Docker kasutamine operatsioonisüsteemiga Debian - rootless: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
| 116. rida: | 116. rida: | ||
export DOCKER_HOST=unix:///run/user/1000/docker.sock |
export DOCKER_HOST=unix:///run/user/1000/docker.sock |
||
</pre> |
</pre> |
||
| + | |||
| + | ===Kasutamine=== |
||
| + | |||
| + | rootless konteineri käivitamiseks sobib öelda |
||
| + | |||
| + | <pre> |
||
| + | kasutaja@dh-minio-01:~$ docker run -d --rm --name nginx-01 -p 8081:80 nginx |
||
| + | </pre> |
||
| + | |||
| + | tulemusena tekivad sellised protsessid |
||
| + | |||
| + | <pre> |
||
| + | kasutaja@dh-minio-01:~$ ps U kasutaja |
||
| + | PID TTY STAT TIME COMMAND |
||
| + | 803 ? Ss 0:00 /usr/lib/systemd/systemd --user |
||
| + | 805 ? S 0:00 (sd-pam) |
||
| + | 899 ? S 0:00 sshd-session: kasutaja@pts/0 |
||
| + | 900 pts/0 Ss 0:00 -bash |
||
| + | 963 ? Ssl 0:00 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopba |
||
| + | 974 ? Sl 0:00 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loo |
||
| + | 995 ? S 0:00 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 974 tap0 |
||
| + | 1003 ? Sl 0:00 dockerd |
||
| + | 1024 ? Ssl 0:02 containerd --config /run/user/1000/docker/containerd/containerd.toml |
||
| + | 1397 ? Ss 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
||
| + | 1511 ? Sl 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 93cca0a8735da63c32ae4e132407657203e3589c452069c46d2653c968063b17 -address /run/user/1000/docker/containerd/c |
||
| + | 1537 ? Ss 0:00 nginx: master process nginx -g daemon off; |
||
| + | 1557 ? Sl 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 8081 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd |
||
| + | 1564 ? Sl 0:00 /usr/bin/docker-proxy -proto tcp -host-ip ::1 -host-port 8081 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd |
||
| + | </pre> |
||
| + | |||
| + | kus |
||
| + | |||
| + | * TODO |
||
===Kasulikud lisamaterjalid=== |
===Kasulikud lisamaterjalid=== |
||
Redaktsioon: 13. aprill 2026, kell 14:47
Sissejuhatus
TODO
Ettevalmistamine
Paigaldatakse Debian v. 13 ning tarkvara docker-ce tootja repost, 20260413 on v. 1.29
# apt-get install uidmap # modprobe nf_tables
Ning tekitamine olukorra, et arvutis on paigaldatud docker-ce tarkvara, aga ühtegi protsessi ei ole käivitatud
# systemctl disable --now docker.service docker.socket # rm /var/run/docker.sock # reboot
Rootless docker kasutamine
Logitakse süsteemi sisse kasutajana (mitte 'su - kaustaja') kuna on oluline 'systemd --user' keskkonna jaoks olulised omadused, nt
$ env | grep XDG $ XDG_RUNTIME_DIR=/run/user/1000
Paigaldame-seadistame-käivitame rootless docker lahenduse
kasutaja@dh-minio-01:~$ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/kasutaja/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/kasutaja/.config/systemd/user/docker.service; disabled; preset: enabled)
Active: active (running) since Mon 2026-04-13 14:40:20 EEST; 3s ago
Invocation: 8f913ff96e234029b5789105d9cdeb2b
Docs: https://docs.docker.com/go/rootless/
Main PID: 963 (rootlesskit)
Tasks: 34
Memory: 148M (peak: 148.5M)
CPU: 279ms
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/docker.service
├─ 963 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─ 974 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─ 995 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 974 tap0
├─1003 dockerd
└─1024 containerd --config /run/user/1000/docker/containerd/containerd.toml
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010977863+03:00" level=warning msg="WARNING: No io.max (rbps) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010983413+03:00" level=warning msg="WARNING: No io.max (wbps) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010988243+03:00" level=warning msg="WARNING: No io.max (riops) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.010992940+03:00" level=warning msg="WARNING: No io.max (wiops) support"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011008069+03:00" level=info msg="Docker daemon" commit=daa0cb7 containerd-snapshotter=true storage-driver=overlayfs version=29.4.0
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.011096574+03:00" level=info msg="Initializing buildkit"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.147325130+03:00" level=info msg="Completed buildkit initialization"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154119507+03:00" level=info msg="Daemon has completed initialization"
Apr 13 14:40:20 dh-minio-01 dockerd-rootless.sh[1003]: time="2026-04-13T14:40:20.154203253+03:00" level=info msg="API listen on /run/user/1000/docker.sock"
Apr 13 14:40:20 dh-minio-01 systemd[803]: Started docker.service - Docker Application Container Engine (Rootless).
+ DOCKER_HOST=unix:///run/user/1000/docker.sock /usr/bin/docker version
Client: Docker Engine - Community
Version: 29.4.0
API version: 1.54
Go version: go1.26.1
Git commit: 9d7ad9f
Built: Tue Apr 7 08:35:38 2026
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 29.4.0
API version: 1.54 (minimum version 1.40)
Go version: go1.26.1
Git commit: daa0cb7
Built: Tue Apr 7 08:35:38 2026
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v2.2.2
GitCommit: 301b2dac98f15c27117da5c8af12118a041a31d9
runc:
Version: 1.3.4
GitCommit: v1.3.4-0-gd6d73eb8
docker-init:
Version: 0.19.0
GitCommit: de40ad0
rootlesskit:
Version: 2.3.6
ApiVersion: 1.1.1
NetworkDriver: slirp4netns
PortDriver: builtin
StateDir: /run/user/1000/dockerd-rootless
slirp4netns:
Version: 1.2.1
GitCommit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
+ systemctl --user enable docker.service
Created symlink '/home/kasutaja/.config/systemd/user/default.target.wants/docker.service' → '/home/kasutaja/.config/systemd/user/docker.service'.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger kasutaja`
[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Using CLI context "rootless"
Current context is now "rootless"
[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH
[INFO] Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1000/docker.sock
Kasutamine
rootless konteineri käivitamiseks sobib öelda
kasutaja@dh-minio-01:~$ docker run -d --rm --name nginx-01 -p 8081:80 nginx
tulemusena tekivad sellised protsessid
kasutaja@dh-minio-01:~$ ps U kasutaja
PID TTY STAT TIME COMMAND
803 ? Ss 0:00 /usr/lib/systemd/systemd --user
805 ? S 0:00 (sd-pam)
899 ? S 0:00 sshd-session: kasutaja@pts/0
900 pts/0 Ss 0:00 -bash
963 ? Ssl 0:00 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopba
974 ? Sl 0:00 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loo
995 ? S 0:00 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 974 tap0
1003 ? Sl 0:00 dockerd
1024 ? Ssl 0:02 containerd --config /run/user/1000/docker/containerd/containerd.toml
1397 ? Ss 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
1511 ? Sl 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 93cca0a8735da63c32ae4e132407657203e3589c452069c46d2653c968063b17 -address /run/user/1000/docker/containerd/c
1537 ? Ss 0:00 nginx: master process nginx -g daemon off;
1557 ? Sl 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 8081 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd
1564 ? Sl 0:00 /usr/bin/docker-proxy -proto tcp -host-ip ::1 -host-port 8081 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd
kus
- TODO
Kasulikud lisamaterjalid
- TODO
