a041a31d9
 runc:
  Version:          1.3.4
  GitCommit:        v1.3.4-0-gd6d73eb8
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.3.6
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /run/user/1000/dockerd-rootless
 slirp4netns:
  Version:          1.2.1
  GitCommit:        09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
+ systemctl --user enable docker.service
Created symlink '/home/kasutaja/.config/systemd/user/default.target.wants/docker.service' → '/home/kasutaja/.config/systemd/user/docker.service'.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger kasutaja`

[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Using CLI context "rootless"
Current context is now "rootless"

[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH

[INFO] Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1000/docker.sock

Kasulikud lisamaterjalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Docker_kasutamine_operatsioonisüsteemiga_Debian_-_rootless&oldid=3179"